Rancher desktop unable to pull an image from Docker - containers

I have downloaded and set up Rancher Desktop with nerdctl but I am unable to pull any public image from the Docker Hub. I am receiving an error:
INFO[0011] trying next host error="failed to do request: Head
"https://registry-1.docker.io/v2/maildev/maildev/manifests/latest":
dial tcp: lookup registry-1.docker.io on 192.168.47.23:53: read udp
192.168.47.23:37689->192.168.47.23:53: i/o timeout" host=registry-1.docker.io
FATA[0011] failed to resolve reference
"docker.io/maildev/maildev:latest": failed to do request: Head
"https://registry-1.docker.io/v2/maildev/maildev/manifests/latest":
dial tcp: lookup registry-1.docker.io on 192.168.47.23:53: read udp
192.168.47.23:37689->192.168.47.23:53: i/o timeout
Thanks for your inputs

Related

k3s not able to pull from a docker registry on my lan

So I have a registry on my lan, from other machines and from the host curl, nslookup, docker pull/run and podman pull/run work as does just curling the v2 manifests address. From within a container curlying the address https://docker.infrastructure.lan.mydomain/v2/my-image/manifests/latest also works works. So how does k3s/containerd do dns lookups? My guess is that k3s is using an internet DNS like 8.8.8.8 instead of coredns for the equivalent of docker pulls? I want it to use mine (or even coredns)
Anyways here's the error is see, the domain suffix was changed.
Pulling image "docker.infrastructure.lan.mydomain/my-image:latest"
Warning Failed 27m (x4 over 29m) kubelet, infrastructure.lan.mydomain Failed to pull image "docker.infrastructure.lan.mydomain/my-image:latest": rpc error: code = Unknown desc = failed to pull and unpack image "docker.infrastructure.lan.mydomain/my-image:latest": failed to resolve reference "docker.infrastructure.lan.mydomain/my-image:latest": failed to do request: Head https://docker.infrastructure.lan.mydomain/v2/my-image/manifests/latest: dial tcp: lookup docker.infrastructure.lan.mydomain: no such host
Again inside a container this is fine (I can curl the url), and it's fine on the host. It's also fine from other non-k3s machines on my network. But things like kubectl run --image docker.infrastructure.lan.mydomain/my-image:latest testing give the above error

Connection reset by Cloudflare when building Packer image

I am trying to build a packer image for a digital ocean droplet, however when the build process finishes, it fails to create image (from what I can tell, that is a Cloudflare IP)
Any idea why this is happening or what I can do to investigate it further?
==> digitalocean: Gracefully shutting down droplet...
==> digitalocean: Error shutting down droplet: Post https://api.digitalocean.com/v2/droplets/198964166/actions: read tcp 10.0.2.15:44558->104.16.181.15:443: read: connection reset by peer
==> digitalocean: Destroying droplet...
==> digitalocean: Deleting temporary ssh key...
Build 'digitalocean' errored: Error shutting down droplet: Post https://api.digitalocean.com/v2/droplets/198964166/actions: read tcp 10.0.2.15:44558->104.16.181.15:443: read: connection reset by peer

