Docker cannot pull images #137
Comments
|
are you behind a VPN connection? |
|
Yes, i am behind a corporate VPN connection. |
|
I am not on a VPN or using docker with I get a DNS related error on my first build with
$ nerdctl build --namespace k8s.io --platform linux/amd64 -t test/test:local -f ./Dockerfile .
[+] Building 0.2s (4/4) FINISHED
...
error: failed to solve: alpine:latest: failed to do request: Head "https://registry-1.docker.io/v2/library/alpine/manifests/latest": dial tcp: lookup registry-1.docker.io on [::1]:53: read udp [::1]:45220->[::1]:53: read: connection refused
FATA[0000] unrecognized image format
FATA[0000] exit status 1Second Try: $ nerdctl build --namespace k8s.io --platform linux/amd64 -t test/test:local -f ./Dockerfile .
[+] Building 0.2s (4/4) FINISHED
...
[+] Building 9.7s (7/17)
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 580B 0.1s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 306B 0.1s
=> [internal] load metadata for docker.io/library/alpine:latest 0.4s
=> [internal] load metadata for docker.io/library/golang:1.17
... |
|
I am running into the same error, without any VPN connection. |
|
I resolved it by doing Correction: but it fails after pulling in more data |
|
For those of us behind a VPN, how do I configure docker to use a proxy? |
|
This is a good overview of DNS issues in Alpine and might be at the core of some of these DNS issues: Their main fix was to migrate to RedHat's Universal Base Images (UBI) - https://developers.redhat.com/products/rhel/ubi There is a workaround as well, that I will try when I have a bit of time to test it. |
|
I am seeing this issue now too, after it had been working for me initially, e.g. - and testing on multiple networks. |
|
Same here |
|
Hello, I have this error too : Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 192.168.5.3:53: read udp 192.168.5.15:33676->192.168.5.3:53: i/o timeout I to install it on a macOS without VPN whatsoever, I don't understand the issue. I've also tested multiple configuration like Rancher desktop, minikube + hyperkit, podman etc and I have this issue only with Colima. Someone found a solution about that ? For instance if I run docker run hello-word it's working for almost 30 secondes after the start of colima. |
|
It's Alpine. The musl DNS resolver is pretty terrible. It behaves differently from glibc in many ways. |
I am just realising this |
|
There are details about this here: |
|
I've been experiencing DNS failures randomly too. Especially, when having many queries in quick succession. Would having a caching dns server sit between the qemu dns and the containers help? I may try to set one up manually to see if it helps the situation. |
|
I'm not convinced the differences between glibc and musl are the root cause here; unless colima does something different, there should be only a single nameserver in I found one bug with this very recently: we disable IPv6 lookups in Lima by default because they often end up not working. The issue was though that instead of responding with an empty response, we handed the request to the resolver on the host, which might then add some random error for the IPv6 query to our response. In my specific test case, I got the right DNS information when I looked with This should be fixed in the forthcoming lima 0.8.3 release. So I would appreciate if you could all re-test with that version (once released), and report back if this improved/fixed the situation! |
This is the case in Colima as well, and the single nameserver is
Looking forward to it. Thanks. |
|
New colima user here, running into this right off the bat. lima version is 0.8.3, colima 0.3.3. This workaround fixed it for me: #140 (comment) |
@abiosoft Do we need to wait for a colima release for this? Running colima 0.3.3, and lima 0.8.3. I experience this error: When I go into the VM: This happens because I'm running a script that is doing the same lookup over and over again very quickly. If I stop for a few minutes and try again, the DNS lookup is okay. |
|
@pedantic79 a lima upgrade should be all that is required. For troubleshooting purposes, can you kindly try this #140 (comment) and see if the behaviour is different? Note that it requires recreating the VM to see the effect i.e. |
|
I also faced the same issue but its resolved by specifying DNS resolver |
|
@abiosoft Yes that seems to fix things. I ended up using |
|
Can anyone try the lastest development version and see if anything changes? |
|
