Related
I just installed docker for the first time and when the default virtualbox or 'docker-machine'(not sure what it is called I run into this error:
This is an excerpt
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerat
ing the certs: There was an error validating certificates for host "192.168.99.1
01:2376": x509: certificate has expired or is not yet valid
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]
'.
Be advised that this will trigger a Docker daemon restart which might stop runni
ng containers.
I tried using the docker-machine regenerate-certs [name] command and it seemed to work no errors were raised at least. Only when I attempted to run docker's hello world command this is the result I got.
docker: error during connect: Post http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.39/c
ontainers/create: open //./pipe/docker_engine: The system cannot find the file s
pecified. In the default daemon configuration on Windows, the docker client must
be run elevated to connect. This error may also indicate that the docker daemon
is not running.
See 'docker run --help'.
I searched up similar errors and found a few case where creating a new virtualbox/docker-machine(still don't know what its called) solved it but the same error that appeared with the default box showed up.
Error creating machine: Error checking the host: Error checking and/or regenerat
ing the certs: There was an error validating certificates for host "192.168.99.1
01:2376": x509: certificate has expired or is not yet valid
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]
Afterwards I gave the docker-machine ls command a try in order to see if I could find something helpful. This is the output.
NAME ACTIVE DRIVER STATE URL SWARM DO
CKER ERRORS
default - virtualbox Running tcp://192.168.99.100:2376 Un
known Unable to query docker version: Get https://192.168.99.100:2376/v1.15/ve
rsion: x509: certificate has expired or is not yet valid
first - virtualbox Running tcp://192.168.99.101:2376 Un
known Unable to query docker version: Get https://192.168.99.101:2376/v1.15/ve
rsion: x509: certificate has expired or is not yet valid
How can I fix it?
Try docker-machine regenerate-certs --client-certs.
Try this:
In your command prompt run:
docker-machine ls
it will return
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
<name> <status> <driver> <state> <url> <swarm> <docker> <errors>
get the <name> of the machine you want to run (if it's the first time you are running docker, then you have only one machine running and its name is default, in this example I will call it <name>)
then run:
docker-machine kill <name>
docker-machine create <name>
docker-machine env <name>
The last command will output more lines, copy the last one, in my case it was like this:
# eval $("C:\my\path\to\docker-machine.exe" env <name>)
then paste it in the command prompt without the # and run it, the problem should be fixed now.
You can check it by running docker-machine ls, if the problem is fixed, you should see no more messages under the ERROR column.
Furthermore, it is possible that the lines
docker-machine kill <name>
docker-machine create <name>
are not required if you have only one docker-machine existing and its <name> is default.
Maybe you can vi /etc/docker/daemon.json
use this setting:
{
"insecure-registries":[
"0.0.0.0/0"
]
}
then restart service:
service docker restart
and try again.
I have been working with Docker for about two months now, working on Windows/WSL. The other day I needed to restart my machine and once it restarted I tried setting up my docker containers again and ran into an issue that I have had before, however. All the solutions I used last time do not work, and none on google work either.
I have tried a lot of things, every single possibility on the internet I could fine and I have been stuck on this for at least 8 hours already and wish to waste no more time on it. I will list a few I have already tried but do not work:
sudo usermod -aG docker $USER
sudo ln -s /mnt/c/Program\ Files/Docker/Docker/resources/bin/docker.exe /usr/bin/docker
using sudo
restarted docker
reinstalled docker desktop (windows)
The command within our make file runs this:
docker-compose up -d
We use a MakeFile to make our lives a lot easier in terms of docker commands so usually I would run this command and it should just bring the container up and work fine. But instead I get this:
ERROR: Couldn't connect to Docker daemon at http+docker://localhost - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
Makefile:13: recipe for target 'up' failed
make: *** [up] Error 1
I was then recommended trying sudo dockerd which I then get this error, which does half explain the issue but I could not find a clear answer on how to fix my issue:
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
I am really hoping someone is able to help me with this as I am so stuck and need to get this to work.
It turns out the issue was to do with the groups. The solution that I found worked was to remove the user group "docker" using:
sudo groupadd docker
sudo usermod -aG docker $(whoami)
Then I ran the command for my make file and it worked!
I hope this benefits some of you!
