• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Docker cannot find image
#11
Here is the network layout...

   

and here the part of the syslog, while trying to pull...



.txt   nb-syslog.txt (Size: 2.21 KB / Downloads: 3)

crawling the DockerD line in the syslog pushed this issue

https://computingforgeeks.com/solve-dock...authority/

maybe, the CA-certs in the firmware-image are old?
  Reply
#12
This one is not ok

<30>1 2020-05-13T11:57:29+02:00 NTB827EB4241C8 dockerd 1929 - - time="2020-05-13T11:57:29.959897611+02:00" level=warning msg="Error getting v2 registry: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"

I need to verify this problem.
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply
#13
Hello Armin,

i got it!!!

   

And here is, how it works:

As you have already seen, there is a conflict with the certificate a
[ https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"]
The certificate has been exchanged on 30.04.2020!!!

Now I open https://registry-1.docker.io/v2/ in my browser, export the docker.io and the root certificate into seperate .DER files, and convert them into .PEMs

This can be installed into the box under [Control Panel] - [Security] - [Public Key Infrastructure], by uploading them in the [Trusted Certification Authorities] folder.

After installing, I became a error, that my login for Docker.io was refused. To pull from docker, no authorisation is required, so I made the switch "OFF" again.
And - here we go!
  Reply
#14
Ups ... and why does it work now? I don't understand.

In the background I have set up a brand new NIOT-TPI51-EN-RE with latest firmware V1.2.0.0 and it worked right away to pull the container hilschernetpi/netpi-raspbian

So what have you changed and why does it work here in the office with my device?
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply
#15
Hello Armin,
if you have the image on your box, docker will not try to pull it by itself.
So it takes the file out of the cache. Then you can not reproduce the failure.
In my opinion, the key are the new certificates.

Now the netPI is up and running. 
   

Now I can get back in my main task...
https://forum.hilscher.com/Thread-using-...P151-EN-RE

See you there...

Stay healthy, stay tuned,

Carsten
  Reply
#16
Hello Carsten,

we are still not able to see the CA certificate error with V1.2.0.0 software here. Are you sure you have used V1.2.0.0 software?

You see the device's software version on its web landing page in the right lower corner before you login.

Thx
Armin
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply
#17
Hello Armin,

at the end, it turns out as a very special firewall issue.
To make https working in our network, all devices have to trust the private certificate of the firewall. But this cert is private.
When I asked the guys, why the netPI cannot pull the containter, they make an exception for the website in the firewall, assuming the netPi could trust the firewalls own certificate by itsalf. but this was a mistake.
I got the same problem the starting to pull modules for the node.js . The certificate of GITHUB and NODEJS should be untrusted? Never, ever!

So, what's the conclusion:
If you have an enviroment with a firewall and encounter always problems with untrusted , obsolte or private certificates: suffocate the IT-guys until they give you a PEM-file with the self-signed certificat of the firewall. And after this, spent them a coffee and install this file in the security tab of the netPi and any container on this device.

Glad to read you again and kind regards,

Carsten
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  https certificate issues in new nodered docker image Dipro 1 2,372 May-4th-2022, 05:46 AM
Last Post: Armin@netPI
  netPI opc ua server pull image error wswitula 3 4,008 August-27th-2021, 10:47 AM
Last Post: wswitula
  Docker exposed port don't send data on eth0 COswald 3 4,078 July-15th-2021, 02:10 PM
Last Post: Armin@netPI
  Docker not enabled tad 10 6,727 July-14th-2021, 08:54 AM
Last Post: Armin@netPI
  Docker amd64 instead of arm biancode 3 3,952 January-17th-2021, 09:40 PM
Last Post: Armin@netPI
  docker.service start failed EUROKEY 13 11,907 January-17th-2021, 07:52 PM
Last Post: Armin@netPI
  PHP-Apache Image hsammer 3 3,534 March-12th-2020, 05:23 PM
Last Post: hsammer
  After „Rebuild“ of Docker neither the node-RED nor the dashboard can be accessed MAK 4 5,389 January-31st-2020, 02:14 PM
Last Post: MAK
  [SOLVED] Docker GUI login issue MGharat 1 3,378 September-19th-2019, 11:50 AM
Last Post: Armin@netPI
Information netPI Docker REST API patrick 1 4,068 July-16th-2019, 02:45 PM
Last Post: patrick

Forum Jump:


Users browsing this thread: 1 Guest(s)