Docker Pull fail in disconnected Enviornment - docker

I have to install openshift on disconnected system so i followed following steps(original installation requires more image but for sake of understanding i am provided minimum steps)
on system with internet i did following steps
docker pull docker.io/openshift/origin-node:v3.11.0
docker save -o openshift-origin-v3.11.0-images.tar \
docker.io/openshift/origin-node:v3.11.0
on second disconnected system i did following
docker load -i openshift-origin-v3.11.0-images.tar
Now when i start script for installation it pull the images with command docker.io/openshift/origin-node:v3.11.0
which is throwing following error
Error getting v2 registry: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on [::1]:53: dial udp [::1]:53: connect: no route to host
When on second system i do docker images
[root#x ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/openshift/origin-node v3.11.0 14d965ab72d5 4 days ago 1.17 GB
Its showing me that image is available. Whats wrong here? My understanding is it should first look locally and then will check from dockerhub
Update1:
if i directly pull it saying
[root#x ~]# docker pull docker.io/openshift/origin-node:v3.11.0
Trying to pull repository docker.io/openshift/origin-node ...
Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 192.168.x.x:53: server misbehaving
I am expecting it should say
Status: Image is up to date for

I changed following in /etc/containers/registries.conf and it works
From
[registries.search]
registries = ['registry.access.redhat.com', 'docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.centos.org']
To
[registries.search]
registries = []
[registries.block]
registries = ['registry.access.redhat.com', 'docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.centos.org']

Related

Docker daemon error failing to resolve reference

i updated docker desktop today and now i can't run anything anymore with the following errors:
MBP:basic_amethyst ap$ botfront up
⠋ Checking Docker images┌──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│error: 'Error: Command failed: docker pull mongo:latest │
│Error response from daemon: failed to resolve reference "docker.io/library/mongo:latest": failed to do request: Head "https://registry-1.docker.io/v2/library/mongo/manifests/latest": proxyconnect tcp: dial tcp 172.17.0.1:3128: connect: connection refused │
│' stdout = '' stderr = 'Error response from daemon: failed to resolve reference "docker.io/library/mongo:latest": failed to do request: Head "https://registry-1.docker.io/v2/library/mongo/manifests/latest": proxyconnect tcp: dial tcp 172.17.0.1:3128: connect: connection refused│
│' │
└──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
✖ Could not download Docker images
This happened while i was trying to run botfront for rasa chatbot!
I also get the an error when running docker login (and yes i entered the correct credentials):
Error response from daemon: Get "https://registry-1.docker.io/v2/": proxyconnect tcp: dial tcp 172.17.0.1:3128: connect: connection refused
Here the infos to my system:
docker --version - Docker version 20.10.17, build 100c701 |
Docker Desktop 4.12.0 (85629) is currently the newest version available. |
MacBook Pro (13-inch, 2019,....) | Private device so no company proxy | logged in via docker desktop
And this is what i tried so far:
restarting / shutting down and booting up again the device
setting the experimental to false
uninstalled docker and docker gui and reinstalled them
Any suggestions? Thinking of downgrading to previous (working) version as last resort. Thanks!
Uninstalling and reinstalling everything docker related solved it for me!

Kubernetes deployment with Docker image

I am running Kubernetes (Minikube) on my local Mac.
I am trying to setup a deployment with Docker image and getting the below error. But, the hello-world deployment with the Docker image "gcr.io/google-samples/node-hello:1.0" works as expected.
I am able to pull the image from a console on my local machine. Am I missing any setting here?
"Failed to pull image
"docker.XYZ.com/dpace/dev/docker-service": rpc error:
code = Unknown desc = Error response from daemon: Get
https:/docker.XYZ.com/v2/: dial tcp: lookup
docker.XYZ.com on 10.0.2.3:53: read udp
10.0.2.15:59292->10.0.2.3:53: i/o timeout"
I am able to pull the image using docker pull docker.XYZ.com/dpace/dev/docker-service in my local machine without any auth issue. It doesn't need auth for pulling images.
I tried logging into Minikube VM and Docker images returns the following.
$ docker images REPOSITORY TAG
IMAGE ID CREATED SIZE
k8s.gcr.io/kubernetes-dashboard-amd64 v1.8.1
e94d2f21bc0c 3 months ago 121MB
gcr.io/google-containers/kube-addon-manager v6.5
d166ffa9201a 4 months ago 79.5MB
gcr.io/k8s-minikube/storage-provisioner v1.8.0
4689081edb10 4 months ago 80.8MB
gcr.io/k8s-minikube/storage-provisioner v1.8.1
4689081edb10 4 months ago 80.8MB
k8s.gcr.io/k8s-dns-sidecar-amd64 1.14.5
fed89e8b4248 5 months ago 41.8MB
k8s.gcr.io/k8s-dns-kube-dns-amd64 1.14.5
512cd7425a73 5 months ago 49.4MB
k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64 1.14.5
459944ce8cc4 5 months ago 41.4MB k8s.gcr.io/echoserver
1.4 a90209bb39e3 21 months ago 140MB gcr.io/google_containers/pause-amd64 3.0
99e59f495ffa 22 months ago 747kB k8s.gcr.io/pause-amd64
3.0 99e59f495ffa 22 months ago 747kB gcr.io/google-samples/node-hello 1.0
4c7ea8709739 23 months ago 644MB
Though the images are there, when I try to pull the existing image, it fails with the below error.
$ docker pull gcr.io/google-samples/node-hello:1.0 Error response from
daemon: Get https://gcr.io/v2/: dial tcp: lookup gcr.io on
10.0.2.3:53: read udp 10.0.2.15:44023->10.0.2.3:53: i/o timeout
When I try "docker login docker.XYZ.com", it prompts me to enter the credential. It throws the below error after entering the password. Same error while trying to pull the image also.
"Error response from daemon: Get https://docker.XYZ.com/v2/: dial tcp:
lookup docker.XYZ.com on 10.0.2.3:53: read udp
10.0.2.15:41849->10.0.2.3:53: i/o timeout"
The command "curl google.com" also not working. "Could not resolve
host: google.com"
Any setting to be done inside Minikube VM. I use VirtualBox.
Looks like DNS in your minikube is broken, that's why you cannot pull anything.
Here is an Issue on Github with the similar problem.
Try to update your minikube and your hypervisor (in most of cases it is Virtualbox) to the last version (check here) and recreate a cluster, it should help.