From this github issue:
Try running dockerd or sudo dockerd if required first to start daemon. If you start dockerd with sudo you may want to run docker-compose up with sudo also. otherwise it's fine.
I had the same issue. I managed to fix this by upgrading to WSL 2 from version 1.
To get your current version in powershell :
wsl -l -v
For me it was written version 1.
To upgrade from 1 to 2 :
wsl --set-version <NAME-FROM-PREVIOUS-COMMAND> 2
For me it was Ubuntu :
wsl --set-version Ubuntu 2
And then the docker daemon could be started as expected inside wsl. (with sudo in my case)
sudo dockerd
sudo docker-compose up
I hope it could help.
After (successfully, I believe) installing the Docker Toolbox, I get the following error:
$ docker ps
error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.26/containers/json: open //./pipe/docker_engine: The system cannot find the file specified. In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.
Also, when I try to run the docker quickstart terminal, it just prints the following error:
Docker Machine is not installed. Please re-run the Toolbox Installer and try aga
in.
Looks like something went wrong in step 'Looking for vboxmanage.exe'... Press an
y key to continue...
I searched through the docker troubleshooting but didn't find any hint.
I tried installing the toolbox both with and without checking the "Install VirtualBox with NDIS5 driver [default NDIS6]" checkbox.
Try this,
Check if the docker machine exists. Command to check this below.
docker-machine ls
If you still get error then execute step 2 below. If you see any machine listed and it has STATE stopped then execute docker-machine start machine_name eg. docker-machine start default
This step helps you to create a docker-machine.
docker-machine create --driver virtualbox default
I also face some problems like you and I troubleshoot the problem with the following steps in window 8.1.
Install Docker Toolbox
REGENERATE CERTIFICATES
$ docker-machine regenerate-certs default
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Create new machine default
$ docker-machine create default
Note: It may take a few minutes for downloading boot2docker.iso file.
UPGRADE docker-machine (Optional)
$ docker-machine upgrade
START Docker Quickstart Terminal (or) Run start.sh file under the location => C:\Program Files\Docker Toolbox
RUN HELLOWORLD
$ docker run hello-world
I hope it will help you :-)
After I restarted my windows i cannot connect to docker machine running in Oracle Virtual Box.
When i start Docker QuickStart Terminal every thing looks fine, it's coming up OK and it gives me this message:
docker is configured to use the default machine with IP 192.168.99.100
For help getting started, check out the docs at https://docs.docker.com
but when i do:
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default - virtualbox Timeout
and:
λ docker images
An error occurred trying to connect: Get http://localhost:2375/v1.21/images/json: dial tcp 127.0.0.1:2375: ConnectEx tcp: No connection could be made because the target machine actively refused it.
also when i try to reinitialize my env., i get:
λ docker-machine env default
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": dial tcp 192.168.99.100:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.
BTW, Regenerating certs also not helping.
Any idea?
Thanks.
Please try regenerating certificates manually by:
docker-machine --debug regenerate-certs -f default
and check for any errors to fix, then try again:
docker-machine --debug env default
If it's failing on ssh, copy and paste that command into terminal to see what's the problem by adding extra -vv.
If you've got:
debug1: connect to address 127.0.0.1 port 64368: Connection refused
then your machine isn't running (check by docker-machine ls), so try:
docker-machine start
Then try to ssh to it via:
docker-machine -D ssh default
After doing some research I found out that following workaround may solve the issue for now:
Open Network And Sharing Center
Click on Change Adapter Setting
See if you have any enabled adapters such as VPN or VM Ware network adapters.
Try to disable them and try to connect to your container one more time
If it didn't work while you have other adapters disabled, Restart your PC - in my case this worked for me.
What worked for me is this answer from the docker-machine repo:
docker-machine regenerate-certs --client-certs [name]
Basically, what expired is client certificates. The error message I get from docker-machine is similar to yours (i.e., no indication it's the client certs that need to be regenerated).
I fix it doing this:
Removed all host-only interfaces from my VirtualBox (VirtualBox → Preferences → Network → Host-only networks).
rmdir.exe --ignore-fail-on-non-empty ~/.docker/
docker-machine start
docker-machine env
eval $("C:\Program Files\Docker Toolbox\docker-machine.exe" env default) (added also at the end of my .bash_profile).
docker run hello-world ← now working
Inspired in this post.
