Could not authenticate with IBM Containers registry at registry.ng.bluemix.net - docker

When I login to the IBM containers on Bluemix, I get the following error:
cf ic login
** Retrieving client certificates from IBM Containers
** Storing client certificates in /Users/triplez/.ice/certs Successfully retrieved client certificates
** Checking local docker configuration OK
** Authenticating with registry at registry.ng.bluemix.net
Could not authenticate with IBM Containers registry at registry.ng.bluemix.net
**** exit status 1
****Error response from daemon: invalid registry endpoint registry.ng.bluemix.net/v0/: unable to ping registry endpoint
registry.ng.bluemix.net/v0/
v2 ping attempt failed with error: Get registry.ng.bluemix.net/v2/: dial tcp: lookup
registry.ng.bluemix.net on 103.11.48.126:53: read udp
103.11.48.126:53: i/o timeout
v1 ping attempt failed with error: Get registry.ng.bluemix.net/v1/_ping: dial tcp: lookup registry.ng.bluemix.net on 103.11.48.126:53: read udp
103.11.48.126:53: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add
--insecure-registry registry.ng.bluemix.net to the daemon's
arguments. In the case of HTTPS, if you have access to the registry's
CA certificate, no need for the flag; simply place the CA certificate
at /etc/docker/certs.d/registry.ng.bluemix.net/ca.crt
I've already uninstalled docker and reinstalled, giving me the same error. I've also deleted ~/.cf/config.json and ~/.ice/ice-cfg.ini and ~/.ice/certs/ and tried logging in again. I still receive the same error.
I've also tested this with ice cli with the same error.
EDITED
Tried this command:
ice login -a 'https://api.ng.bluemix.net' --registry 'registry.ng.bluemix.net' --host 'https://containers-api.ng.bluemix.net/v3/containers'
Got the same error:
Authentication with container cloud service at
containers-api.ng.bluemix.net/v3/containers completed
successfully
You can issue commands now to the container service
Proceeding to authenticate with the container cloud registry at
registry.ng.bluemix.net/v3
Error response from daemon: invalid registry endpoint
registry.ng.bluemix.net/v3/v0/:
unable to ping registry endpoint registry.ng.bluemix.net/v3/v0/
v2 ping attempt failed with error: Get registry.ng.bluemix.net/v3/v2/:
dial tcp: lookup registry.ng.bluemix.net on 192.168.0.1:53: read ump
192.168.0.1:53: i/o timeout
v1 ping attempt failed with error: Get registry.ng.bluemix.net/v3/v1/_ping: dial tcp: lookup registry.ng.bluemix.net on 192.168.0.1:53: read udp 192.168.0.1:53: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry registry.ng.bluemix.net to the daemon's arguments. In the case of
HTTPS, if you have access to the registry's CA certificate, no need
for the flag; simply place the CA certificate at
/etc/docker/certs.d/registry.ng.bluemix.net/ca.crt
docker is not available on your system or is not properly configured
Could not authenticate with cloud registry at registry.ng.bluemix.net/v3
You can still use IBM Containers but will not be able to run local docker containers, push, or pull images

It looks like the container cloud service host name is not correct.
Please try to run the ice login command as below:
ice login -a 'https://api.ng.bluemix.net' --registry 'registry.ng.bluemix.net' --host 'https://containers-api.ng.bluemix.net/v3/containers'

Based on your comment "boot2docker has been deprecated" I assume you are using Docker 1.8.
This version of Docker is not supported by IBM Containers on Bluemix yet.
Please see documentation in link below saying Docker 1.6 or 1.7 is required:
https://www.ng.bluemix.net/docs/containers/container_cli_ov.html
I know IBM Containers team is working to add support for Docker 1.8 as well. Please keep an eye on documentation for updates in the future.

Related

docker login fails with bad gateway. Potential V1 vs V2 issue?

I received a docker registry location to login to and pull some images from at my organization. On attempts to login, I receive the following error:
docker login -u test-user internal.server.com:8080/test
Password:
Error response from daemon: Get https://internal.server.com:8080/v2/: Bad Gateway
I turned debug on for the docker daemon and tried again and receive the following errors:
level=debug msg="attempting v2 login to registry endpoint https://internal.server.com:8080/v2/"
level=info msg="Error logging in to v2 endpoint, trying next endpoint: Get https://internal.server.com:8080/v2/: Bad Gateway"
level=debug msg="FIXME: Got an API for which error does not match any expected type!!!: Get https://internal.server.com:8080/v2/: Bad Gateway" error...l.Error" module=api
If I am interpreting the error correctly, this means the my docker client is attempting to access the registry at v2 yet the registry doesn't seem to support v2? Or do I have this backwards (or some other issue entirely)? Thanks!
/v2 is part of the registry API. It will exist on all requests, so receiving a Bad Gateway from this indicates an error with the registry server.