Installing Zookeeper on offline openshift

I've an Openshift Origin cluster running offline on 3 Centos 7 vm. It's working fine, I've a registry where I push my images like this :
docker login -u <username> -e <any_email_address> -p <token_value> <registry_ip>:<port>
Login is successful, then :
oc tag <image-id> <docker-registry-IP>:<port>/<project-name>/<image>
So, for nginx for example :
oc tag 49011ce3b713 172.30.222.111:5000/test/nginx
Then I push it to the internal registry :
docker push 172.30.222.111:5000/test/nginx
And finaly :
oc new-app nginx --name="nginx"
With nginx, everything is working fine, now my problem :
I'm actually wanting to put Zookeeper on it, so : I do the same steps than above, I also install "jboss/base-jdk:7" which is a dependancy of Zookeeper, problem is :
docker push 172.30.222.111:5000/test/jboss/base-jdk:7
Giving :
[root#master 994089]# docker push 172.30.222.111:5000/test/jboss/base-jdk:7
The push refers to a repository [172.30.222.111:5000/test/jboss/base-jdk]
c4c6a9114a05: Layer already exists
3bf2c105669b: Layer already exists
85c6e373d858: Layer already exists
dc1e2dcdc7b6: Layer already exists
Received unexpected HTTP status: 500 Internal Server Error
The problem seems to be the "/" here jboss**/**base-jdk:7
I also tried to push just like this :
docker push 172.30.222.111:5000/test/base-jdk:7
This is working , but Zookeeper is looking for exactly "jboss/base-jdk:7", and not just "base-jdk:7"
Finally, I'm blocked here, when trying this command : oc new-app zookeeper --name="zookeeper" --loglevel=8 --insecure-registry --allow-missing-images
I0628 14:31:54.009713 53407 dockerimagelookup.go:92] checking local Docker daemon for "jboss/base-jdk:7"
I0628 14:31:54.030546 53407 dockerimagelookup.go:380] partial match on "172.30.222.111:5000/test/base-jdk:7" with 0.375000
I0628 14:31:54.030571 53407 dockerimagelookup.go:346] exact match on "jboss/base-jdk:7"
I0628 14:31:54.030578 53407 dockerimagelookup.go:107] Found local docker image match "172.30.222.111:5000/test/base-jdk:7" with score 0.375000
I0628 14:31:54.030589 53407 dockerimagelookup.go:107] Found local docker image match "jboss/base-jdk:7" with score 0.000000
I0628 14:31:54.032799 53407 componentresolvers.go:59] Error from resolver: [can't look up Docker image "jboss/base-jdk:7": Internal error occurred: Get http://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 10.253.158.90:53: no such host]
I0628 14:31:54.032831 53407 dockerimagelookup.go:169] Added missing image match for jboss/base-jdk:7
F0628 14:31:54.032882 53407 helpers.go:110] error: can't look up Docker image "jboss/base-jdk:7": Internal error occurred: Get http://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 10.253.158.90:53: no such host
We can see that 172.30.222.111:5000/test/base-jdk:7 is found but it's not exactly what the command is looking for so it doesn't use it...
So, if you have any idea how to solve this ! :)
Resolved by upgrading to Openshift 1.5.1, previous was 1.3.1.

