mirror of https://github.com/docker/docs.git
69 lines
2.6 KiB
Markdown
69 lines
2.6 KiB
Markdown
---
|
|
redirect_from:
|
|
- /docker-trusted-registry/adminguide/
|
|
description: Learn how to troubleshoot your DTR installation.
|
|
keywords:
|
|
- docker, registry, monitor, troubleshoot
|
|
title: Troubleshoot Docker Trusted Registry
|
|
---
|
|
|
|
## Overlay networking
|
|
|
|
High availability in DTR depends on having overlay networking working in UCP.
|
|
To manually test that overlay networking is working in UCP run the following
|
|
commands on two different UCP machines.
|
|
|
|
```
|
|
docker run -it --rm --net dtr-ol --name overlay-test1 --entrypoint sh docker/dtr
|
|
docker run -it --rm --net dtr-ol --name overlay-test2 --entrypoint ping docker/dtr -c 3 overlay-test1
|
|
```
|
|
|
|
You can create new new overlay network for this test with `docker network create
|
|
-d overaly network-name`. You can also use any images that contain `sh` and
|
|
`ping` for this test.
|
|
|
|
If the second command succeeds, overlay networking is working.
|
|
|
|
## DTR doesn't come up after a Docker restart
|
|
|
|
This is a known issue with Docker restart policies when DTR is running on the
|
|
same machine as a UCP controller. If this happens, you can simply restart the
|
|
DTR replica from the UCP UI under "Applications". The best workaround right now
|
|
is to not run DTR on the same node as a UCP controller.
|
|
|
|
## Etcd refuses to start after a Docker restart
|
|
|
|
If you see the following log message in etcd's logs after a DTR restart it means
|
|
that your DTR replicas are on machines that don't have their clocks
|
|
synchronized. Etcd requires synchronized clocks to function correctly.
|
|
|
|
```
|
|
2016-04-27 17:56:34.086748 W | rafthttp: the clock difference against peer aa4fdaf4c562342d is too high [8.484795885s > 1s]
|
|
```
|
|
|
|
## Accessing the RethinkDB Admin UI
|
|
|
|
> Warning: This command will expose your database to the internet with no authentication. Use with caution.
|
|
|
|
Run this on the UCP node that has a DTR replica with the given replica id:
|
|
|
|
```
|
|
docker run --rm -it --net dtr-br -p 9999:8080 svendowideit/ambassador dtr-rethinkdb-$REPLICA_ID 8080
|
|
```
|
|
|
|
Options to make this more secure:
|
|
|
|
* Use `-p 127.0.0.1:9999:8080` to expose the admin UI only to localhost
|
|
* Use an SSH tunnel in combination with exposing the port only to localhost
|
|
* Use a firewall to limit which IPs are allowed to connect
|
|
* Use a second proxy with TLS and basic auth to provide secure access over the Internet
|
|
|
|
## Accessing etcd directly
|
|
|
|
You can execute etcd commands on a UCP node hosting a DTR replica using etcdctl
|
|
via the following docker command:
|
|
|
|
```
|
|
docker run --rm -v dtr-ca-$REPLICA_ID:/ca --net dtr-br -it --entrypoint /etcdctl docker/dtr-etcd:v2.2.4 --endpoint https://dtr-etcd-$REPLICA_ID.dtr-br:2379 --ca-file /ca/etcd/cert.pem --key-file /ca/etcd-client/key.pem --cert-file /ca/etcd-client/cert.pem
|
|
```
|