Docker Pull fail in disconnected Enviornment

I have to install openshift on disconnected system so i followed following steps(original installation requires more image but for sake of understanding i am provided minimum steps)
on system with internet i did following steps
docker pull docker.io/openshift/origin-node:v3.11.0
docker save -o openshift-origin-v3.11.0-images.tar \
docker.io/openshift/origin-node:v3.11.0
on second disconnected system i did following
docker load -i openshift-origin-v3.11.0-images.tar
Now when i start script for installation it pull the images with command docker.io/openshift/origin-node:v3.11.0
which is throwing following error
Error getting v2 registry: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on [::1]:53: dial udp [::1]:53: connect: no route to host
When on second system i do docker images
[root#x ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/openshift/origin-node v3.11.0 14d965ab72d5 4 days ago 1.17 GB
Its showing me that image is available. Whats wrong here? My understanding is it should first look locally and then will check from dockerhub
Update1:
if i directly pull it saying
[root#x ~]# docker pull docker.io/openshift/origin-node:v3.11.0
Trying to pull repository docker.io/openshift/origin-node ...
Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 192.168.x.x:53: server misbehaving
I am expecting it should say
Status: Image is up to date for
I changed following in /etc/containers/registries.conf and it works
From
[registries.search]
registries = ['registry.access.redhat.com', 'docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.centos.org']
To
[registries.search]
registries = []
[registries.block]
registries = ['registry.access.redhat.com', 'docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.centos.org']

Channel creation failed

I am a complete newbie on Hyperledger Fabric and as described in the docs I installed all the prerequisites and set up the Network Artifacts. But after i want to bring Up the Network. I get this error and i don't know what to do:
Error: failed to create deliver client: orderer client failed to connect to orde
rer.example.com:7050: failed to create new connection: x509: certificate signed
by unknown authority (possibly because of "x509: ECDSA verification failure" whi
le trying to verify candidate authority certificate "tlsca.example.com")
Usage:
peer channel create [flags]
Flags:
-c, --channelID string In case of a newChain command, the channel ID to crea
te.
-f, --file string Configuration transaction file generated by a tool su
ch as configtxgen for submitting to orderer
-t, --timeout int Channel creation timeout (default 5)
Global Flags:
--cafile string Path to file containing PEM-encoded
trusted certificate(s) for the ordering endpoint
--certfile string Path to file containing PEM-encoded
X509 public key to use for mutual TLS communication with the orderer endpoint
--clientauth Use mutual TLS when communicating wi
th the orderer endpoint
--keyfile string Path to file containing PEM-encoded
private key to use for mutual TLS communication with the orderer endpoint
--logging-level string Default logging level and overrides,
see core.yaml for full syntax
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when va
lidating the TLS connection to the orderer.
--tls Use TLS when communicating with the
orderer endpoint
-v, --version Display current version of fabric pe
er server
!!!!!!!!!!!!!!! Channel creation failed !!!!!!!!!!!!!!!!
========= ERROR !!! FAILED to execute End-2-End Scenario ===========
ERROR !!!! Test failed
OS: Windows 7
Hyperledger Fabric: 1.1
Latest Docker installation
After multiple attempts to get the network running i created containers which i had to delete with the command docker ps -aq. Also i had to get the network down before that with the command ./byfn.sh -m down. Then i restarted everything by using byfn.sh -m generate -c mychannel and byfn.sh -m up -c mychannel -s couchdb Then everything worked as in the docs described.