Docker pull failed with request canceled while waiting for connection

I am trying to pull images to default docker machine. But I always get
docker#default:/etc$ docker run hellow-world
Unable to find image 'hellow-world:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.
docker#default:/etc$
Even if i give --dns option same error
docker#default:/etc$ docker run hellow-world --dns=8.8.8.8
Unable to find image 'hellow-world:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.
docker#default:/etc$
Tried adding DNS to config.json of the default machine
"EngineOptions": {
"Dns": [
"8.8.8.8",
"8.8.4.4"
]
}
resolv.conf has following entry in default machine
docker#default:/etc$
docker#default:/etc$ cat /etc/resolv.conf
search <company name>
nameserver 10.0.2.3
docker#default:/etc$
This machine sits behind the proxy and I am using kitematic for creating default machine
Kitematic is started by a custom script which will set proxies and start kitematic
Recommended and All images are displayed at the start of kitematic. But can not pull any images
Creating new machine also gives warning
PS C:\Program Files\Docker Toolbox\kitematic> docker-machine create -d virtualbox --engine-opt dns=8.8.8.8 test
Running pre-create checks...
(test) Unable to get the latest Boot2Docker ISO release version: Get https://api.github.com/repos/boot2docker/boot2docker/releases/latest: dial tcp 192.30.253.116:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Creating machine...
(test) Unable to get the latest Boot2Docker ISO release version: Get https://api.github.com/repos/boot2docker/boot2docker/releases/latest: dial tcp 192.30.253.116:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Machine created with --dns option also has /etc/resolv.conf not as 8.8.8.8
docker#test:~$
docker#test:~$ cat /etc/resolv.conf
search <company name>
nameserver 10.0.2.3
docker#test:~$
PS:Issue solved after adding HTTP_PROXY to /var/lib/boot2docker/profile
Found solution
Either
add HTTP_PROXY to /var/lib/boot2docker/profile
or
create docker machine with --engine-env HTTP_PROXY=IP:PORT

Could not authenticate with IBM Containers registry at registry.ng.bluemix.net

When I login to the IBM containers on Bluemix, I get the following error:
cf ic login
** Retrieving client certificates from IBM Containers
** Storing client certificates in /Users/triplez/.ice/certs Successfully retrieved client certificates
** Checking local docker configuration OK
** Authenticating with registry at registry.ng.bluemix.net
Could not authenticate with IBM Containers registry at registry.ng.bluemix.net
**** exit status 1
****Error response from daemon: invalid registry endpoint registry.ng.bluemix.net/v0/: unable to ping registry endpoint
registry.ng.bluemix.net/v0/
v2 ping attempt failed with error: Get registry.ng.bluemix.net/v2/: dial tcp: lookup
registry.ng.bluemix.net on 103.11.48.126:53: read udp
103.11.48.126:53: i/o timeout
v1 ping attempt failed with error: Get registry.ng.bluemix.net/v1/_ping: dial tcp: lookup registry.ng.bluemix.net on 103.11.48.126:53: read udp
103.11.48.126:53: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add
--insecure-registry registry.ng.bluemix.net to the daemon's
arguments. In the case of HTTPS, if you have access to the registry's
CA certificate, no need for the flag; simply place the CA certificate
at /etc/docker/certs.d/registry.ng.bluemix.net/ca.crt
I've already uninstalled docker and reinstalled, giving me the same error. I've also deleted ~/.cf/config.json and ~/.ice/ice-cfg.ini and ~/.ice/certs/ and tried logging in again. I still receive the same error.
I've also tested this with ice cli with the same error.
EDITED
Tried this command:
ice login -a 'https://api.ng.bluemix.net' --registry 'registry.ng.bluemix.net' --host 'https://containers-api.ng.bluemix.net/v3/containers'
Got the same error:
Authentication with container cloud service at
containers-api.ng.bluemix.net/v3/containers completed
successfully
You can issue commands now to the container service
Proceeding to authenticate with the container cloud registry at
registry.ng.bluemix.net/v3
Error response from daemon: invalid registry endpoint
registry.ng.bluemix.net/v3/v0/:
unable to ping registry endpoint registry.ng.bluemix.net/v3/v0/
v2 ping attempt failed with error: Get registry.ng.bluemix.net/v3/v2/:
dial tcp: lookup registry.ng.bluemix.net on 192.168.0.1:53: read ump
192.168.0.1:53: i/o timeout
v1 ping attempt failed with error: Get registry.ng.bluemix.net/v3/v1/_ping: dial tcp: lookup registry.ng.bluemix.net on 192.168.0.1:53: read udp 192.168.0.1:53: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry registry.ng.bluemix.net to the daemon's arguments. In the case of
HTTPS, if you have access to the registry's CA certificate, no need
for the flag; simply place the CA certificate at
/etc/docker/certs.d/registry.ng.bluemix.net/ca.crt
docker is not available on your system or is not properly configured
Could not authenticate with cloud registry at registry.ng.bluemix.net/v3
You can still use IBM Containers but will not be able to run local docker containers, push, or pull images
It looks like the container cloud service host name is not correct.
Please try to run the ice login command as below:
ice login -a 'https://api.ng.bluemix.net' --registry 'registry.ng.bluemix.net' --host 'https://containers-api.ng.bluemix.net/v3/containers'
Based on your comment "boot2docker has been deprecated" I assume you are using Docker 1.8.
This version of Docker is not supported by IBM Containers on Bluemix yet.
Please see documentation in link below saying Docker 1.6 or 1.7 is required:
https://www.ng.bluemix.net/docs/containers/container_cli_ov.html
I know IBM Containers team is working to add support for Docker 1.8 as well. Please keep an eye on documentation for updates in the future.

Resources