Develop Reference

Docker run results in error: layer does not exist

I'm trying to setup redmine (with postgres) on my raspberry pi 3 using docker-compose. It already worked once, but then I tried to install plugins and somehow managed to bork my system.
Now it won't let me start my database container anymore. Even creating a new postgres:12.8 container, yields the error layer does not exist:
$ docker run --rm -it postgres:12.8 bash
docker: Error response from daemon: layer does not exist.
I've already restarted the system twice, which sadly didn't change anything.
How can I get this to work again?
Additional info:
$ docker info
Client:
Debug Mode: false
Server:
Containers: 5
Running: 4
Paused: 0
Stopped: 1
Images: 65
Server Version: 19.03.13
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.19.66-v7+
Operating System: Raspbian GNU/Linux 9 (stretch)
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 926.1MiB
Name: raspberrypi
ID: <redacted>
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
Update 1:
Removing the image (via docker rmi) doesn't stop the error.
$ docker run --rm -it postgres:12.8 bash
Unable to find image 'postgres:12.8' locally
12.8: Pulling from library/postgres
Digest: sha256:e10cd754296c1b3e93a121bcc64550d183df56f20bab47e08cacb123fb969b5e
Status: Downloaded newer image for postgres:12.8
docker: Error response from daemon: layer does not exist.
See 'docker run --help'.
Other images can be run as usual:
$ docker run --rm -it alpine bash
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
4ee0caa23b36: Pull complete
Digest: sha256:eb3e4e175ba6d212ba1d6e04fc0782916c08e1c9d7b45892e9796141b1d379ae
Status: Downloaded newer image for alpine:latest
/ # whoami
root
/ #

Nuking /var/lib/docker seems to get the system working again - this removes all images and lots of other docker-related data.
This doesn't feel like a great solution, but it'll have to do for now.
$ sudo service docker stop
$ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
$ sudo rm -rf /var/lib/docker
$ sudo service docker start
$ docker run --rm -it postgres:12.8 bash
Unable to find image 'postgres:12.8' locally
12.8: Pulling from library/postgres
607f77084e8a: Pull complete
ce89a6184ac9: Pull complete
2a4e6e7ac863: Pull complete
f3b6f439172b: Pull complete
2e803a3461b4: Pull complete
467430f26cab: Pull complete
1a81afc37621: Pull complete
4ceea61b7b5c: Pull complete
1f5bfa96a004: Pull complete
b40859b8e537: Pull complete
c7b3bf3cab26: Pull complete
653c63793cd5: Pull complete
aad7328542d8: Pull complete
Digest: sha256:e10cd754296c1b3e93a121bcc64550d183df56f20bab47e08cacb123fb969b5e
Status: Downloaded newer image for postgres:12.8
root#8ba418515688:/#
References:
https://github.com/coreos/bugs/issues/1808
https://github.com/coreos/bugs/issues/1313

I have the error below and a restart of docker daemon seems to fix it. Still wondering what causes it in the first place.
level=error msg="Handler for POST /v1.41/containers/create returned error: layer does not exist"

'docker: invalid reference format' when docker repository is not explicitly specified