Here is what worked for me. The first steps are similar to what Hazhir proposed, then followed by regenerate the certificates.
Open Network And Sharing Center.
Click on Change Adapter Setting.
Disable all active VMWare network adapters. Usually has explanation "VirtualBox Host-Only Ethernet Adapter".
Connect to your container by running docker-machine start.
Run docker-machine env. If you're like me then you'd get following error:
Error checking TLS connection: Error checking and/or regenerating the
certs: There was an error validating certificates for host
"192.168.99.100:2376": x509: certificate is valid for 192.168.99.101,
not 192.168.99.100
Which is good. Now all we need to do is to run
docker-machine regenerate-certs -f default
Then test it again with docker-machine env. If you get:
SET DOCKER_TLS_VERIFY=1
SET DOCKER_HOST=tcp://192.168.99.100:2376
SET DOCKER_CERT_PATH=C:\Users\Jay\.docker\machine\machines\default
SET DOCKER_MACHINE_NAME=default
REM Run this command to configure your shell:
REM FOR /f "tokens=*" %i IN ('docker-machine env') DO %i
Then you're all set. In my case I needed to start my virtual machine by running Docker Quickstart Terminal.
I have this problem too. Execute docker-machine regenerate-certs <vm-name> can not solve problem. I search Google the error info and find the solution below.
execute sudo ifconfig vboxnet0 up in terminal.
show docker machine state: docker-machine ls.
now STATE and URL are ok.
But restart the system this problem persists.
GitHub issues link I found is here.
It seems there is a bug in VirtualBox 5.1.24.
Just start the docker machine and then regenerate certificates
docker-machine start <machine-name>
docker-machine regenerate-certs <machine-name>
It works like a charm for me.
None of the answers here helped me. My problem occurred when I want to activate the shell of my virtual machine with eval $(docker-machine env default).
It was then trying to access the port 2376 which was closed, so I had to enter the shell of the VM through ssh and activate the following UFW rule:
sudo ufw allow 2376
The way I ensure being able to connect to my docker machines is by assigning them a fixed IP (and regenerating the certs only once) (no reboot needed)
After that, docker-machine ls always work.
My current script:
(replace %PRGS%\dm\latest by the path where docker-machine.exe is on your machine)
(make sure PATH include the latest /path/to/git/usr/bin, for commands like ssh to be available)
> more dmvbf.bat
#echo off
setlocal enabledelayedexpansion
set machine=%1
if "%machine%" == "" (
echo dmvbf expects a machine name
exit /b 1
)
set ipx=%2
if "%ipx%" == "" (
echo dmvbf x missing ^(for 192.168.x.y^)
exit /b 2
)
set ipy=%3
if "%ipy%" == "" (
echo dmvbf y missing ^(for 192.168.x.y^)
exit /b 3
)
%PRGS%\dm\latest\docker-machine.exe ssh %machine% "sudo sh -c 'echo \"kill \$(more /var/run/udhcpc.eth1.pid)\" | sudo tee /var/lib/boot2docker/bootsync.sh >/dev/null'"
%PRGS%\dm\latest\docker-machine ssh %machine% "sudo sh -c 'echo \"ifconfig eth1 192.168.%ipx%.%ipy% netmask 255.255.255.0 broadcast 192.168.%ipx%.255 up\" | sudo tee -a /var/lib/boot2docker/bootsync.sh >/dev/null'"
%PRGS%\dm\latest\docker-machine ssh %machine% "sudo chmod 755 /var/lib/boot2docker/bootsync.sh"
%PRGS%\dm\latest\docker-machine ssh %machine% "sudo cat /var/run/udhcpc.eth1.pid | xargs sudo kill"
%PRGS%\dm\latest\docker-machine ssh %machine% "sudo ifconfig eth1 192.168.%ipx%.%ipy% netmask 255.255.255.0 broadcast 192.168.%ipx%.255 up"
For instance:
dmvbf default 99 100
docker-machine regenerate-certs -f default
That will assign 192.168.99.100 to the docker machine 'default', and regenerate the certs once.
Then each time docker-machine ls is called, it will display the same IP for 'default'.