Docker pull failed with request canceled while waiting for connection

I am trying to pull images to default docker machine. But I always get
docker#default:/etc$ docker run hellow-world
Unable to find image 'hellow-world:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.
docker#default:/etc$
Even if i give --dns option same error
docker#default:/etc$ docker run hellow-world --dns=8.8.8.8
Unable to find image 'hellow-world:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.
docker#default:/etc$
Tried adding DNS to config.json of the default machine
"EngineOptions": {
"Dns": [
"8.8.8.8",
"8.8.4.4"
]
}
resolv.conf has following entry in default machine
docker#default:/etc$
docker#default:/etc$ cat /etc/resolv.conf
search <company name>
nameserver 10.0.2.3
docker#default:/etc$
This machine sits behind the proxy and I am using kitematic for creating default machine
Kitematic is started by a custom script which will set proxies and start kitematic
Recommended and All images are displayed at the start of kitematic. But can not pull any images
Creating new machine also gives warning
PS C:\Program Files\Docker Toolbox\kitematic> docker-machine create -d virtualbox --engine-opt dns=8.8.8.8 test
Running pre-create checks...
(test) Unable to get the latest Boot2Docker ISO release version: Get https://api.github.com/repos/boot2docker/boot2docker/releases/latest: dial tcp 192.30.253.116:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Creating machine...
(test) Unable to get the latest Boot2Docker ISO release version: Get https://api.github.com/repos/boot2docker/boot2docker/releases/latest: dial tcp 192.30.253.116:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Machine created with --dns option also has /etc/resolv.conf not as 8.8.8.8
docker#test:~$
docker#test:~$ cat /etc/resolv.conf
search <company name>
nameserver 10.0.2.3
docker#test:~$
PS:Issue solved after adding HTTP_PROXY to /var/lib/boot2docker/profile
Found solution
Either
add HTTP_PROXY to /var/lib/boot2docker/profile
or
create docker machine with --engine-env HTTP_PROXY=IP:PORT

Push docker image to Google Container Registry failure on Mac

I was trying to upload my image to Google Container Registry, but it return some error and I don't know how to troubleshooting.
$> gcloud docker -- push asia.gcr.io/dtapi-1314/web
The push refers to a repository [asia.gcr.io/dtapi-1314/web]
53ccd4e59f47: Retrying in 1 second
32ca8635750d: Retrying in 1 second
e5363ba7dd4d: Retrying in 1 second
d575d439624a: Retrying in 1 second
5c1cba20b78d: Retrying in 1 second
7198e99c156d: Waiting
6ca37046de16: Waiting
b8f2f07b3eab: Waiting
16681562a534: Waiting
92ea1d98cb79: Waiting
97ca462ad9ee: Waiting
unable to decode token response: read tcp 10.0.2.10:54718->74.125.23.82:443: read: connection reset by peer
I checked permission on my Mac.
$> gsutil acl get gs://asia.artifacts.dtapi-1314.appspot.com
It returned a list of correct permission.
I'd tested push on the cloud console, it works.
Does anyone have clue?
Thanks a lot if anyone could help. :)
Other troubleshooting
gcloud auth login
gcloud docker -- login -p $(gcloud auth print-access-token) -u _token https://asia.gcr.io
gsutil acl get gs://asia.artifacts.{%PROJECT_ID}.appspot.com
Add insecure-registry to dockerd startup command.
--insecure-registry asia.gcr.io
Might be the same cause
gcloud docker -- pull google/python
The error was
Error response from daemon: Get https://registry-1.docker.io/v2/google/python/manifests/latest: read tcp 10.0.2.15:37762->52.45.33.149:443: read: connection reset by peer
docker server log
DEBU[0499] Increasing token expiration to: 60 seconds
ERRO[0500] Error trying v2 registry: Get https://registry-1.docker.io/....../python/manifests/latest: read tcp 10.0.2.15:37762->52.45.33.149:443: read: connection reset by peer
ERRO[0500] Attempting next endpoint for pull after error: Get https://registry-1.docker.io/....../python/manifests/latest: read tcp 10.0.2.15:37762->52.45.33.149:443: read: connection reset by peer
DEBU[0500] Skipping v1 endpoint https://index.docker.io because v2 registry was detected
ERRO[0500] Handler for POST /v1.24/images/create returned error: Get https://registry-1.docker.io/....../python/manifests/latest: read tcp 10.0.2.15:37762->52.45.33.149:443: read: connection reset by peer
Environment
MacOS: 10.11.6
Docker Toolbox (on MAC)
Docker 1.12.3 (Git commit: 6b644ec, Built: Wed Oct 26 23:26:11 2016)
The root cause was stupid, but I'd like to update this for anyone who see this question. I found when I attached my computer to company's WIFI. Then It would work (Still some reset). The cable network of my company is mysterious broken to Google Container Registry. The cable network works for all other services (google/youtube/mobile services) we used but broken to Google Container Registry.
Seems like a permission issue. Try running
gcloud auth login
I remember running into a similar issue and this helped.

Resources