What happened:
Docker server is TCP 2376 and enable TLS
when execute dive tomcat:9-jdk21-openjdk-slim-bullseye,get error with "could not read CA certificate "~/.docker/ca.pem": open ~/.docker/ca.pem: no such file or directory". But in actural,I have ca.pem and cert.pem and key.pem under~/.dockerdirectory.
Because when execute docker ps or docker images,I can get normal output
What you expected to happen:
dive can display image content
How to reproduce it (as minimally and precisely as possible):
1.reference https://docs.docker.com/engine/security/protect-access/#use-tls-https-to-protect-the-docker-daemon-socket
2.execute dive tomcat:9-jdk21-openjdk-slim-bullseye`
Anything else we need to know?:
Environment:
OS version : Centos 9 stream
Docker version (if applicable) 27.1.1
[root@dockertest ~]# docker version
Client: Docker Engine - Community
Version: 27.1.1
API version: 1.46
Go version: go1.21.12
Git commit: 6312585
Built: Tue Jul 23 19:58:57 2024
OS/Arch: linux/amd64
Context: default
Image Source: docker://tomcat:9-jdk21-openjdk-slim-bullseye
Fetching image... (this can take a while for large images)
cannot fetch image
could not read CA certificate "~/.docker/ca.pem": open ~/.docker/ca.pem: no such file or directory
What happened: Docker server is TCP 2376 and enable TLS when execute
dive tomcat:9-jdk21-openjdk-slim-bullseye,get error with "could not read CA certificate "~/.docker/ca.pem": open ~/.docker/ca.pem: no such file or directory". But in actural,I haveca.pem and cert.pem and key.pemunder~/.dockerdirectory. Because when executedocker psordocker images,I can get normal outputWhat you expected to happen: dive can display image content
How to reproduce it (as minimally and precisely as possible): 1.reference
https://docs.docker.com/engine/security/protect-access/#use-tls-https-to-protect-the-docker-daemon-socket2.execute dive tomcat:9-jdk21-openjdk-slim-bullseye`Anything else we need to know?:
Environment:
Centos 9 stream27.1.1Server: Docker Engine - Community Engine: Version: 27.1.1 API version: 1.46 (minimum version 1.24) Go version: go1.21.12 Git commit: cc13f95 Built: Tue Jul 23 19:57:11 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.19 GitCommit: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41 runc: Version: 1.7.19 GitCommit: v1.1.13-0-g58aa920 docker-init: Version: 0.19.0 GitCommit: de40ad0
[root@dockertest ~]# dive --version dive 0.12.0
[root@dockertest .docker]# ls -l ~/.docker total 64 -r--------. 1 root root 1526 Apr 29 08:41 ca-certs.crt -rw-r--r--. 1 root root 1526 Apr 29 08:41 ca.pem -rw-r--r--. 1 root root 745 Aug 8 22:02 cert.pem -r--------. 1 root root 745 Aug 8 22:02 client.crt -rw-r-----. 1 root root 351 Aug 8 22:02 client.csr -r--------. 1 root root 241 Aug 8 22:02 client.key -rw-------. 1 root root 2439 Aug 8 22:02 client.pfx -rw-------. 1 root root 138 Aug 9 10:52 config.json drwxr-x---. 3 root root 18 Aug 8 10:17 contexts -rw-r-----. 1 root root 1686 Aug 8 22:02 docker.conf -rw-r-----. 1 root root 1326 Aug 8 22:02 docker-readme.txt -rw-r-----. 1 root root 75 Aug 8 22:02 ec_param.txt -rw-r--r--. 1 root root 241 Aug 8 22:02 key.pem -rw-r-----. 1 root root 802 Aug 8 22:02 server.crt -rw-r-----. 1 root root 355 Aug 8 22:02 server.csr -rw-------. 1 root root 241 Aug 8 22:02 server.key -rw-------. 1 root root 2471 Aug 8 22:02 server.pfx
[root@dockertest .docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE tomcat 9-jdk21-openjdk-slim-bullseye 1df941cf8cb3 11 months ago 459MB
...
Docker环境变量
export DOCKER_HOST=tcp://192.168.186.23:2376 DOCKER_TLS_VERIFY=1
[root@dockertest ~]# docker info Client: Docker Engine - Community Version: 27.1.1 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.16.1 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.29.1 Path: /usr/libexec/docker/cli-plugins/docker-compose
Server: Containers: 1 Running: 1 Paused: 0 Stopped: 0 Images: 1 Server Version: 27.1.1 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: local Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41 runc version: v1.1.13-0-g58aa920 init version: de40ad0 Security Options: seccomp Profile: builtin cgroupns Kernel Version: 5.14.0-325.el9.x86_64 Operating System: CentOS Stream 9 OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 1.894GiB Name: dockertest ID: 70f654cb-3cfe-4406-ab78-b7b232524a5d Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://s32r8oam.mirror.aliyuncs.com/ Live Restore Enabled: false
Image Source: docker://tomcat:9-jdk21-openjdk-slim-bullseye Fetching image... (this can take a while for large images) cannot fetch image could not read CA certificate "~/.docker/ca.pem": open ~/.docker/ca.pem: no such file or directory