Hello dear Stackoverflow community.
Some context: I am very new to docker. I do not have an ipv6 address, and there is no way for me to get it, due to the infrastructure of the network I am in.
I am trying to use my raspberry pi to pull the arm32v7/postgres image from DockerHub. For whatever reason, it keeps trying to pull the images via ipv6, and failing, because it's impossible. I am unable to make it not do that.
I have tried disabling ipv6 device-wide, via making a config file in sysctl.d, I have checked e.g. /proc/sys/net/ipv6/conf/all/disable_ipv6 and it returns a 1.
I have also tried disabling ipv6 according to the official documentation, in /etc/docker/daemon.json
My daemon.json looks as follows:
{
"insecure-registries" : ["192.168.0.105:5000"],
"ipv6": false
}
I have an insecure registry under the IP address, and my workaround was honestly to just pull the image on my main desktop PC and then make it available over the local registry. The thing is that this sometimes works, and other times it doesn't. To be exact, I get "no matching manifest for linux/amd64 in the manifest list entries" for the image I mentioned above.
Docker's error message is as follows:
Error response from daemon: Head "https://registry-1.docker.io/v2/32v7/postgres/manifests/latest": Get "https://auth.docker.io/token?scope=repository%3A32v7%2Fpostgres%3Apull&service=registry.docker.io":
dial tcp [2600:1f18:2148:bc01:571f:e759:a87a:2961]:443: connect: cannot assign requested address
It used to be a different "message" (I think "network unreachable") before I disabled ipv6, but the effect is the same.
If there is no error message instantly, docker starts pulling "something" and does this basically:
theriotjoker@theriotraspi:/etc/docker $ sudo docker pull arm32v7/postgres
Using default tag: latest
latest: Pulling from arm32v7/postgres
7a5e2a926145: Downloading
46ff8f84492e: Download complete
861f7dfbbe5c: Download complete
f334c70b4182: Downloading
2bf8ffd822a3: Downloading
289c199d5ade: Retrying in 12 seconds
25a0b65c9204: Retrying in 13 seconds
a1a5789b630c: Retrying in 15 seconds
babf38a2a5b3: Waiting
ea3ff7914bf6: Waiting
344fc25a2523: Waiting
f830d8aab0a2: Waiting
4865aec8b705: Waiting
944313d6fb47: Waiting
After retrying for a while it just says "downloading", meanwhile nothing happens and it then just gets stuck like that, ending with dial tcp [2606:4700::6810:64cf]:443: connect: cannot assign requested address.
I have made sure that my ipv4 connection works on the raspberry pi, and have tried curling docker hub, etc. and this works
I am honestly at a loss as to what to do, this seems like such a sadistic issue. The docker client on my main PC pulls the images via ipv4 just fine. I would actually just use this workaround, if I were able to get an image without getting the manifest error.
So this is likely not an issue related to IPv6 and instead the result of misleading error messages - source:
This error is a red herring. if your system does not have IPv6 connectivity, the system first uses IPv4 to communicate, then IPv6 if IPv4 failed. It then for some reason only prints the last line of the output, hiding the IPv4 error
Add the property
debugand set it to true insidedaemon.json
Unfortunately, even with debug enabled, you may find that the docker logs are not helpful (as was the case for me).
I also encountered this issue and in my specific case my home router was returning malformed DNS responses to name (I think related to eDNS responses). For my particular case, changing my server's DNS servers to point to external DNS resolvers resolved the issues and is probably a good starting point for debugging.
I suspect that the root cause is specifically DNS issues where the A (IPv4) records fail to resolve so the underlying HTTP library attempts to fallback on AAAA (IPV6).
I'm assuming that OP has found some kind of work around or resolution, but leaving this here to help others who have similar issues with docker attempting to use IPv6.