Try this way/workaround:
firstly make sure there are ca.pem, cert.pem, key.pem, ca-key.pem under $yourhome/.docker/machine/certs/ folder , for these lost four *.pem files, you can copy them from other places or maybe create them yourselves ( these four pem files are surely not correct at the beginning )
make sure the env set correctly in bash_profile, like:
export DOCKER_HOST=tcp://192.168.99.100:2376
export DOCKER_MACHINE_NAME=default
export DOCKER_TLS_VERIFY=1
export DOCKER_CERT_PATH=/Users/johnwang/.docker/machine/machines/default
rerun the cmd: docker-machine regenerate-certs default (maybe before run this, you need reopen the docker terminal)
Tried on docker toolbox on mac, and it works.
Finally some logs of the result:
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": x509: certificate signed by unknown authority
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
...
...
johns-MacBook-Pro:certs johnwang$ docker-machine regenerate-certs default
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
johns-MacBook-Pro:certs johnwang$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default - virtualbox Running tcp://192.168.99.100:2376 v17.03.1-ce
Hope it helps
also see my response here:https://github.com/docker/machine/issues/2808
In my case it was my FortiClient that caused the issue. After disabling it docker-machine env default worked fine again. I suggest you to check if there's any anti-virus program running in your system.
for me, running
docker-machine --debug regenerate-certs -f name_of_your_vm
worked just fine.
docker-machine version 0.16.1
virtualBox 6.0
also docker was configured to use the default machine with IP 192.168.99.100
I had the same error. I fixed it by open tcp port 2376 in network firewall.
The solution for my problem is taken from here:
https://github.com/docker/machine/issues/3845#issuecomment-271935924
Quote:
If you install docker-machine first time then you do not have in that
host a self-signed CA that will be used to generate your client
certificate and as many server certificates as machines you generate
later on. That CA is generated when you try to create a machine if
that CA is not yet created. So if you try to generate several servers
in parallel (by means of an script), then you’ll generate as many
self-signed (root) CA as docker createcommands, all of them being
written in the same location that seems to be messing up the
environment e.g. spreading out different ca.pem to the remote machines
that do match the final version, causing the cert.pem (host identity)
to be signed by a former ca.pem which no longer exist… or whatever
other abnormal situation.
To fix it, first of all you'll need to delete your existing
self-signed CA. This can be done by removing the folder
~/.docker/machine/certs (NOTE: Note this will force the creation of a
new self-signed CA for docker-machine to use and will yield your
existing machines to fail connecting to the daemon). This will make
your docker-machine to generate valid certificates again. Then, for my
use case I am creating the first machine in foreground and all the
rest of them are done in parallel. That will cause the creation of one
root self-signed CA in isolation and then will be used for further
docker-machine create commands. It worked like a charm!
The reason why I was able to ssh to the host is because there are a
different pair of keys for sshing generate per host that was not
bitten by this.
To sum up, this is what I ended up doing:
Find out what is the command that docker-machine is running. I was using it with gitlab-runner, So I had to run gitlab-runner in debug mode to see what command was it running on docker-machine.
then stop gitlab-runner: gitlab-runner stop
then delete the certificate: rm -rf ~/.docker/machine/certs
then run a single command (from step #1) to re-create the certs (remember - the reason this didn't work is because it was trying to create it multiple times)
then rerun gitlab-runner: gitlab-runner start
Worked for me!
For reader using brew in 2021, after your somehow upgrade virtualbox cask
System Preferences... > Security & Privacy > (Unlock with finger) Allow.
<<Your Computer Should Restart>>.
docker-machine restart default. Done
Solved this issue in MacOS by installing Docker Desktop
brew uninstall docker
brew uninstall docker-machine
Then download Docker Desktop for mac https://docs.docker.com/desktop/mac/install/
I installed Docker-Toolbox just now while following their webpage
I started with Docker QuickStart Terminal and see following
## .
## ## ## ==
## ## ## ## ## ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
\______ o __/
\ \ __/
\____\_______/
docker is configured to use the default machine with IP 192.168.99.100
For help getting started, check out the docs at https://docs.docker.com
bash-3.2$
But when I try to perform docker pull hello-world, this is what I see
bash-3.2$ docker run hello-world
Unable to find image 'hello-world:latest' locally
Pulling repository docker.io/library/hello-world
Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/hello-world/images. You may want to check your internet connection or if you are behind a proxy.
bash-3.2$
What's wrong?
