https://bugzilla.redhat.com/show_bug.cgi?id=1084232
Bug ID: 1084232 Summary: Docker fails to pull images from behind a proxy server Product: Fedora Version: 20 Component: docker-io Severity: low Assignee: lsm5@redhat.com Reporter: dbond@nrggos.com.au QA Contact: extras-qa@fedoraproject.org CC: admiller@redhat.com, golang@lists.fedoraproject.org, lsm5@redhat.com, mattdm@redhat.com, mgoldman@redhat.com, skottler@redhat.com, vbatts@redhat.com
Description of problem: Docker-io does not work behind a proxy server The docker daemon does not use the proxy and attempts to access directly
Version-Release number of selected component (if applicable):
How reproducible: Always
Steps to Reproduce: HTTP_PROXY=http://my_proxy:3128/ docker pull busybox
Actual results: Pulling repository busybox 2014/04/04 08:56:42 Get https://index.docker.io/v1/repositories/busybox/images: dial tcp: lookup index.docker.io on [10.x.x.x]:53: no such host
Expected results: Unable to find image 'busybox' locally Pulling repository busybox 769b9341d937: Download complete 511136ea3c5a: Download complete bf747efa0e2f: Download complete 48e5f45168b9: Download complete hello world
Additional info:
Fixed by adding an environment file to docker.service
Add file /etc/sysconfig/docker containing HTTP_PROXY=http://my_proxy:3128
Add EnvironmentFile=-/etc/sysconfig/docker
to docker.service file
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
--- Comment #1 from Vincent Batts vbatts@redhat.com --- you were right to add the HTTP_PROXY to where the docker daemon would use it. The `docker pull` does not actually fetch bits, but rather instructs the daemon to fetch the bits.
I'm not sure it is expected behavior for the docker cli to pass HTTP_PROXY to the daemon for use. This would need to be investigated. If it is the case that the cli neither uses nor passes HTTP_PROXY, then this is working as intended. Perhaps there should be verbage in the man-pages for `docker pull` and `docker run`.
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
--- Comment #2 from Darryl Bond dbond@nrggos.com.au --- Most references to docker and proxies found on google do not explicitly say where the HTTP_PROXY should be set. My suggestion is to add an EnvironmentFile to the systemd service file as part of the package. It is strange that it is missing as most similar daemons have one.
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
--- Comment #3 from Marcello de Sales marcello_desales@intuit.com --- I have the same problem and I still can't find a solution:
[mdesales@pppdc9prd1vq ~]$ HTTP_PROXY=http://proxy02.xyz.net:80 docker pull ubuntu Pulling repository ubuntu 2014/04/11 00:16:45 pull: Get https://index.docker.io/v1/repositories/ubuntu/images: dial tcp 54.224.119.89:443: connection timed out
My environment is set with the given proxy and I can download the same URL with WGET...
[mdesales@pppdc9prd1vq ~]$ wget https://index.docker.io/v1/repositories/ubuntu/images --2014-04-11 00:01:39-- https://index.docker.io/v1/repositories/ubuntu/images Resolving qypprdproxy02.ie.intuit.net... 10.158.64.16 Connecting to qypprdproxy02.ie.intuit.net|10.158.64.16|:80... connected. Proxy request sent, awaiting response... 200 OK Length: unspecified [application/json] Saving to: `images'
[ <=> ] 6,489 --.-K/s in 0.002s
2014-04-11 00:01:39 (2.80 MB/s) - `images' saved [6489]
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
--- Comment #4 from Marcello de Sales marcello_desales@intuit.com --- Got it working!
[mdesales@pppdc9prd1vq ~]$ sudo HTTP_PROXY=http://proxy02.ie.xyz.net:80 ./docker -d & [2] 20880 [mdesales@pppdc9prd1vq ~]$ 2014/04/11 00:45:25 WARNING: You are running linux kernel version 2.6.32-431.1.2.el6.x86_64, which might be unstable running docker. Please upgrade your kernel to 3.8.0. [/var/lib/docker|aa088847] +job serveapi(unix:///var/run/docker.sock) [/var/lib/docker|aa088847] +job initserver() [/var/lib/docker|aa088847.initserver()] Creating server 2014/04/11 00:45:25 Listening for HTTP on unix (/var/run/docker.sock) [/var/lib/docker|aa088847] +job init_networkdriver() [/var/lib/docker|aa088847] -job init_networkdriver() = OK (0) Loading containers: : done. [/var/lib/docker|aa088847.initserver()] Creating pidfile [/var/lib/docker|aa088847.initserver()] Setting up signal traps [/var/lib/docker|aa088847] -job initserver() = OK (0) [/var/lib/docker|aa088847] +job acceptconnections() [/var/lib/docker|aa088847] -job acceptconnections() = OK (0)
mdesales@pppdc9prd1vq ~]$ sudo docker pull base 2014/04/11 00:46:02 POST /v1.10/images/create?fromImage=base&tag= [/var/lib/docker|aa088847] +job pull(base, ) Pulling repository base b750fe79269d: Download complete 27cf78414709: Download complete [/var/lib/docker|aa088847] -job pull(base, ) = OK (0)
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
--- Comment #5 from Daniel Walsh dwalsh@redhat.com --- THis working now? Can I close this bug?
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
--- Comment #6 from Darryl Bond dbond@nrggos.com.au --- It will be still broken unless the environment file is added to the docker package for the daemon startup. Note Marcello (above) is starting the docker daemon manually rather than by systemd.
I fixed it for my install by doing that indicated in the first post. I imagine the docker package maintainer has to fix it for everyone.
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
Lokesh Mandvekar lsm5@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
--- Comment #7 from Lokesh Mandvekar lsm5@redhat.com --- ack, thanks, I'll add the EnvironmentFile variable (pointing to /etc/sysconfig/docker)
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |MODIFIED
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
--- Comment #8 from Fedora Update System updates@fedoraproject.org --- docker-io-0.11.1-7.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/docker-io-0.11.1-7.fc20
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
--- Comment #9 from Fedora Update System updates@fedoraproject.org --- docker-io-0.11.1-7.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/docker-io-0.11.1-7.fc19
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #10 from Fedora Update System updates@fedoraproject.org --- Package docker-io-0.11.1-7.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing docker-io-0.11.1-7.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-6848/docker-io-0.11.1-7.... then log in and leave karma (feedback).
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Fixed In Version| |docker-io-0.11.1-7.fc19 Resolution|--- |ERRATA Last Closed| |2014-06-09 22:50:46
--- Comment #11 from Fedora Update System updates@fedoraproject.org --- docker-io-0.11.1-7.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1084232
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|docker-io-0.11.1-7.fc19 |docker-io-0.11.1-7.fc20
--- Comment #12 from Fedora Update System updates@fedoraproject.org --- docker-io-0.11.1-7.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
golang@lists.fedoraproject.org