When attempting to pull public images (e.g. python:3.6, node:latest) from Docker, our GitLab runner failed with the following error message:
Running with gitlab-runner 12.2.0 (a987417a)
on GitLab Runner XYZ
Using Docker executor with image python:3.6 ... 00:17
Starting service python:3.6 ...
Pulling docker image python:3.6 ...
ERROR: Preparation failed: Error: No such image: python:3.6 (executor_docker.go:199:0s)
The cause was we exceeded Dockers pull rate limit:
Free plan – anonymous users: 100 pulls per 6 hours
Free plan – authenticated users: 200 pulls per 6
How can I check my current rate?
See https://docs.docker.com/docker-hub/download-rate-limit/#how-can-i-check-my-current-rate
How to increase the rate limit?
Authenticate with Docker Hub to increase to 200 pulls per 6 hours:
docker login
Alternatively you can cache Docker images to reduce the number of calls to DockerHub from your CI/CD infrastructure.
Related
So I am having an issue:
I have a running container of jenkins which does some CI steps
I downloaded on that jenkins container trivy inside it.
In the CI pipeline if I wish to scan a docker image with trivy it says:
FATAL scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded
OR
trivy image trivy:test
2023-01-27T13:45:57.711Z INFO Need to update DB
2023-01-27T13:45:57.711Z INFO Downloading DB...
31.14 MiB / 31.14 MiB [----------] 100.00% 1.70 MiB p/s 18s
and than stuck after that
I diagnosed the problem like that - the docker images are stored on my pc and the steps I'm running in my CI pipeline is commands that are being executed from withing my jenkins container and trivy does not recognises the image from outside the jenkins container.
so again - How the command trivy image test:test which runs from inside the jenkins container can have access to my local docker images?
Help will be appreciated:)
Try to use --timeout argument and see if it works.
I have a gitlab-ci.yml in my project.
It was passed, after every merge.
But today it faces this error:
Preparing the "docker" executor
00:31
Using Docker executor with image maven:3.6.3-jdk-11 ...
Pulling docker image maven:3.6.3-jdk-11 ...
ERROR: Preparation failed: Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (docker.go:131:3s)
Will be retried in 3s ...
What can I do for solving this?
We have two stages one to build the docker image and another one to scan it with prisma pluging.
build image :
stage('Build Docker image preproduction') {
steps {
script {
dockerImage = docker.build("${env.docker_image_name}")
}
}
}
stage('Prisma Cloud Scan') {
steps {
prismaCloudScanImage dockerAddress: "$DOCKER_HOST", image: "${env.docker_image_name}:latest", logLevel: 'debug', resultsFile: 'prisma-cloud-scan-results.json'
}
}
This works fine most of the time, but in some situation almost ( 1 over 20 ) the job failled and we get this error:
[PRISMACLOUD] Scanning images remotely on default-5mn8k
[PRISMACLOUD] Waiting for scanner to complete
[PRISMACLOUD] /home/jenkins/agent/workspace/ild_chore_add-prisma-to-pipeline/twistcli6275500796561372150 images scan otherimagename:1234 --docker-address tcp://localhost:2375 --min-scan-time 1611048549280 --ci --publish --details --address https://XXXXXXXXXprisma_host_hereXXXXX --ci-results-file prisma-cloud-scan-results.json
[ild_chore_add-prisma-to-pipeline] $ /home/jenkins/agent/workspace/ild_chore_add-prisma-to-pipeline/twistcli6275500796561372150 images scan otherimagename:1234 --docker-address tcp://localhost:2375 --min-scan-time 1611048549280 --ci --publish --details --address https://XXXXXXXXXprisma_host_hereXXXX --ci-results-file prisma-cloud-scan-results.json
[PRISMACLOUD] failed to find image otherimagename:1234
[PRISMACLOUD] Scanner failed to run properly. Status: 1
and before this message we can see in the console that the image is already present in the docker host:
+ docker build -t otherimagename:1234 .
Sending build context to Docker daemon 20.54MB
Step 1/2 : FROM nginx:stable
---> b9e1dc12387a
Step 2/2 : COPY docs /usr/share/nginx/html
---> Using cache
---> 09787d1a562e
Successfully built 09787d1a562e
Successfully tagged otherimagename:1234
Can you help me figure out what's going on? we also set up one sleep time between the two steps, but still facing the issue.
Thanks, #EFOE, this hint of the docker config helped. I ran into the same problem via Jenkins. The scans were running on Jenkins EC2 Jenkins agents, both Win and Linux for respective images. While there were no issues with the Linux image scans, the Windows scans failed to find the docker images.
I debugged the docker daemon logs on the windows EC2 agents and found that the images were actually accessible locally on those agents, but the Prisma plugin was unable to access the Docker API for the image details.
Since my agent never had any browsers installed (IE was broken), once I installed chrome as a browser, the Prisma plugin was able to access the docker images as well as perform the scans. So basically my agent needed a client to access the Docker API.
There were no issues when accessing the twistcli binaries by Prisma. Just had issues with only the Prisma Jenkins plugin for Windows.
Hopefully, this will help if someone runs into similar issues.
I have built a docker image and have committed the changes, and am attempting to push the image to my public docker hub account.
When attempting to push the image to the docker hub registry it seems to try utilise my hub username as a private server address.
What i have done done so far is run a fedora base image, make my changes and then commit the changed using docker commit dd09de55abc9 username/fedora-23-httpd
When i do this and check the image using docker images i get the output:
# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
/username/fedora-23-httpd latest 0b9b4d0b820e 21 seconds ago 468.5 MB
Then when running docker push username/fedora-23-httpd i get the message:
The push refers to a repository [username/fedora-23-httpd] (len: 1)
unable to ping registry endpoint https://username/v0/
v2 ping attempt failed with error: Get https://username/v2/: dial tcp: lookup username: No address associated with hostname
v1 ping attempt failed with error: Get https://username/v1/_ping: dial tcp: lookup username: No address associated with hostname
From other tutorials I have read my commands appear to be correct, but the output of the images command shows the repository name with a / at the start.
Can any one see what i'm doing wrong here?
removed default docker version from fedora 23 install - reinstalled using
wget -qO- https://get.docker.com/ | sh
I am asking docker to build an ASP.NET 5 beta6 application image for me at Ubuntu 14.04.1 virtual machine:
docker build -t instanceName .
using dockerfile that starts with:
FROM microsoft/aspnet:1.0.0-beta6
It responds with this message:
Sending build context to Docker daemon 124.4 kB
Sending build context to Docker daemon
Step 0 : FROM microsoft/aspnet:1.0.0-beta6
Pulling repository microsoft/aspnet
9424b500cebc: Error pulling image (1.0.0-beta6) from microsoft/aspnet, HTTP code 400
ba249489d0b6: Download complete
19de96c112fc: Download complete
b92a854a78d0: Download complete
63e9265ef57c: Error pulling dependent layers
INFO[0019] Error pulling image (1.0.0-beta6) from microsoft/aspnet, HTTP code 400
It does similar thing when I replace dockerfile definition to just FROM microsoft/aspnet.
What does it mean? If it were 404, I would understand that there is no such image. But "Bad Request"? Can I make the request... better?