I had the same problem this morning and the following fixed it for me:
$ docker-machine restart default # Restart the environment
$ eval $(docker-machine env default) # Refresh your environment settings
It appears that this is due to the Docker virtual machine getting itself into a strange state. There is an open github issue here
I installed Docker without the Toolbox on Windows 10, so the version that requires Hyper-V to be enabled.
For Docker version 1.12 I had to go into the taskbar, right click the Docker Icon, select Settings -> Network and set the DNS Server to fixed, so that is uses Google's DNS server at 8.8.8.8.
Once that setting was changed, it finally worked.
The simpler solution is to add the following entry in /etc/default/docker file
export http_proxy="http://HOST:PORT/"
and restart the docker service
service docker restart
Update August 2016
Using Docker for Mac (version 1.12.0), was seeing issues of the form:
➜ docker pull node
Using default tag: latest
Pulling repository docker.io/library/node
Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/node/images. You may want to check your internet connection or if you are behind a proxy.`enter code here`
This was resolved by updating my MacBook Pro wireless network settings to include the following DNS entry: 8.8.8.8
For further info, please see this (dated) issue which provided the answer given here.
I ran into this problem running Docker on my MAC(host) with Docker VM in VBOX 5.10. It is a networking issue. The simple fix is to add a bridged network to the VBOX image. You can use the included NAT config present with the VM, but you need to change the ssh port from 50375 to 2375.
sudo service docker stop
sudo service docker start
works for me..
somehow, sudo service docker restart didn't work
(RHEL7)
On Windows 7 and if you believe you are behind proxy
Logon to default machine
$ docker-machine ssh default
Update profile to update proxy settings
docker#default:~$ sudo vi /var/lib/boot2docker/profile
Append from the below as appropriate
# replace with your office's proxy environment
export"HTTP_PROXY=http://PROXY:PORT"
export"HTTPS_PROXY=http://PROXY:PORT"
# you can add more no_proxy with your environment.
export"NO_PROXY=192.168.99.*,*.local,169.254/16,*.example.com,192.168.59.*"
Exit
docker#default:~$ exit
Restart docker machine
docker-machine restart default
Update environment settings
eval $(docker-machine env default)
Above steps are slightly tweaked but as given in troubleshooting guide: https://docs.docker.com/toolbox/faqs/troubleshoot/#/update-varlibboot2dockerprofile-on-the-docker-machine
I ran into this exact same problem yesterday and none of the "popular" answers (like fixing DNS to 8.8.8.8) worked for me. I eventually happened across this link, and that did the trick ... https://github.com/docker/for-win/issues/16
Between Docker for Windows, Windows 10 and Hyper-V, there seems to be a problem during the virtual network adapter creation process. Specifically, you might end up with two "vEthernet (DockerNAT)" network adapters. Check this with Get-NetAdapter "vEthernet (DockerNAT)" (in an elevated PowerShell console). If the result shows more than one adapter, you can disable and rename it with:
$vmNetAdapter = Get-VMNetworkAdapter -ManagementOS -SwitchName DockerNAT
Get-NetAdapter "vEthernet (DockerNAT)" | ? { $_.DeviceID -ne $vmNetAdapter.DeviceID } | Disable-NetAdapter -Confirm:$False -PassThru | Rename-NetAdapter -NewName "OLD"
Then open up Device Manager and delete the disabled adapter (for some reason you can do this from here, but not from the Network and Sharing Center adapters view).
I assume that you have a network problem. Are you behind a proxy? Is it possible that it filters the connection to docker.io or blocks the docker user agent?
I installed the toolbox and ran your test. It works fine, here:
docker is configured to use the default machine with IP 192.168.99.101
For help getting started, check out the docs at https://docs.docker.com
bash-3.2$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
535020c3e8ad: Pull complete
af340544ed62: Already exists
library/hello-world:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:d5fbd996e6562438f7ea5389d7da867fe58e04d581810e230df4cc073271ea52
Status: Downloaded newer image for hello-world:latest
Hello from Docker.
