Vagrant with docker provisioner not able to get image from private docker repository
404 views
Skip to first unread message
Zeba Ahmad
Feb 25, 2015, 5:33:44 AM2/25/15
to vagra...@googlegroups.com
Hi,
I am trying to use latest vagrant with docker provisioner, on my windows box.
My vagrantfile looks like:
Vagrant.configure(2) do |config|
config.vm.box = "precise64"config.vm.host_name="localhost"config.vm.provision "docker" do |d|d.pull_images "10.64.249.84:5000/library/batchcontainer:latest", args: "--insecure-registry 10.64.249.84:5000"d.run "library/batchcontainer"
end
end
I need to load the docker image from my private docker registry. The corresponding docker command would be
docker pull myuser:myuser@10.64.249.84:5000/library/batchcontainer:latest
However, when I try to do "vagrant up" with the above vagrantfile, I get the below error:
==> default: Running provisioner: docker...
default: Installing Docker (latest) onto machine...default: Configuring Docker to autostart containers...==> default: Pulling Docker images...==> default: -- Image: 10.64.249.84:5000/library/batchcontainer:latest==> default: stdin: is not a tty==> default: time="2015-02-25T09:28:33Z" level="fatal" msg="Error: v1 ping attempt failed with error: Get https://10.64.249.84:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 10.64.249.84:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/10.64.249.84:5000/ca.crt"The following SSH command responded with a non-zero exit status.Vagrant assumes that this means the command failed!
I tried adding the below parameter to the d.run in my vagrantfile, but it doesn't seem to help. As far as I see, the issue is reported during "docker pull" itself, not when "docker run" is issued.
args: "--insecure-registry 10.64.249.84:5000"
Please help.
Thanks & regards
Zeba
cjam...@pivotal.io
Apr 30, 2015, 1:29:39 PM4/30/15
to vagra...@googlegroups.com
We are struggling with a similar thing but think that the insecure-registry flag needs to be part of the docker daemon provisioning.
Anyone else have more success?
dragon788
May 1, 2015, 12:23:58 PM5/1/15
to vagra...@googlegroups.com
Are you not allowing anonymous pull access to your registry? If you have anything in your .dockercfg file make sure it matches the credentials you are providing. The suggestion to place the registry's certificates into the certificates directory is probably the easiest way to fix this. If you have an internal CA you can make thing even easier by installing the organization's cert to the system trusted CA level. For Windows you should be able to navigate to your registry webpage, accept the insecure self signed certificate, then export it from the browser store and save it somewhere, then open it which should prompt to put it into the system store. Once you've installed it to the system store and possibly rebooted, you shouldn't get the warning anymore.
Reply all
Reply to author
Forward
0 new messages