dive icon indicating copy to clipboard operation
dive copied to clipboard
verified publisher icon wagoodman

cannot read image for docker use TLS TCP connection

Open mosaicwang opened this issue 1 year ago • 0 comments

What happened: Docker server is TCP 2376 and enable TLS when execute dive tomcat:9-jdk21-openjdk-slim-bullseye,get error with "could not read CA certificate "~/.docker/ca.pem": open ~/.docker/ca.pem: no such file or directory". But in actural,I have ca.pem and cert.pem and key.pem under ~/.dockerdirectory. Because when execute docker ps or docker images ,I can get normal output

What you expected to happen: dive can display image content

How to reproduce it (as minimally and precisely as possible): 1.reference https://docs.docker.com/engine/security/protect-access/#use-tls-https-to-protect-the-docker-daemon-socket 2.execute dive tomcat:9-jdk21-openjdk-slim-bullseye`

Anything else we need to know?:

Environment:

  • OS version : Centos 9 stream
  • Docker version (if applicable) 27.1.1
[root@dockertest ~]# docker version
Client: Docker Engine - Community
 Version:           27.1.1
 API version:       1.46
 Go version:        go1.21.12
 Git commit:        6312585
 Built:             Tue Jul 23 19:58:57 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          27.1.1
  API version:      1.46 (minimum version 1.24)
  Go version:       go1.21.12
  Git commit:       cc13f95
  Built:            Tue Jul 23 19:57:11 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.19
  GitCommit:        2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
 runc:
  Version:          1.7.19
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
  • dive version : 0.12.0
[root@dockertest ~]# dive --version
dive 0.12.0
  • Cert file list
[root@dockertest .docker]# ls -l ~/.docker
total 64
-r--------. 1 root root 1526 Apr 29 08:41 ca-certs.crt
-rw-r--r--. 1 root root 1526 Apr 29 08:41 ca.pem
-rw-r--r--. 1 root root  745 Aug  8 22:02 cert.pem
-r--------. 1 root root  745 Aug  8 22:02 client.crt
-rw-r-----. 1 root root  351 Aug  8 22:02 client.csr
-r--------. 1 root root  241 Aug  8 22:02 client.key
-rw-------. 1 root root 2439 Aug  8 22:02 client.pfx
-rw-------. 1 root root  138 Aug  9 10:52 config.json
drwxr-x---. 3 root root   18 Aug  8 10:17 contexts
-rw-r-----. 1 root root 1686 Aug  8 22:02 docker.conf
-rw-r-----. 1 root root 1326 Aug  8 22:02 docker-readme.txt
-rw-r-----. 1 root root   75 Aug  8 22:02 ec_param.txt
-rw-r--r--. 1 root root  241 Aug  8 22:02 key.pem
-rw-r-----. 1 root root  802 Aug  8 22:02 server.crt
-rw-r-----. 1 root root  355 Aug  8 22:02 server.csr
-rw-------. 1 root root  241 Aug  8 22:02 server.key
-rw-------. 1 root root 2471 Aug  8 22:02 server.pfx
  • execute docker images and ourput
[root@dockertest .docker]# docker images
REPOSITORY   TAG                             IMAGE ID       CREATED         SIZE
tomcat       9-jdk21-openjdk-slim-bullseye   1df941cf8cb3   11 months ago   459MB
  • .bashrc(part)
...
# Docker环境变量
export DOCKER_HOST=tcp://192.168.186.23:2376 DOCKER_TLS_VERIFY=1
  • docker info
[root@dockertest ~]# docker info
Client: Docker Engine - Community
 Version:    27.1.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.16.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 27.1.1
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: local
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.14.0-325.el9.x86_64
 Operating System: CentOS Stream 9
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.894GiB
 Name: dockertest
 ID: 70f654cb-3cfe-4406-ab78-b7b232524a5d
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://s32r8oam.mirror.aliyuncs.com/
 Live Restore Enabled: false
  • execute dive tomcat:9-jdk21-openjdk-slim-bullseye
Image Source: docker://tomcat:9-jdk21-openjdk-slim-bullseye
Fetching image... (this can take a while for large images)
cannot fetch image
could not read CA certificate "~/.docker/ca.pem": open ~/.docker/ca.pem: no such file or directory

mosaicwang avatar Aug 09 '24 03:08 mosaicwang