Docker on RHEL 7 in AWS can’t pull images - linux

We're looking to incorporate docker on our project and I'm having some difficulty.
I installed Docker via the instructions here: https://docs.docker.com/engine/installation/linux/rhel/ and had no problems. However, when I try to pull any images from docker hub, it just hangs and nothing ever happens:
┌─[user#hostname]─(~)
└─[11:53]$ docker pull alpine:latest
Here's my docker version info:
┌─[user#hostname]─(~)
└─[11:53]$ docker version
Client:
Version: 1.11.2
API version: 1.23
Go version: go1.5.4
Git commit: b9f10c9
Built: Wed Jun 1 21:23:11 2016
OS/Arch: linux/amd64
Server:
Version: 1.11.2
API version: 1.23
Go version: go1.5.4
Git commit: b9f10c9
Built: Wed Jun 1 21:23:11 2016
OS/Arch: linux/amd64
This is a redhat 7.2 instance in a VPC. I'm using another rhel 7.2 instance to handle NAT through iptables. This issue is the first connectivity problem I've had.
I read elsewhere that specifying an http proxy would solve the issue, so I set up a squid proxy on my nat server, but to no avail. I followed the instructions here to set the proxy for docker to use: https://docs.docker.com/engine/admin/systemd/#/http-proxy
The proxy is getting the requests, but docker still can't pull any images. Here's the out put of my squid logs:
1467475616.376 110 10.0.0.50 TCP_MISS/200 3250 CONNECT registry-1.docker.io:443 - HIER_DIRECT/52.71.80.248 -
1467475616.415 35 10.0.0.50 TCP_MISS/200 4444 CONNECT auth.docker.io:443 - HIER_DIRECT/52.204.167.32 -
I'm running out of things to try here. Any help would be greatly appreciated.
EDIT
Got a new error! After tweaking the squid proxy configuration, I now get this error when attempting to pull an image:
┌─[user#hostname]─(~)
└─[15:15]$ sudo docker pull alpine
Using default tag: latest
Pulling repository docker.io/library/alpine
Error while pulling image: Get https://index.docker.io/v1/repositories/library/alpine/images: Service Unavailable
Here's the output of ping:
┌─[user#hostname]─(~)
└─[15:15]$ ping index.docker.io
PING us-east-1-elbio-rm5bon1qaeo4-623296237.us-east-1.elb.amazonaws.com (54.173.200.203) 56(84) bytes of data.
^C
--- us-east-1-elbio-rm5bon1qaeo4-623296237.us-east-1.elb.amazonaws.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
And wget can download a json file from the url in the docker error message:
┌─[user#hostname]─(~)
└─[15:17]$ wget https://index.docker.io/v1/repositories/library/alpine/images
--2016-07-02 15:17:20-- https://index.docker.io/v1/repositories/library/alpine/images
Resolving index.docker.io (index.docker.io)... 54.173.200.203, 52.22.190.106, 52.203.138.237
Connecting to index.docker.io (index.docker.io)|54.173.200.203|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/json]
Saving to: ‘images’
[ <=> ] 6,900 --.-K/s in 0s
2016-07-02 15:17:20 (185 MB/s) - ‘images’ saved [6900]

Related

Guacamole container exits and couldn't authenticated with Mysql

I am trying to install Apache Guacamole container which is followed by the instructions from https://guacamole.apache.org/doc/gug/guacamole-docker.html
I am able to install the guacamole/guacd and mysql containers but when I install guacamole/guacamole container it exits as it is installed.
I reinstalled the container couple of times but there was no improvement. Guacamole container log informes the authentication didn't succeed.
In log it is written the container needs authentication with mysql but I couldn't succeed even I tried to do as in the instruction in website. I probably miss something.
docker version:
Client:
Version: 20.10.12
API version: 1.41
Go version: go1.17.3
Git commit: 20.10.12-0ubuntu4
Built: Mon Mar 7 17:10:06 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.17.3
Git commit: 20.10.12-0ubuntu4
Built: Mon Mar 7 15:57:50 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.9-0ubuntu3.1
GitCommit:
runc:
Version: 1.1.0-0ubuntu1.1
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:
docker ps:
root#server:~# root#server:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4288a45a153f guacamole/guacamole "/opt/guacamole/bin/…" About an hour ago Exited (1) About an hour ago guacamole-guacamole
e17d224935d1 mysql "docker-entrypoint.s…" About an hour ago Up About an hour 3306/tcp, 33060/tcp guacamole-mysql
7d0e75730239 guacamole/guacd "/bin/sh -c '/usr/lo…" 2 hours ago Up 2 hours (healthy) 4822/tcp guacd-guacd
Logs of the container :
root#server:~# docker logs guacamole-guacamole
FATAL: No authentication configured
-------------------------------------------------------------------------------
The Guacamole Docker container needs at least one authentication mechanism in
order to function, such as a MySQL database, PostgreSQL database, LDAP
directory or RADIUS server. Please specify at least the MYSQL_DATABASE or
POSTGRES_DATABASE environment variables, or check Guacamole's Docker
documentation regarding configuring LDAP and/or custom extensions.