Nope. A reasonable test for me is to download a large-ish (~1.5 GB) image: which will get part of the way through and then stall: and subsequent attempts: making me wonder if I am getting throttled or running out of sockets or something. Using docker desktop this pull is a breeze. |
|
@navels l'd be interested in knowing if there are any specifics to your network connection as I am struggling to reproduce this. Can you kindly share the output of Thanks. |
|
@abiosoft I'm seeing the same timeout and lookup failure as @navels, only in my case it was triggered by pushing a number of images in quick succession instead of pulling a single large one. I've confirmed that Other details that might be helpful:
Ping output from within the VM used to be very strange with a constantly increasing round trip and DUP packets, but that appears to be fixed in this latest version. 👍 |
I have this problem at home and at work, on and off VPN. This is on an M1 Mac Pro. Network speeds are about the same at both locations: ~300 Mbps. Aha . . . I just tried a few different configurations and it seems to happen with more CPUs. With 1-2 CPUs I didn't have any issues. With 3 I do. My normal configuration is 8 CPUs. Double-checked my docker desktop config: 8 CPUs. |
|
I’ve ran into these DNS issues too and I’ve found changing my DNS to use the gateway of the VDE network works well for me. If you want to see if this workaround will work for you too, try running the following before your test: colima ssh -- sudo sh -c 'echo nameserver 192.168.106.1 > /etc/resolv.conf'This temporary patch can be reverted by restarting colima or running the above again with useHostResolver: false
dns:
- 192.168.106.1 |
|
Yep, yep, there are workarounds, just trying to help @abiosoft troubleshoot. |
|
I am also still seeing issues with the use case that I reported in #137 (comment) The first time I run something like:
After another one or two tries (so likely after some short amount of time from the first attempt) it works and then continues to work. |
|
@spkane can you try the last development version |
|
@navels you likely weren't running colima with vde networking enabled as the fix for m1 devices just got pushed. Does that change anything? |
|
Unfortunately no change, fails with 3 CPUs. |
|
@navels are you able to see the IP address in the output of |
|
Yep: |
|
@abiosoft The latest HEAD has much more stable network on apple M1 CPU, with 4 cores enabled, although wrong DNS issue is still present. |
|
Does anyone have Cisco AnyConnect installed? I have an intel mac that I just upgraded from Catalina to Monterey. I have Cisco AnyConnect installed which I occasionally use to connect to a VPN. After the Monterey update, "Cisco AnyConnect Socket Filter" showed up and asked for permission to run a new SystemExtension. I allowed it at that point, but I think that was the culprit behind all my network issues. This service is suspicious (to me) because its "features" are (based on the docs):
So, I just deleted Cisco AnyConnect Socket Filter (deleted it from the Applications) which removed the SystemExtension. After doing all of that (and another reboot), dns works in colima again! |
|
I stopped using colima a while ago but just tried this again and am not getting the errors, so either fixed in colima or the Mac networking stack (Sonoma on an M1 Pro). |
* build: Lock GitHub runners' OS This was motivated by our macOS jobs failing [2] because colima is missing. It looks like this is because the latest versions of the macOS runner no longer have colima installed by default [1]. colima is now explicitly installed. [1] actions/runner-images#6216 [2] `/Users/runner/work/_temp/f19ffbff-27a9-4fc7-80b6-97791d2de141.sh: line 9: colima: command not found` * build: Lock Colima * build: Move macOS Docker installation to script * build: Move macOS libomp activation to script * build: Use latest Colima The > 0.6.0 releases actually fix the issue we have linked [1][2][3]. [1] abiosoft/colima#577 [2] https://github.com/jesse-c/MLServer/blob/c3acd60995a72141027eff506e4fd330fe824179/hack/install-docker-macos.sh#L18-L20 [3] > Switch to new user-v2 network. Fixes abiosoft/colima#648, abiosoft/colima#603, abiosoft/colima#577, abiosoft/colima#779, abiosoft/colima#137, abiosoft/colima#740.
|
Hi,
i just installed colima on a MacBook Pro wit BigSur 11.6.2
When i want to pull in docker, I get an i/o timeout error. It seems that the colima system doesn't have internet connection.
docker pull maven Using default tag: latest Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 192.168.5.3:53: read udp 192.168.5.15:56157->192.168.5.3:53: i/o timeoutAre there any post-install steps to get a connection?
The text was updated successfully, but these errors were encountered: