Buildah: Cannot pull parent image from insecure registry

Created on 19 Oct 2017  路  9Comments  路  Source: containers/buildah

$ sudo /usr/local/bin/buildah build-using-dockerfile .
STEP 1: FROM my-insecure-registry.example.com:8888/rhel7:7-released
error building: error creating build container: error pulling image "my-insecure-registry.example.com:8888/rhel7:7-released": Error initializing image from source docker://my-insecure-registry.example.com:8888/rhel7:7-released: pinging docker registry returned: Get https://my-insecure-registry.example.com:8888/v2/: http: server gave HTTP response to HTTPS client

Pulling of the image via docker daemon is fine:

$ sudo docker pull my-insecure-registry.example.com:8888/rhel7:7-released
Trying to pull repository my-insecure-registry.example.com:8888/rhel7 ... 
sha256:87046178b950978a423047d58c11f822f8b0b3c30adf9441d42c779701a8a09f: Pulling from my-insecure-registry.example.com:8888/rhel7
26e5ed6899db: Already exists 
66dbe984a319: Already exists 
Digest: sha256:87046178b950978a423047d58c11f822f8b0b3c30adf9441d42c779701a8a09f
Status: Image is up to date for my-insecure-registry.example.com:8888/rhel7:7-released

Note: Output has been modified to rename internal server name to my-insecure-registry.example.com:8888.

All 9 comments

As a test/workaround. Can you try:

buildah from --tls-verify=false my-insecure-registry.example.com:8888/rhel7:7-released

Then try the builldah bud again. Hopefully it will pick up the image that you downloaded in the from. If that works, then we probably have a tls-verification change that we need to do for the build-using-dockerfile command.

@lcarva Sorry! Forgot to include your name in the last one, and more importantly forgot to thank you for the report.

That fixes it!

$ sudo /usr/local/bin/buildah from --tls-verify=false my-insecure-registry.example.com:8888/rhel7:7-released
Getting image source signatures
Copying blob sha256:26e5ed6899dbf4b1e93e0898255e8aaf43465cecd3a24910f26edb5d43dafa3c
 71.40 MiB / 71.40 MiB [====================================================] 9s
Copying blob sha256:66dbe984a319ca6d40dc10c2c561821128a0bd8967e0cbd8cc2a302736041ffb
 1.21 KiB / 1.21 KiB [======================================================] 0s
Copying config sha256:549b1c5d7a448e697f6689001f70ee504aa6ef853c658782810117fe8a67c310
 6.22 KiB / 6.22 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
rhel7-working-container

Which causes the buildah build-using-dockerfile command to work just fine.

Any chance the --tls-verify=false parameter can be added to build-using-dockerfile? It would be a nice to have.

@lcarva Thanks for the test and confirmation. Glad to hear that worked. I'll look into adding the tls-verify flag to the buildah bud command. Will send you a pointer to the PR once put together, hopefully early next week.

Yes @TomSweeneyRedHat Open A PR it should definitely have it.

PR created: #297

I'm closing ticket as #297 fixes this problem.

Mention of --tls-verify=false should be probably added to: https://github.com/projectatomic/buildah/blob/master/troubleshooting.md.

Oh, that's an excellent thought. Will do and TYVM @goldmann!

Was this page helpful?
0 / 5 - 0 ratings