I'm trying to create a multi-arch manifest with Docker, but I'm seeing the following error:
failed to configure transport: error pinging v2 registry:
Get "https://myregistry:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs instead
I've added myregistry to the insecure-registries of my Docker configuration and I can pull and push images to/from that registry.
The command I'm trying is:
docker manifest create myregistry:5000/new-image:latest --amend myregistry:5000/new-image-amd64:latest --amend myregistry:5000/new-image-arm64:latest
I will need to start a (probably) lengthy process with another team in order to have them update the certificate. So I'm wondering if I can work around this issue?
Found the issue. When creating/pushing a manifest, the flag I had to add was --insecure.
The full command is:
docker manifest create myregistry:5000/new-image:latest --amend myregistry:5000/new-image-amd64:latest --amend myregistry:5000/new-image-arm64:latest --insecure
Related
I'm trying to use TestContainers to run JUnit tests.
However, I'm getting a InternalServerErrorException: Status 500: {"message":"Get https://registry-1.docker.io/v2/: Forbidden"} error.
Please note, that I am on a secure network.
I can replicate this by doing docker pull testcontainers/ryuk on the command line.
$ docker pull testcontainers/ryuk
Using default tag: latest
Error response from daemon: Get https://registry-1.docker.io/v2/: Forbidden
However, I need it to pull from our nexus service: https://nexus.company.com/18443.
Inside the docker-compose file, I'm already using the correct nexus image path. (Verified by manually starting it with docker-compose. However TestContainers also pulls in additional images which are outside the docker-compose file. It is these images that are causing the failure.
I'd be glad for either a Docker Desktop or TestContainers configuration change that would fix this for me.
Note: I've already tried adding the host URL for nexus to the Docker Engine JSON configuration on the dashboard, with no change to the resulting error when doing docker pull.
Since the version 1.15.1 Testcontainers allow to automatically append prefixes to all docker images. In case your private registry is configured as a docker hub mirror this functionality should help with the mentioned issue.
Quote from the documentation:
You can then configure Testcontainers to apply the prefix registry.mycompany.com/mirror/ to every image that it tries to pull from Docker Hub. This can be done in one of two ways:
Setting environment variables TESTCONTAINERS_HUB_IMAGE_NAME_PREFIX=registry.mycompany.com/mirror/
Via config file, setting hub.image.name.prefix in either:
the ~/.testcontainers.properties file in your user home directory, or
a file named testcontainers.properties on the classpath
Basically set the same prefix you did for the images in your docker-compose file.
If you're stuck with older versions for some reason, a deprecated solution would be to override just the ryuk.container.image property. Read about it here.
The process is described on this page:
Add the following to your Docker daemon config:
{
"registry-mirrors": ["https://nexus.company.com:18443"]
}
Make sure to restart the daemon to apply the changes.
While trying to pull Windows images from a Private Docker Registry, I'm getting the following error
x509: certificate signed by unknown authority
I've installed the proper certificate and I can pull Linux images without any issue, but for some reason I'm unable to pull Windows ones.
My co-workers don't have this problem.
Any ideas on this one?
To add an insecure docker registry, add the file /etc/docker/daemon.json (in Linux) with the following content:
{
"insecure-registries" : [ "your.registry.host:5000" ]
}
and then you need to restart docker.
In case of Windows the file is at the following path:
C:\ProgramData\docker\config\daemon.json
In windows you can find that file in
C:\Program Files\Docker\Docker\resources\windows-daemon-options.json
Make the suggested changes by Nicola Ben and then restart the docker.
I am trying to do a push into my docker repo.
my github repo is here for reference with my jenkins file https://github.com/leeadh/braintree_example.git
However, it keeps showing this error where it a passphrase for my new root key is not created. Why is this so?
PS: to give some context my DOCKER_CONTENT_TRSUT in cmd is 0. Hence, I am unsure what is casuing this.
It seems to be a missing credentials error.
You need to set credentials to connect to your github and docker registry.
Here you can see detailed instructions for setting them up:
Github: https://gist.github.com/misterbrownlee/3708738
Docker (see Docker Host Certificate Authentication): https://jenkins.io/doc/book/using/using-credentials/
I am trying to install windowsServercore images on my WIndows 2016 server using below command.
Install-containerImage WindowsServerCore
while running it got below error message.
Install-ContainerOSImage : The term 'Install-ContainerOSImage' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Found there is a work around from article
https://social.msdn.microsoft.com/Forums/en-US/fc571caf-af13-45ed-a021-cfcfcf532645/the-term-installcontainerosimage-is-not-recognized-as-the-name-of-a-cmdlet-on-build-build-14385?forum=windowscontainers
While running the commands from the new article, getting different error message.
docker load -i nanoserver.tar.gz
58684737b3d1: Loading layer [==================================================>] 358.4 MB/358.4 MB
re-exec error: exit status 1: output: ProcessBaseLayer C:\ProgramData\docker\windowsfilter\dc41572502daedc9c628b56d1f369
ee804e901159b053d5e082e31e339ae822d: A required certificate is not within its validity period when verifying against the
current system clock or the timestamp in the signed file.
My system time is correct and i am running Windows 2016 server on AWS.
Any help to fix this issue is appreciated.
You can use bellow command to pull the image to your docker host which is windows server 2016:
docker pull microsoft/windowsservercore
Use the following command:
docker run -t -i mcr.microsoft.com/windows/nanoserver:1809
This will load Nano Server from the official Microsoft DockerHub repository:
https://hub.docker.com/_/microsoft-windows-nanoserver
Trying to get a private repo running on my EC2 instance so my other docker hosts created by docker-machine can pull from the private repo. I've disabled SSL and have put up a firewall to compensate that allows my test server(the one I'm trying to pull on) to connect to my main EC2 instance (the private repo). So far I can push to the private repo where it's hosted on my main EC2 instance (was getting an EOF error before disabling SSL) but I get the following error when I run this on my text server:
docker pull ec2-xx-xx-xxx-xxx.us-west-2.compute.amazonaws.com:5000/scoredeploy
this is the error it spits out:
Error response from daemon: Get https://ec2-xx-xx-xxx-xxx.us-west-2.compute.amazonaws.com:5000/v1/_ping: EOF
Googling this error on yields results of people having similar issues, but without any fixes.
Anybody have any idea of what's going on here?
You might need to set the --insecure-registry <registry-ip>:5000 flag on the docker daemon's startup command on your non-docker-registry machine. In your case: --insecure-registry ec2-xx-xx-xxx-xxx.us-west-2.compute.amazonaws.com:5000
If you want to use your already-running docker machine, this should help you out setting the flag: https://docs.docker.com/registry/insecure/#/deploying-a-plain-http-registry
If you're using boot2docker, the file location and format is slightly different. Give this a shot if this is the case: http://www.developmentalmadness.com/2016/03/09/docker-configure-insecure-registry-in-boot2docker/
I've had issues with my docker machines not saving this setting on reboots. If you run into that issue, I'd recommend you make a new machine including the flag --engine-insecure-registry <registry-ip>:5000 in the docker-machine create command.
Best of luck!