I'm running a Docker in Docker container in kubernetes through the Gitlab CI (there is a main image and dind is as a service). In the pod I can build docker images and push them, however any further manipulation or a simple docker run triggers an error of invalid reference format.
There are two additional insecure private repositories specified in the dind service specification. If I try to run docker images without a repo prefix specified, it fails. (note that the images are there, it's just their tag which doesn't have the repo specified)
bash-4.2# docker run hello-world
docker: invalid reference format.
See 'docker run --help'.
bash-4.2# docker run docker.io/hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
bash-4.2#
I would expect the basic docker pull/run commands to pass and to use the images cached in the daemon even when their current tag doesn't contain a repository specified.
Added docker info
Containers: 3
Running: 1
Paused: 0
Stopped: 2
Images: 21
Server Version: 18.09.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.14.35-1844.3.2.el7uek.x86_64
Operating System: Alpine Linux v3.9 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 20
Total Memory: 125.5GiB
Name: runner-vppr4q7s-project-14503-concurrent-08qxbj
ID: HQ3U:HATA:TZUT:OLVS:MHRZ:F4DY:ENBD:Z5WH:FQBC:SGI3:BUUY:QIME
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
HTTP Proxy: xxxxxxxx
HTTPS Proxy: xxxxxxx
No Proxy: localhost,127.0.0.1,.xxxxxxxxxx
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
xxxxxxxxxxxx:5000
yyyyyyyyyyyy:5000
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Registries:
Additionally:
bash-4.2# docker tag docker.io/hello-world:latest hello-world:v1
Error parsing reference: "hello-world:v1" is not a valid repository/tag: invalid reference format
bash-4.2# docker tag docker.io/hello-world:latest some:2000/hello-world:v1
bash-4.2# docker tag docker.io/hello-world:latest docker.io/hello-world:v1
(ok)
And docker images doesn't show the docker.io/hello-world:latest and docker.io/hello-world:v1 but shows some:2000/hello-world:v1

Docker hello-world gives error that container /hello: no such file or directory": unknown

I am new on Docker and try to understand how it works. I installed docker to virtualbox centos 7 instance. The service is working properly but when I run hello-world image it gives following error .
[root#localhost ~]# docker run hello-world
docker: Error response from daemon: OCI runtime create failed:
container_linux.go:344: starting container process caused "exec: \"/hello\":
stat /hello: no such file or directory": unknown.
I tried $ docker system prune but didn't work again. Here is all command line history that includes system information and docker information.
[root#localhost ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
[root#localhost ~]# docker --version
Docker version 18.09.3, build 774a1f4
[root#localhost ~]# docker run hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "exec: \"/hello\": stat /hello: no such file or directory": unknown.
[root#localhost ~]# docker system prune
WARNING! This will remove:
- all stopped containers
- all networks not used by at least one container
- all dangling images
- all dangling build cache
Are you sure you want to continue? [y/N] y
Deleted Containers:
ace04702bb0e2a1997dc35a0a21c7ca49a395809e5d1da98ddc99ee16544dcc4
e70f5999470577d0eca655643b7ba2ce41ee99495bb257d8ca5f956c26a7079b
82f65c36f76cf2cbf6297a514865d45524bf3cb4472be5e5da72c632cd535a3b
Total reclaimed space: 0B
[root#localhost ~]# docker run hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "exec: \"/hello\": stat /hello: no such file or directory": unknown.
[root#localhost ~]# docker info
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 18.09.3
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e6b3f5632f50dbc4e9cb6288d911bf4f5e95b18e
runc version: 6635b4f0c6af3810594d2770f662f34ddc15b40d
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 3.701GiB
Name: localhost.localdomain
ID: R2XU:6ZAF:2UZO:QBUR:GGWW:GFIG:DHVF:5DZG:DPG2:GIKV:3GE5:NLS2
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

this is causing because of old version of CentOS.
Check https://github.com/moby/moby/issues/35906
Please upgrade your CentOS to 7.4.

After reading some documentation acknowledged that this issue has not occurred from docker but selinux configuration. It recommended that #sestatus Current Mode should be permissive but it was enforcing in my case. I think this makes all error halts process rather than logging. So
#setenforce 0
#docker system prune -a
it works!
Thanks for all help on this issue.

sha256 of locally built docker image

How do I get the sha256 checksum of an already locally built docker image?
I want to use the checksum to annotate a FROM instruction in a derived image:
FROM name#sha256:checksum
I already tried checksums from docker inspect.
Neither the first nor the last of the checksums in the Layers list worked.
The one in "Id" did not work.
The one in "Parent" did not work.
The one in "Container" did not work.
The one in "Image" did not work.
Some of them I only tried out of desperation to finally find the correct checksum for my docker image, but I cannot find the correct checksum. Only thing I did not try yet, because of the number of layers, is to go through all of the layers in case they are in a random order. But to put them there like that would not make sense to begin with.
The error I see when I run docker build -t <some name> . in the directory of the Dockerfile of the derived image when it is not working is:
Step 1/7 : FROM name#sha256:<checksum> repository name not found: does not exist or no pull access
Info
Docker version: Docker version 17.05.0-ce, build 89658be (obtained via docker --version)
Output of docker info:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 3841
Server Version: 17.05.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 2620
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9048e5e50717ea4497b757314bad98ea3763c145
runc version: 9c2d8d184e5da67c95d601382adf14862e4f2228
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-78-generic
Operating System: Ubuntu 16.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.684GiB
Name: xiaolong-hp-pavilion
ID: QCJS:JPK4:KC7J:6MYF:WWCA:XQM2:7AF7:HWWI:BRZK:GT6B:D2NP:OJFS
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support

The checksum docker is looking for in the FROM line comes from the registry server. In the inspect output, you'll see this in the RepoDigest section:
docker inspect -f '{{.RepoDigests}}' $image_name
If you haven't pushed this image to a registry server, then you won't be able to use this hash value.
E.g.:
$ docker inspect -f '{{.RepoDigests}}' busybox:latest
[busybox#sha256:32f093055929dbc23dec4d03e09dfe971f5973a9ca5cf059cbfb644c206aa83f]
$ cat df.testsha
FROM busybox#sha256:32f093055929dbc23dec4d03e09dfe971f5973a9ca5cf059cbfb644c206aa83f
CMD echo "hello world"
$ docker build -f df.testsha -t test-sha .
Sending build context to Docker daemon 23.35MB
Step 1/2 : FROM busybox#sha256:32f093055929dbc23dec4d03e09dfe971f5973a9ca5cf059cbfb644c206aa83f
---> 00f017a8c2a6
Step 2/2 : CMD echo "hello world"
---> Running in c516e5b6a694
---> 68dc47866183
Removing intermediate container c516e5b6a694
Successfully built 68dc47866183
Successfully tagged test-sha:latest
$ docker run --rm test-sha
hello world

Can not pull/push images after update docker to 1.12

The private registry was worked well based on docker 1.10.3,but I can not pull/push images after the docker updated to 1.12.0.
I had modified the /etc/sysconfig/docker as:
OPTIONS='--selinux-enabled=true --insecure-registry=myip:5000'
or
OPTIONS='--selinux-enabled=true --insecure-registry myip:5000'
but when I exec pull/push,I got this error:
$ docker pull myip:5000/cadvisor
Using default tag: latest
Error response from daemon: Get https://myip:5000/v1/_ping: http: server gave HTTP response to HTTPS client
when I change back docker to 1.10.3, it still work well as below:
$ docker pull myip:5000/cadvisor
Using default tag: latest
Trying to pull repository myip:5000/cadvisor ...
latest: Pulling from myip:5000/cadvisor
09d0220f4043: Pull complete
a3ed95caeb02: Pull complete
151807d34af9: Pull complete
14cd28dce332: Pull complete
Digest:
sha256:33b6475cd5b7646b3748097af1224de3eee3ba7cf5105524d95c0cf135f59b47
Status: Downloaded newer image for myip/cadvisor:latest
Some relative information are listed below:
docker version
Client:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:
OS/Arch: linux/amd64
Server:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:
OS/Arch: linux/amd64
docker info
Containers: 4
Running: 1
Paused: 0
Stopped: 3
Images: 241
Server Version: 1.12.0
Storage Driver: devicemapper
Pool Name: docker-253:0-6809-pool
Pool Blocksize: 65.54 kB
Base Device Size: 107.4 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 5.459 GB
Data Space Total: 107.4 GB
Data Space Available: 34.74 GB
Metadata Space Used: 9.912 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.138 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use '--storage-opt dm.thinpooldev' to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2016-06-09)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: host overlay null bridge
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-229.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 24
Total Memory: 62.39 GiB
Name: server_3
ID: TITS:BL4B:M5FE:CIRO:5SW6:TVIV:HW36:J7OS:WLHF:46T6:2RBA:WCNV
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 21
Goroutines: 32
System Time: 2016-08-02T10:33:06.414048675+08:00
EventsListeners: 0
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
127.0.0.0/8
docker exec <registry-container> registry -version
registry github.com/docker/distribution v2.2.1
After I restart the docker daemon in debug mode, the daemon logs when reproducing my problem are listed below:
DEBU[0794] Calling POST /v1.24/images/create?fromImage=10.10.10.40%3A5000%2Fcadvisor&tag=latest
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000
DEBU[0794] Trying to pull 10.10.10.40:5000/cadvisor from https://10.10.10.40:5000 v2
WARN[0794] Error getting v2 registry: Get https://10.10.10.40:5000/v2/: http: server gave HTTP response to HTTPS client
ERRO[0794] Attempting next endpoint for pull after error: Get https://10.10.10.40:5000/v2/: http: server gave HTTP response to HTTPS client
DEBU[0794] Trying to pull 10.10.10.40:5000/cadvisor from https://10.10.10.40:5000 v1
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000
DEBU[0794] attempting v1 ping for registry endpoint https://10.10.10.40:5000/v1/
DEBU[0794] Fallback from error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client
ERRO[0794] Attempting next endpoint for pull after error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client
ERRO[0794] Handler for POST /v1.24/images/create returned error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client
DEBU[1201] clean 2 unused exec commands
What's more, I just run a simple command to launch the private registry for test, anything else is by default:
docker run -d -p 5000:5000 --restart=always --name registry -v 'pwd'/data:/var/lib/registry registry:2
No proxy is configured. In summary, it is only a quiet sample environment for test.

I had the same issue.
This helped for me:
Create or modify /etc/docker/daemon.json on the client machine
{ "insecure-registries":["myregistry.example.com:5000"] }
Restart docker daemon
sudo /etc/init.d/docker restart

For Windows users
Add local registry here and apply:

For Mac Users:
Update the docker preferences using the (docker) icon in top bar
Preferences -> Daemon -> Insecure Registry [Click (+) sign] -> add :port
hit "Apply & Restart" button at bottom

I also had same issue and followed below steps:
1. Create file
vi /etc/docker/daemon.json
2. Add below content
{
"insecure-registries":["192.168.1.142:5000"]
}
3.Restart Docker
service docker restart

If you are using Windows and you get this error you need to create a file here: "C:\ProgramData\docker\config\daemon.json"
and do the same as #Bspec mentioned above:
{ "insecure-registries":["myregistry.example.com:5000"] }
Then restart docker using PowerShell commands:
Stop-Service docker
Start-Service docker

modifying "/etc/docker/daemon.json" didn't work for me.
Putting it under "/etc/sysconfig/docker" as below, worked.
INSECURE_REGISTRY="--insecure-registry 192.168.24.1:8787"

In order to push, add the ip to insecure registry on the client side (e.g. for Windows)
To pull, add it to the server side (in this case Ubuntu)
vim /etc/docker/daemon.json
and then restart Docker.

None of the solutions worked on Ubuntu 18.04 so spend some time to find the root cause.
Steps to solve an issue
sudo vi /lib/systemd/system/docker.service
# ExecStart=dockerd .... --insecure-registry=192.168.99.100:5000
sudo systemctl stop docker.service
sudo systemctl daemon-reload
sudo systemctl start docker.service
What was the issue?
I would recommend to check where exactly dockerd options are configured regardless of you Linux distribution with:
sudo find /etc /lib -name 'docker*' | while read -r line; do grep dockerd $line /dev/null; done

first test localy
docker push localhost:5000/<ImageName>
if docker pushed is Done going to another server and do it:
sudo nano /etc/docker/daemon.json
{"insecure-registries" : ["<HostName or IP Address registry server>:5000"]}
Saving and...
and for next
sudo systemctl daemon-reload
sudo service docker restart
nice!
now docker pushing on another server:
docker tag <image id> <HostName or IP Address registry server>:5000/<ImageName>
docker push <HostName or IP Address registry server>:5000/<ImageName>
Enjoy It.