Can't get cloudstor:azure Docker plugin to work with latest versions of Docker/plugin

I'm attempting to create a docker volume using the cloudstor:azure docker plugin on a Ubuntu 18 VM in Azure.
I managed to get this working once on a VM with this Docker version:
Client:
Version: 18.09.7
API version: 1.39
Go version: go1.10.1
Git commit: 2d0083d
Built: Fri Aug 16 14:20:06 2019
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.09.7
API version: 1.39 (minimum version 1.12)
Go version: go1.10.1
Git commit: 2d0083d
Built: Wed Aug 14 19:41:23 2019
OS/Arch: linux/amd64
Experimental: false
And installing build azure-v17.03.0-ce of the plugin. However That's not the default version of Docker that comes with the Ubuntu 18 VM image so at some point I must have upgraded something but can't reproduce this.
So I tried to upgrade Docker and the plugin to 19.03, I now get different errors when installing the plugin or trying to enable it:
docker plugin enable cloudstor:azure
Error response from daemon: failed to listen to abstract unix socket "/containerd-shim/plugins.moby/7bee13f0a815242cfcf1bf5d715ab1bc4d687c482e5ac0051aae90061980f8bb/shim.sock": listen unix ?/containerd-shim/plugins.moby/7bee13f0a815242cfcf1bf5d715ab1bc4d687c482e5ac0051aae90061980f8bb/shim.sock: bind: permission denied: unknown
I've noticed on the Docker version that does work there no 'ce' indicate Community Edition, not sure if that matters.
If I update Docker daemon to 18.09.9 and use docker4x/cloudstor:azure-v17.03.0-ce I can get the plugin to work correctly. But I cant get this working with any other versions of Docker or the plugin.
How do you get the cloudstor:azure Docker plugin working on a Ubuntu VM in Azure with latest versions of Docker and the plugin?

Docker externally-accessible registry, 502 Proxy Error, TLS handshake error

Docker version:
Client:
Version: 17.06.2-ce
API version: 1.30
Go version: go1.8.3
Git commit: cec0b72
Built: Tue Sep 5 19:57:21 2017
OS/Arch: linux/amd64
Server:
Version: 17.06.2-ce
API version: 1.30 (minimum version 1.12)
Go version: go1.8.3
Git commit: cec0b72
Built: Tue Sep 5 19:59:19 2017
OS/Arch: linux/amd64
Experimental: false
docker exec 96f0cb141c8b registry --version:
registry github.com/docker/distribution v2.6.2
Reproducing my error:
docker run -d --restart=always --name registry5000 -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert.pem -e REGISTRY_HTTP_TLS_KE
Y=/certs/privkey.pem -p 5000:5000 registry:2
docker push registry.domain.com/my-registry
output is:
*The push refers to a repository [registry.corobor.com/my-registry]
73c12ad782ae: Retrying in 1 second
98b882d4bdc0: Retrying in 1 second
f9cee97711b2: Retrying in 1 second
3de32dfabd85: Retrying in 1 second
2b0fb280b60d: Retrying in 1 second
received unexpected HTTP status: 502 Proxy Error*
The log of my registry container:
time="2017-09-15T10:04:43Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=001581a2-0296-439e-b8c1-26edb84fc2b3 version=v2.6.2
2017/09/15 10:19:28 http: TLS handshake error from 10.10.10.202:44402: tls: first record does not look like a TLS handshake
2017/09/15 10:19:28 http: TLS handshake error from 10.10.10.202:44414: tls: oversized record received with length 21536
My message:
Hello,
I'm beginner on the subject. My company needs an externally-accessible registry in order to push in images which can be pull by client when they acces to registry.domain.com.
I followed the instructions from the docker official website to create this registry an I used LetsEnscrypt to get my pem certificate files. Here I use port 5000, but also use port 80 which gives the same error...
As written in "Reproducing my error", I had an 502 Proxy Error and TLS handshake error from my proxy. I've searched for many solutions in the forum but nothing convincing.
Do you please have any ideas how to fix it to make my registry available?
Thanks

