I have a problem downloading container images from a private docker registry. The registry need no authentication credentials and is only available over the internal network.
I have configured the registries in /etc/docker/daemon.json like the example
below. I have replaced the FQDN.
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://customer-registry.example.com",
"https://location-a.dev.example.com:17519",
"https://location-b.dev.example.com:17519"
]
}
When I use the short reference format to download the container image apvxw/build-env-go:4.2.1 I get the following error:
$ docker pull apvxw/build-env-go:4.2.1
Unable to find image 'apvxw/build-env-go:4.2.1' locally
/usr/bin/docker: Error response from daemon: pull access denied for
orbis-u/build-env-go, repository does not exist or may require 'docker login':
denied: requested access to the resource is denied.
When I use the long reference format docker can pull the image
$ docker pull customer-registry.example.com/apvxw/build-env-go:4.2.1
4.2.1: Pulling from apvxw/build-env-go:4.2.1
ac9208207ada: Already exists
5cf798ece9e5: Already exists
510bf5361e28: Already exists
b2f42d2b54d9: Pull complete
4b8be0bf5345: Pull complete
311322fb5cb6: Pull complete
Digest: sha256:f522ce0974ee41dfc7f16fc44682fee77e57bc056e37b27a4bf4885af3f5c375
Status: Downloaded newer image for customer-registry.example.com/apvxw/build-env-go:4.2.1
customer-registry.example.com/apvxw/build-env-go:4.2.1
The same behavior applies to the other configured docker registries.
I have also tested downloading container images via the registries with podman. There the download via the short reference works fine.
Does anyone have an idea what the problem is because I can't download container images under Arch using the short notation?
System and docker informations:
$ uname -a
Linux markus-pc 5.5.9-arch1-2 #1 SMP PREEMPT Thu, 12 Mar 2020 23:01:33 +0000 x86_64 GNU/Lin
$
$ docker info
Client:
Debug Mode: false
Server:
Containers: 10
Running: 0
Paused: 0
Stopped: 10
Images: 71
Server Version: 19.03.7-ce
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d76c121f76a5fc8a462dc64594aea72fe18e1178.m
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 5.5.9-arch1-2
Operating System: Arch Linux
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.54GiB
Name: markus-pc
ID: DKFK:PHVZ:LDGJ:54OG:5VJ5:5XYK:YDZR:DJFR:HZ7B:4HDT:LBEK:7JQ4
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: volkerraschek
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://customer-registry.example.com/
https://location-a.dev.example.com:17519/
https://location-b.dev.example.com:17519/
Live Restore Enabled: false
The default registry is configured to search images on docker hub which is docker.io. When you pull any image without domain name it will try to pull from docker.io, not from any other registry.
If you want to pull an image from a private registry, then you need to use long reference which is
docker pull <YOUR-DOMAIN>/apvxw/build-env-go:4.2.1
You can configure multiple registries and podman searches in all registries whichever configured in the config file.
Location of podman configuration file is /etc/containers/registries.conf. and you can add the following lines in that which you might have already done.
[registries.search]
registries = ['docker.io', 'customer-registry.example.com', 'location-a.dev.example.com:17519', 'location-b.dev.example.com:17519']