denied: Deploying to groups is a PRO-licensed feature.

问题描述：

今天接到研发同事反馈，在向私服推送docker镜像的时候，失败了，提示如下：

# docker push  nexus_ip:nexus_port/redis:9.1
The push refers to repository [nexus_ip:nexus_port/redis]
e12ede421c86: Layer already exists 
5f70bf18a086: Layer already exists 
70c7037b3004: Layer already exists 
a18156ff12b4: Layer already exists 
557a923a5471: Layer already exists 
9f8a2a353b92: Layer already exists 
cb4596cc1454: Layer already exists 
denied: Deploying to groups is a PRO-licensed feature. See https://links.sonatype.com/product-nexus-repository

根据问题提示

denied: Deploying to groups is a PRO-licensed feature. See https://links.sonatype.com/product-nexus-repository

是因为docker提交镜像被服务端拒绝。

官网说明：

“deploying to groups”是Pro许可证才具备的功能。这个功能允许用户将程序包发布到指定的组，而不是一个一个单独的设备上。
这对于大规模的部署任务非常有用，例如企业内部需要同时安装大量电脑上的程序，可以通过部署到组的方式来大大提高效率。需要注意的是，这个功能是Pro许可证才有的，如果用户只是免费使用软件，是无法享受该功能的。

但是，实际上研发人员提交的docker仓库是host模式，而不是group模式

所以真正问题不是Pro许可证问题，继续排查

尝试在其他服务器上提交docker镜像，居然能提交成功！

使用同一个nexus账号、相同的docker版本、相同的docker tag和docker push命令

在该研发人员的服务器上还是提交失败。

然后查看docker进程的状态

]# systemctl status docker -l
● docker.service
   Loaded: loaded (/etc/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since 五 2023-10-27 10:28:14 CST; 3 days ago
 Main PID: 673 (dockerd)
   Memory: 119.4M
   CGroup: /system.slice/docker.service
           ├─ 673 /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
           ├─1032 containerd --config /var/run/docker/containerd/containerd.toml --log-level info
           ├─1259 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 184bc19a6d4bbce54009593a32c13c440be5d8ebc9beefd9e774b423b49c22f4 -address /var/run/docker/containerd/containerd.sock
           ├─1261 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8ce6a4d0bb3e3112193fbe9bf0d0fa22641d3f32640a4f315c742765abd5b5da -address /var/run/docker/containerd/containerd.sock
           └─1274 /usr/bin/containerd-shim-runc-v2 -namespace moby -id f9e5682033c54f3f61b83eb3d15942dddb58839e9755ae66fca42f8afef69219 -address /var/run/docker/containerd/containerd.sock

10月 30 10:05:10 ekmp.gateway dockerd[673]: time="2023-10-30T10:05:10.106220862+08:00" level=info msg="NetworkDB stats ekmp.gateway(ffdebaeb6a4d) - netID:0qhyhejcrl4fm13l88ryyp3tj leaving:false netPeers:4 entries:8 Queue qLen:0 netMsg/s:0"
10月 30 10:10:10 ekmp.gateway dockerd[673]: time="2023-10-30T10:10:10.306062208+08:00" level=info msg="NetworkDB stats ekmp.gateway(ffdebaeb6a4d) - netID:0qhyhejcrl4fm13l88ryyp3tj leaving:false netPeers:4 entries:8 Queue qLen:0 netMsg/s:0"
10月 30 10:15:10 ekmp.gateway dockerd[673]: time="2023-10-30T10:15:10.306464767+08:00" level=info msg="NetworkDB stats ekmp.gateway(ffdebaeb6a4d) - netID:0qhyhejcrl4fm13l88ryyp3tj leaving:false netPeers:4 entries:8 Queue qLen:0 netMsg/s:0"
10月 30 10:20:10 ekmp.gateway dockerd[673]: time="2023-10-30T10:20:10.506192259+08:00" level=info msg="NetworkDB stats ekmp.gateway(ffdebaeb6a4d) - netID:0qhyhejcrl4fm13l88ryyp3tj leaving:false netPeers:4 entries:8 Queue qLen:0 netMsg/s:0"
10月 30 10:25:03 ekmp.gateway dockerd[673]: time="2023-10-30T10:25:03.048111590+08:00" level=info msg="Error logging in to endpoint, trying next endpoint" error="Get https://$nexus_ip:$nexus_port/v2/: proxyconnect tcp: tls: first record does not look like a TLS handshake"
10月 30 10:25:10 ekmp.gateway dockerd[673]: time="2023-10-30T10:25:10.706649830+08:00" level=info msg="NetworkDB stats ekmp.gateway(ffdebaeb6a4d) - netID:0qhyhejcrl4fm13l88ryyp3tj leaving:false netPeers:4 entries:8 Queue qLen:0 netMsg/s:0"
10月 30 10:26:04 ekmp.gateway dockerd[673]: time="2023-10-30T10:26:04.190923342+08:00" level=info msg="Attempting next endpoint for push after error: Get https://$nexus_ip:$nexus_port/v2/: proxyconnect tcp: tls: first record does not look like a TLS handshake"
10月 30 10:26:08 ekmp.gateway dockerd[673]: time="2023-10-30T10:26:08.769946856+08:00" level=error msg="Not continuing with push after error: denied: Deploying to groups is a PRO-licensed feature. See https://links.sonatype.com/product-nexus-repository"
10月 30 10:27:40 ekmp.gateway dockerd[673]: time="2023-10-30T10:27:40.901252384+08:00" level=info msg="Attempting next endpoint for push after error: Get https://$nexus_ip:$nexus_port/v2/: proxyconnect tcp: tls: first record does not look like a TLS handshake"
10月 30 10:27:41 ekmp.gateway dockerd[673]: time="2023-10-30T10:27:41.250421259+08:00" level=error msg="Not continuing with push after error: denied: Deploying to groups is a PRO-licensed feature. See https://links.sonatype.com/product-nexus-repository"

docker进程居然有错误日志，看了一下，居然看到了proxy字样，难道是设置了docker proxxy

查看docker service文件

# cat /etc/systemd/system/docker.service
Environment=HTTP_PROXY=http://$nexus_user:$nexus_pwd@nexus_ip:28081
Environment=HTTPS_PROXY=https://$nexus_user:$nexus_pwd@nexus_ip:28081
Environment=NO_PROXY=localhost,127.0.0.1

发现居然设置了代理，并且代理的地址是nexus docker group仓库的端口28081

这时找到问题了，把28081改成nexus docker host模式的仓库的端口

重新加载启动docker生效

# systemctl daemon-reload
# systemctl restart docker

提交docker镜像验证

]# docker push  nexus_ip:28082/redis:9.1
The push refers to repository [nexus_ip:28082/redis]
e12ede421c86: Pushed 
5f70bf18a086: Layer already exists 
70c7037b3004: Pushed 
a18156ff12b4: Pushed 
557a923a5471: Pushed 
9f8a2a353b92: Pushed 
cb4596cc1454: Pushed 
9.1: digest: sha256:2eeea39f1a2450d8e15a206a5bb2cf08a051a38904500aa7eb46d63808c2e342 size: 1779

果然提交成功了，至此问题解决了。

仅此记录，我花了2个半天的时间。