'Kubectl' throws error 'failed to negotiate an api version' while installing using docker

I installed docker in machine using the guide in https://docs.docker.com/engine/installation/linux/ubuntulinux/ and I also installed Kubernetes in my local machine by using http://kubernetes.io/docs/getting-started-guides/docker/.
But once I run "kubectl get nodes" I get the error error: failed to negotiate an api version; server supports: map[], client supports: map[v1:{} metrics/v1alpha1:{} extensions/v1beta1:{} componentconfig/v1alpha1:{} batch/v1:{} autoscaling/v1:{} authorization.k8s.io/v1beta1:{}].
The docker version on my machine is as follows.
Client:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Tue Apr 26 23:30:23 2016
OS/Arch: linux/amd64
Server:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Tue Apr 26 23:30:23 2016
OS/Arch: linux/amd64
Looks like the server responded with an empty list of api versions that it supports.
Can you post the output of kubectl version?
That will print the git versions of kubectl and api server and will help us find if there is any incompatibility between the two.
Ive tried using v1.3.0-alpha.3 of kubernetes with the same version of docker as the OP. I`m still having the same issue though. Should this be fixed in alpha.3 or do I need to wait for a new version ?

New device node created on host does not get reflected in Docker container when using --device flag

I'm running a container with the following options:
docker run -d --device=/dev/bus/usb:/dev/bus/usb --device=/dev/ttyS0:/dev/ttyS0 instr_img
Inside the container I have a Python code which resets a USB device that in turn causes a device file in '/dev/bus/usb/002/005' on the host to be removed and a new file (/dev/bus/usb/002/006) created in its place. The problem is that inside the container '/dev/bus/usb/002/005' still exists, and '/dev/bus/usb/002/006' is no where to be found. The directories '/dev/bus/usb/002' on the host and container are now out of sync. As a result, the code execution inside the container throws an exception because it can't talk to the USB device. I confirmed by manually creating a new device file (mknod) in the container and saw that it did not get sync'ed to the host and vice versa. Is this an unsupported feature or a bug in Docker?
>docker version
Client:
Version: 1.9.0
API version: 1.21
Go version: go1.4.2
Git commit: 76d6bc9
Built: Tue Nov 3 17:48:04 UTC 2015
OS/Arch: linux/amd64
Server:
Version: 1.9.0
API version: 1.21
Go version: go1.4.2
Git commit: 76d6bc9
Built: Tue Nov 3 17:48:04 UTC 2015
OS/Arch: linux/amd64
>docker info
Containers: 66
Images: 313
Server Version: 1.9.0
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 445
Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.19.0-47-generic
Operating System: Ubuntu 15.04
CPUs: 4
Total Memory: 7.69 GiB
Name:my-host-1
ID: VIT4:S2P3:Q4TY:A3I4:L4WH:HFWJ:I36U:PBTV:B3VW:NFXB:LDNM:KY7G
Username: myuser
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
>uname -a
Linux my-host-1 3.19.0-47-generic #53-Ubuntu SMP Mon Jan 18 14:02:48 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
My workaround is to issue a mknod command to create a new device file with the minor device number incremented by 1 (from the previous number) every time a device reset happens; however, this is not a clean hack since I need to put in some checks because this program is used in multiple environments outside and inside the Docker container. I could very well be not using Docker properly for this use case since I'm very green (a noob) with Docker.
Some comments/insights from some experienced Docker users would really be appreciated. It could be a deal breaker for me to dockerize this program if I can't find a clean workaround for this issue.
Thanks in advance for your comments!
From all the researches online and some experimentation with using '--device', I've found that ephemeral (hot pluggable) devices are not supported by this option. It's a shame that the Docker documentation did not state this clearly, if at all. I only read one comment online from a user which mentioned it in passing. For those who want to use '--device' for these devices, don't; use the '--privileged' & '-v ' options instead. This will avoid you having to specify the exact device file name, e.g. /dev/bus/usb/002/088, instead you can specify just /dev/bus/usb. The '--device' option requires the actual device file name to work.

Resources