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account:
https://hub.docker.com
For more examples and ideas, visit:
https://docs.docker.com/userguide/
bash-3.2$
On Windows 10. Just right-click on the systray docker icon-> Settings... -> Rest -> Restrart Docker
I had this same problem with boot2docker and fixed it by restarting it with:
boot2docker restart
I just ran into this today with 1.10.1 and none of the existing solutions worked. I tried to restart, upgrade, regenerate certs, ...
I noticed that I had a lot of networks created on the machine. After removing them with:
docker network ls | grep bridge | awk '{print $1}' | xargs -n1 docker network rm
The DNS started working again.
Note: You may ignore errors about pre-defined networks
If you are behind proxy it is not enough to set HTTP_PROXY and HTTPS_PROXY env. You should set it while machine creation.
Paramer for this is --engine-env:
docker-machine create -d "virtualbox" --engine-env HTTP_PROXY=http://<PROXY>:<PORT> --engine-env HTTPS_PROXY=<PROXY>:<PORT> dev
In my case, installing docker on Alpine Linux I get the error:
Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/........
Using the script here:
https://github.com/docker/docker/blob/master/contrib/download-frozen-image-v2.sh
Works. It downloads the image using curl and then shows you how to untar and 'docker load' it.
I tried the above methods of static DNS at 8.8.8.8 and disabling ipv6 (I didn't understand the proxy thing) and none of them worked for me.
EDIT 9/8/2016:
I was initially using dropbear instead of openssh. Reinstalled Alpine with openssh fixed the problem.
The next problem was 'ApplyLayer exit status 1 stdout: stderr: chmod /bin/mount: permission denied' error during pull.
From (nixaid.com/grsec-in-docker/):
To build the Docker image, I had to disable the following grsec
protections. Modify the /etc/sysctl.d/grsec.conf as follows:
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_caps = 0 # related to a systemd package/CAP_SETFCAP
in alpine's case though it's
/etc/sysctl.d/00-alpine.conf
reboot
Restarting Docker or recreating the image did not help. I rebooted Windows to no avail.
Astoundingly, when I ssh'ed into the running container and did curl https://index.docker.io/v1/repositories/library/hello-world/images I got a perfectly valid response.
I used the Docker Toolbox with VirtualBox on 64bit Windows 10 Pro.
The solution in my case was to uninstall the old Docker version and install the new one that uses Hyper-V instead of VirtualBox.
Now Docker works again.
If you are behind proxy kindly use below commands
sudo mkdir /etc/systemd/system/docker.service.d
sudo cd /etc/systemd/system/docker.service.d
sudo vi http-proxy.conf
[Service]
Environment=HTTP_PROXY=http://proxy-server-ip:port" "NO_PROXY=localhost,127.0.0.1"
sudo systemctl daemon-reload
sudo systemctl show --property=Environment docker
sudo systemctl restart docker
Try this if you can fetch latest ubuntu
sudo docker run -it ubuntu bash
Unable to find image ubuntu:latest locally
latest: Pulling from library/ubuntu b3e1c725a85f: Pull complete
4daad8bdde31: Pull complete
63fe8c0068a8: Pull complete
4a70713c436f: Pull complete
bd842a2105a8: Pull complete
Digest:
sha256:7a64bc9c8843b0a8c8b8a7e4715b7615e4e1b0d8ca3c7e7a76ec8250899c397a
Status: Downloaded newer image for ubuntu:latest
It worked for me finally :)
Another scenario: if your docker network adapter is disabled, it will fail with this error. The adapter is named "vEthernet (DockerNAT)" or similar. Apparently this adapter is involved somehow in the normal docker pull behavior. Enable it back to solve the problem.
Create a systemd drop-in directory for the docker service:
$ sudo mkdir -p /etc/systemd/system/docker.service.d
Create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
Hope it helps
refer to https://docs.docker.com/network/proxy/
for me, proxy setting without http:// or https:// prefix works.
e.g:
PROXY:PORT
or with / suffix with http:// or https:// prefix
e.:
http://PROXY:PORT/
On Windows this happened when I moved from a work network to a home network.
To solve it, run:
docker-machine stop
docker-machine start
docker-env
"C:\Program Files\Docker Toolbox\docker-machine.exe" env | Invoke-Expression