问题

在CentOS/RHEL/Fedora 中，尝试在 docker 存储库下搜索 docker 镜像时，返回以下错误：

# docker search centos
Error response from daemon: Get https://index.docker.io/v1/search?q=oracle%2A: dial tcp 52.72.231.247:443: getsockopt: no route to host

docker 引擎运行良好。

# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2017-11-18 06:37:54 UTC; 4min 54s ago
     Docs: https://docs.docker.com
 Main PID: 1109 (dockerd)
   Memory: 72.6M
   CGroup: /system.slice/docker.service
           ├─1109 /usr/bin/dockerd
           └─1127 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/...

此外，SELinux 设置为 Permissive 模式，并且允许 iptables 具有 Docker 流量。

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain DOCKER (1 references)
target     prot opt source               destination         
Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            
Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

为 Docker 启用代理

要使 Docker 节点与 Docker hub通信，我们需要启用代理。
当我们在防火墙环境下时，这是必需的。
有两种方法可以做到这一点。

方法一

1. 要配置 Web 代理网络选项，请创建包含以下行的插入文件 /etc/systemd/system/docker.service.d/http-proxy.conf：

# vi /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=proxy_URL:port"
Environment="HTTPS_PROXY=proxy_URL:port"

2. 将 proxy_URL 和 port 替换为 Web 代理的适当 URL 和端口号。

方法二

1. 使用任何编辑器打开文件 /etc/sysconfig/docker 并添加以下两个条目。

# vi /etc/sysconfig/docker
HTTP_PROXY="http://[proxy_IP].domain.com:80"
HTTPS_PROXY="http://[proxy_IP].domain.com:80"

2. 一旦完成停止/启动docker服务

# systemctl stop docker
# systemctl start docker