issue in Downloading Platform-specific Binaries

I want to download Binary files for running Hyperledger Fabric. I am trying to execute this command. I am behind proxy too.
Also I have docker Installed, OS being used Win 10.
export HTTP_PROXY=http://172.16.30.30:80/
export HTTPS_PROXY=https://172.16.30.30:8080/
export NO_PROXY=localhost,127.0.0.1,::1
$ curl -sSL https://raw.githubusercontent.com/hyperledger/fabric/master/scripts/bootstrap.sh | bash -s 1.1.0 1.1.0 0.4.6
Installing hyperledger/fabric-samples repo
===> Checking out v1.1.0 of hyperledger/fabric-samples
HEAD is now at 1252c7a... [FAB-8920] Pin fabric-samples to node.js "~1.1.0"
Installing Hyperledger Fabric binaries
===> Downloading version x86_64-1.1.0 platform specific fabric binaries
===> Downloading: https://nexus.hyperledger.org/content/repositories/releases/org/hyperledger/fabric/hyperledger-fabric/windows-amd64-1.1.0/hyperledger-fabric-windows-amd64-1.1.0.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 28.0M 100 28.0M 0 0 91407 0 0:05:21 0:05:21 --:--:-- 145k
... Here 2 files are downloaded and Then i get this erros continiously
Warning: failed to get default registry endpoint from daemon (error during connect: Get https://127.0.0.1:2376/v1.37/info: dial tcp 127.0.0.1:2376: connectex: No connection could be made because the target machine actively refused it.). Using system default: https://index.docker.io/v1/
error during connect: Post https://127.0.0.1:2376/v1.37/images/create?fromImage=hyperledger%2Ffabric-peer&tag=x86_64-1.1.0: dial tcp 127.0.0.1:2376: connectex: No connection could be made because the target machine actively refused it.
error during connect: Post https://127.0.0.1:2376/v1.37/images/hyperledger/fabric-peer:x86_64-1.1.0/tag?repo=hyperledger%2Ffabric-peer&tag=latest: dial tcp 127.0.0.1:2376: connectex: No connection could be made because the target machine actively refused it.
==> FABRIC IMAGE: orderer
===> List out hyperledger docker images
error during connect: Get https://127.0.0.1:2376/v1.37/images/json: dial tcp 127.0.0.1:2376: connectex: No connection could be made because the target machine actively refused it.

Connecting to CloudSQL Mysql over ssl from external application

I am trying to get a sample java application to connect to a Mysql gen2 instance I have in GCP. I use SSL and the ip address is whitelisted. I have confirmed connectivity to the instance using the mysql command line and passing in the client-cert.pem, client-key.pem and the server-ca.pem. Now inorder to connect to it from the spring boot java application, I did the following:
created a p12 file from the client cert and key and added it to keystore.jks
created a truststore with the server-ca.pem file.
Added this code in the main before the connection is created:
System.setProperty("javax.net.debug", "all");
System.setProperty("javax.net.ssl.trustStore", TRUST_STORE_PATH);
System.setProperty("javax.net.ssl.trustStorePassword", "fake_password");
System.setProperty("javax.net.ssl.keyStore", KEY_STORE_PATH);
System.setProperty("javax.net.ssl.keyStorePassword", "fake_password");
For the jdbc url, I used : jdbc:mysql://1.1.1.1:3306/sampledb?useSSL=true&requireSSL=true
However I am unable to connect to the instance and see this error from the java ssl debug:
restartedMain, RECV TLSv1.1 ALERT: fatal, unknown_ca
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
restartedMain, called closeSocket()
restartedMain, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
restartedMain, called close()
restartedMain, called closeInternal(true)
I also tried to run
openssl verify -CAfile server-ca.pem client-cert.pem`
and got this output:
error 20 at 0 depth lookup:unable to get local issuer certificate`
Any ideas on what I might be doing wrong?

waiting for SSH to become available with packer too long

Anyone have already this issue with packer build ?
Waiting for SSH to become available...
[INFO] Attempting SSH connection...
reconnecting to TCP connection for SSH
handshaking with SSH
handshake error: ssh: handshake failed: read tcp 127.0.0.1:49663->127.0.0.1:3278: wsarecv: Une connexion existante a dû être fermée par l’hôte distant.
[DEBUG] SSH handshake err: ssh: handshake failed: read tcp 127.0.0.1:49663->127.0.0.1:3278: wsarecv: Une connexion existante a dû être fermée par l’hôte distant.
My packer build run correctly but the step to connect with ssh is very long (10min).
Have you a idea for resolve this ?
PS : the "space" character in log is not my fault, this is just the result of -debug packer build. Perhaps open another stackoverflow issue for resolve this.
I have a similar setup (Ubuntu, Windows 7, virtualbox-iso). My scripts include a file below that's called in the provisioners block. Lacking these may be a cause of the slowness
#!/bin/sh -x
echo "UseDNS no" >> /etc/ssh/sshd_config;
echo "GSSAPIAuthentication no" >> /etc/ssh/sshd_config;
It's also possible that the 10 minute wait is just other stuff happening in the background that you can't see. If you can post a link to your scripts and/or tell me how long the entire build process takes that might provide additional context