failed to write digest data in docker image while pulling - docker

I am getting an error while try to pull an image from local registry
failed to write digest data: open ..... no such file or directory

i have tried to pull after removing the docke root directry solved the problem. But still what if i dont want tpo remove my docker root directory?

Related

Docker pull doesnt find `latest` tag

When trying to pull the official image for RNA-seq aligner STAR with
docker pull alexdobin/star
I got an error despite copying the Docker Pull Command as shown in the screenshot (lower right)
The error was the following:
Error response from daemon: manifest for alexdobin/star:latest not found: manifest unknown: manifest unknown
The problem is that when you don't specify the tag as part of the image name in the docker command then it is assumed that you are referring to the latest tag.
Further, as there is no image with tag latest present in the repository, you get the error as expected:
Error response from daemon: manifest for alexdobin/star:latest not found: manifest unknown: manifest unknown
Change the tag to one of the available ones and it will work as expected:
docker pull alexdobin/star:2.6.1d
You can open just the tab Tags and copy the pull command as shown in the screenshot (bottom right).
It worked just fine.

Unable to import image encrypted by ctr-enc

I am trying to encrypt the docker images using this tutorial.
I have images stored in Azure Container Registry and I want to encrypt them .
As images from Azure CR are not supported in ctr-enc environment so I am pulling image from Azure CR, tagging it to local registry(sudo docker tag "azure-cr-image-name" localhost:5000/test:0.1) and pushing it(sudo docker push localhost:5000/test:0.1) and then pulling it in ctr-enc from local registry.
All the steps works fine. The image runs successfully so I exported it to a tar file.
The error comes when I try to import the tar file in any other device.
The error is as follows
unpacking localhost:5000/test:0.1 (sha256:7b60c337c1d319c682369508673f8da65ce027cd95917d80abec71c753f90341)...INFO[0119] apply failure, attempting cleanup error="failed to extract layer sha256:0447c1aa276497ad5424dd1f8597b7f667126d868489277bab7aea547a4aa982: mount callback failed on /var/lib/containerd/tmpmounts/containerd-mount138280154: archive/tar: invalid tar header: unknown" key="extract-395814385-sMwu sha256:0447c1aa276497ad5424dd1f8597b7f667126d868489277bab7aea547a4aa982"
ctr: failed to extract layer sha256:0447c1aa276497ad5424dd1f8597b7f667126d868489277bab7aea547a4aa982: mount callback failed on /var/lib/containerd/tmpmounts/containerd-mount138280154: archive/tar: invalid tar header: unknown
All I want to know is will this flow work and am I missing something or this entire flow is wrong. I don't have much idea about it so any help will be appreciated.
I resolved the error with the help of following steps.
Tried re-creating the flow and I used this link to setup my local repository.
Pulled image from acr, encrypted it and pushed it to the local registry and started pulling the encrypted image from local registry to the other devices
I got following error in the device
unpacking linux/arm64/v8 sha256:cfd940f7d5d6a6817e8d4f4a811a27263fa11dc00507ebf638ff24be703e5320...
INFO[0293] apply failure, attempting cleanup error="failed to extract layer sha256:0447c1aa276497ad5424dd1f8597b7f667126d868489277bab7aea547a4aa982: call to DecryptLayer failed: missing private key needed for decryption\n: unknown" key="extract-20510027-zCdy sha256:0447c1aa276497ad5424dd1f8597b7f667126d868489277bab7aea547a4aa982"
ctr: failed to extract layer sha256:0447c1aa276497ad5424dd1f8597b7f667126d868489277bab7aea547a4aa982: call to DecryptLayer failed: missing private key needed for decryption
: unknown
After providing the secret key in the pull command itself the image got downloaded and it ran without any errors.
Pull command example: sudo ctr-enc images pull --plain-http=true --key mykey.pem registry.local.com:5000/encrypted-image/test:0.1
Key Points:
1] Add following line in the hosts file in the device where you are setting up the repository as well as the device in which you want to run the encrypted image. Replace it with your actual IP
Ex:- 192.168.0.1 repository.local.com
2] Add following line in the /docker/daemon.json file for the devices where you are planning to run encrypted image
"insecure-registries":["registry.local.com:5000"]

pull access denied for "aaaaa" repository does not exist or may require 'docker login'

After cloning a project from Gitlab on ubuntu, I tried to run it through docker, I opened a terminal, got to the directory where the .yml file was and wrote down:
I was greeted with this message:
The image for the service you're trying to recreate has been removed.
If you continue, volume data could be lost. Consider backing up your
data before continuing.
Continue with the new image?
I pressed y.
Then for a few seconds, I got:
Pulling "name of the module here"
Then I was greeted with this message:
ERROR: pull access denied for "name of the module here", the repository does not exist or may require 'docker login'
pedroesteves#pedro:~/Desktop/project$
Any help would be very appreciated. I already looked to some similar posts but none was able to help me.
You can pull image from a private registry, but You will get an error on the new version of Docker related to certificated, during pull image on the client side.
First, you to modify docker daemon file on the client side
create the file if not exist
/etc/docker/daemon.json
Add the following
{ "insecure-registries":["gitlab.my-site.com:5000"] }
Then you are good to go
docker login gitlab.my-site.com:5000

How can I edit an existing docker image metadata?

I would like to edit a docker images metadata for the following reasons:
I don't like an image parents EXPOSE, VOLUME etc declaration (see #3465, Docker-Team did not want to provide a solution), so I'd like to "un-volume" or "un-expose" the image.
I dont't like an image ContainerConfig (see docker inspect [image]) cause it was generated from a running container using docker commit [container]
Fix error durring docker build or docker run like:
cannot mount volume over existing file, file exists [path]
Is there any way I can do that?
Its a bit hacky, but works:
Save the image to a tar.gz file:
$ docker save [image] > [targetfile.tar.gz]
Extract the tar file to get access to the raw image data:
tar -xvzf [targetfile.tar.gz]
Lookup the image metadata file in the manifest.json file: There should be a key like .Config which contains a [HEX] number. There should be an exact [HEX].json in the root of the extracted folder.
This is the file containing the image metadata. Edit as you like.
Pack the extracted files back into an new.tar.gz-archive
Use cat [new.tar.gz] | docker load to re-import the modified image
Use docker inspect [image] to verify your metadata changes have been applied
EDIT:
This has been wrapped into a handy script: https://github.com/gdraheim/docker-copyedit
I had come across the same workaround - since I have to edit the metadata of some images quite often (fixing an automated image rebuild from a third party), I have create a little script to help with the steps of save/unpack/edit/load.
Have a look at docker-copyedit. It can remove or overrides volumes as well as set other metadata values like entrypoint and cmd.

Docker-Squash command not working

We are using docker-squash to squash images and we are facing 2 problems:
When trying to load the image using docker load -i squashed.tar, it returns the following:
Loaded image ID: sha256:e2be970be8222d5ab47d5c3633d437f86a5481d33df81dae00eb9ae0eeaeec00
However, upon firing docker images command, the image file doesn't show up!
We tried loading the docker file on other system and it says:
open /apps/docker/tmp/docker-import-734929610/0e0c7d7d5f7843e27756caa197f1ff2de3f7afb0890271b4a1fd95dd4c7bcaaa/layer.tar: no such file or directory
Can squashed images not be run on other system or are we missing something?
Please help!

Resources