Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33232

Not working in internal network.

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The following error happened in my environment which cannot connect to index.docker.io.

      $ docker run --rm --entrypoint /bin/true alpine:3.2
      Unable to find image 'alpine:3.2' locally
      Pulling repository docker.io/library/alpine
      docker: Error while pulling image: Get https://index.docker.io/v1/repositories/library/alpine/images: dial tcp 54.152.78.181:443: getsockopt: connection refused.
      See 'docker run --help'.
      FATAL: Failed to run docker image docker-registry.dev.cybozu.xyz/kintone/jenkins-build-base
      java.lang.RuntimeException: Failed to run docker image docker-registry.dev.cybozu.xyz/kintone/jenkins-build-base
      	at com.cloudbees.jenkins.plugins.docker_build_env.Docker.getDocker0Ip(Docker.java:249)
      	at com.cloudbees.jenkins.plugins.docker_build_env.Docker.runDetached(Docker.java:178)
      	at com.cloudbees.jenkins.plugins.docker_build_env.DockerBuildWrapper.startBuildContainer(DockerBuildWrapper.java:202)
      	at com.cloudbees.jenkins.plugins.docker_build_env.DockerBuildWrapper.setUp(DockerBuildWrapper.java:175)
      	at hudson.model.Build$BuildExecution.doRun(Build.java:156)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
      	at hudson.model.Run.execute(Run.java:1738)
      	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
      	at hudson.model.ResourceController.execute(ResourceController.java:98)
      	at hudson.model.Executor.run(Executor.java:410)
      

      It seems that the following pull request is cause of this bug.

      https://github.com/jenkinsci/docker-custom-build-environment-plugin/pull/36

      The plugin was modified to use external image "alpine:3.2". However, this change is backward incompatible for environments in internal network with private docker registry.

      It is internal specification that the plugin uses the image, though building "alpine:3.2" image in a build environment can be a workaround. I think there should be a config option to specify the image for "/sbin/ip".

        Attachments

          Issue Links

            Activity

            Hide
            daniel_b Daniel Buteau added a comment -

            The problem IMHO, is not so the ip routes, but the fact than the plugin doesn't care of what we define in the FROM line.

            For example if i want to use official image from ourcompany registry eg :
            FROM mycompany-registry/team/ubuntu:latest

            the plugin fail on "Unable to find image 'alpine:3.2' locally" even if i don't care of alpine image and don't need it

            If the FROM clause was correctly implemented then the problem of ip route, than alpine can't be reached from internal network can be easily bypassed by using our internal images...

            Show
            daniel_b Daniel Buteau added a comment - The problem IMHO, is not so the ip routes, but the fact than the plugin doesn't care of what we define in the FROM line. For example if i want to use official image from ourcompany registry eg : FROM mycompany-registry/team/ubuntu:latest the plugin fail on "Unable to find image 'alpine:3.2' locally" even if i don't care of alpine image and don't need it If the FROM clause was correctly implemented then the problem of ip route, than alpine can't be reached from internal network can be easily bypassed by using our internal images...
            Hide
            nikolyabb Nikolay Birukov added a comment -

            Please advice how to achieve connection to local docker registry. Is this problem solved?

            Show
            nikolyabb Nikolay Birukov added a comment - Please advice how to achieve connection to local docker registry. Is this problem solved?
            Hide
            lawyard LawYard LawYard added a comment -

            Hi! There is one more issue within working with private registry: If I set credentials to access to my registry, plugin creates `auths` block within `~/.docker/config.json` for my registry. Thats ok! BUT! It creates same auth record for alpine! And pulling failed with authorization error!

            For example: I set my image as `test/test-image` and registry `registry.test.com`, then add credentials. Then build fails with that reason:

            09:25:32 $ docker run --rm --entrypoint /bin/true alpine:3.2
            09:25:32 Unable to find image 'alpine:3.2' locally
            09:25:33 docker: Error response from daemon: Get https://registry-1.docker.io/v2/library/alpine/manifests/3.2: unauthorized: incorrect username or password.
            09:25:33 See 'docker run --help'.
            09:25:33 [ssh-agent] Stopped.
            09:25:33 FATAL: Failed to run docker image registry.yandex.net/mediaselling/python-binary-deps
            09:25:33 java.lang.RuntimeException: Failed to run docker image registry.yandex.net/mediaselling/python-binary-deps
            

            And here is my config.json content:

            {"auths": {
              "registry.yandex.net": {"auth": "SOME_CRED"},
              "https://registry.test.com/":   {
                "auth": "MY_TOKEN",
                "email": "lawyard@test.com"
              },
              "https://index.docker.io/v1/":   {
                "auth": "MY_TOKEN",
                "email": "lawyard@test.com"
              }
            }}
            

            So, I suppose we dont need to do that - create auths config for alpine image.

            Show
            lawyard LawYard LawYard added a comment - Hi! There is one more issue within working with private registry: If I set credentials to access to my registry, plugin creates `auths` block within `~/.docker/config.json` for my registry. Thats ok! BUT! It creates same auth record for alpine! And pulling failed with authorization error! For example: I set my image as `test/test-image` and registry `registry.test.com`, then add credentials. Then build fails with that reason: 09:25:32 $ docker run --rm --entrypoint /bin/ true alpine:3.2 09:25:32 Unable to find image 'alpine:3.2' locally 09:25:33 docker: Error response from daemon: Get https: //registry-1.docker.io/v2/library/alpine/manifests/3.2: unauthorized: incorrect username or password. 09:25:33 See 'docker run --help' . 09:25:33 [ssh-agent] Stopped. 09:25:33 FATAL: Failed to run docker image registry.yandex.net/mediaselling/python-binary-deps 09:25:33 java.lang.RuntimeException: Failed to run docker image registry.yandex.net/mediaselling/python-binary-deps And here is my config.json content: { "auths" : { "registry.yandex.net" : { "auth" : "SOME_CRED" }, "https: //registry.test.com/" : { "auth" : "MY_TOKEN" , "email" : "lawyard@test.com" }, "https: //index.docker.io/v1/" : { "auth" : "MY_TOKEN" , "email" : "lawyard@test.com" } }} So, I suppose we dont need to do that - create auths config for alpine image.
            Hide
            carltongbrown Carlton Brown added a comment -

            Just stopping by to confirm, this bug has the indirect effect of corrupting the auths in config.json.

            Show
            carltongbrown Carlton Brown added a comment - Just stopping by to confirm, this bug has the indirect effect of corrupting the auths in config.json.
            Hide
            johnwu John Wu added a comment -

            Has anyone found a solution / workaround for this problem? Please share it out. Thanks.

            Show
            johnwu John Wu added a comment - Has anyone found a solution / workaround for this problem? Please share it out. Thanks.

              People

              • Assignee:
                jonhermansen Jon Hermansen
                Reporter:
                miyajan Miyata Jumpei
              • Votes:
                10 Vote for this issue
                Watchers:
                15 Start watching this issue

                Dates

                • Created:
                  Updated: