6 Replies Latest reply on Feb 20, 2020 8:24 AM by Raul Calderon de la Barca

    TrueSight Vulnerability Management 3.1 Import Images

    Raul Calderon de la Barca
      Share This:

      Hello,

       

      OS --> CentOs

      I'm trying to create the local Docker registry and I have this error:

       

      [root@vs-lce-269 docker]# docker run -d \

      >   -p 5000:5000 \

      >   --restart=always \

      >   --name registry \

      >   -v /opt/tsvm/dockerrepo:/var/lib/registry \

      >   registry:2

      Unable to find image 'registry:2' locally

      docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).

      See 'docker run --help'

       

      Could you help me please?

       

      Thanks.

        • 1. Re: TrueSight Vulnerability Management 3.1 Import Images
          Kunal Panigrahi

          Hi Raul,

           

          Looks like you have internet connectivity issues from your host where it is unable to connect to docker registry.

          Is this an air gapped server?

          Is there a proxy setup needed?

           

          Can you check the the Docker Documentation on Proxy setup?

          Hope this helps.

           

          Please keep us posted.

           

           

          ~Kunal

          • 2. Re: TrueSight Vulnerability Management 3.1 Import Images
            Raul Calderon de la Barca

            Hi Kunal,

             

            I have proxy settings in the docker configuration:

             

            [root@vs-lce-269 .docker]# docker info

            Containers: 0

            Running: 0

            Paused: 0

            Stopped: 0

            Images: 0

            Server Version: 18.09.7

            Storage Driver: overlay2

            Backing Filesystem: xfs

            Supports d_type: true

            Native Overlay Diff: true

            Logging Driver: json-file

            Cgroup Driver: cgroupfs

            Plugins:

            Volume: local

            Network: bridge host macvlan null overlay

            Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog

            Swarm: inactive

            Runtimes: runc

            Default Runtime: runc

            Init Binary: docker-init

            containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339

            runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657

            init version: fec3683

            Security Options:

            seccomp

              Profile: default

            Kernel Version: 3.10.0-1062.12.1.el7.x86_64

            Operating System: CentOS Linux 7 (Core)

            OSType: linux

            Architecture: x86_64

            CPUs: 4

            Total Memory: 15.49GiB

            Name: vs-lce-269

            ID: FNSG:BCQD:MIEC:7TY2:KV3R:BVDN:VTZB:R2OK:PD43:QNCS:JKRI:KC6U

            Docker Root Dir: /var/lib/docker

            Debug Mode (client): false

            Debug Mode (server): false

            HTTP Proxy: http://192.168.1.30:8080

            HTTPS Proxy: http//192.168.1.30:8080

            No Proxy: localhost,127.0.0.1

            Registry: https://index.docker.io/v1/

            Labels:

            Experimental: false

            Insecure Registries:

            127.0.0.0/8

            Live Restore Enabled: false

            Product License: Community Engine

             

             

            WARNING: bridge-nf-call-iptables is disabled

            WARNING: bridge-nf-call-ip6tables is disabled

             

            If a try to execute a docker run I have:

            Unable to find image 'hello-world:latest' locally

            docker: Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: dial tcp: lookup http on 192.168.1.136:53: no such host.

            See 'docker run --help'.

             

            If a do a curl I get UNAUTHORIZED message:

             

            [root@vs-lce-269 .docker]# curl -vv https://registry-1.docker.io/v2/

            * About to connect() to proxy 192.168.1.30 port 8080 (#0)

            *   Trying 192.168.1.30...

            * Connected to 192.168.1.30 (192.168.1.30) port 8080 (#0)

            * Establish HTTP proxy tunnel to registry-1.docker.io:443

            > CONNECT registry-1.docker.io:443 HTTP/1.1

            > Host: registry-1.docker.io:443

            > User-Agent: curl/7.29.0

            > Proxy-Connection: Keep-Alive

            >

            < HTTP/1.1 200 Connection established

            <

            * Proxy replied OK to CONNECT request

            * Initializing NSS with certpath: sql:/etc/pki/nssdb

            *   CAfile: /etc/pki/tls/certs/ca-bundle.crt

              CApath: none

            * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

            * Server certificate:

            *       subject: CN=*.docker.io

            *       start date: jun 07 00:00:00 2019 GMT

            *       expire date: jul 07 12:00:00 2020 GMT

            *       common name: *.docker.io

            *       issuer: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US

            > GET /v2/ HTTP/1.1

            > User-Agent: curl/7.29.0

            > Host: registry-1.docker.io

            > Accept: */*

            >

            < HTTP/1.1 401 Unauthorized

            < Content-Type: application/json

            < Docker-Distribution-Api-Version: registry/2.0

            < Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"

            < Date: Wed, 19 Feb 2020 16:37:28 GMT

            < Content-Length: 87

            < Strict-Transport-Security: max-age=31536000

            <

            {"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}

            * Connection #0 to host 192.168.1.30 left intact

             

            I don't know how to solve this problem.

             

            Thank you very much.

            • 3. Re: TrueSight Vulnerability Management 3.1 Import Images
              Kunal Panigrahi

              After you set the proxy settings in docker config - did you restart docker?

               

              This also points to a direction if your DNS server is setup properly or not. Can you check that?

               

              Also share the OS details of the host.

               

              I would request you to open a support ticket in case this is not resolved with the above steps, so that we can have a webex/screenshare to investigate further.

               

              ~Kunal

              • 4. Re: TrueSight Vulnerability Management 3.1 Import Images
                Kunal Panigrahi

                By the way the output of curl command is fine.

                Docker docker.io needs credentials but registry, hello world and a lot of containers can be downloaded without credentials.

                • 5. Re: TrueSight Vulnerability Management 3.1 Import Images
                  Raul Calderon de la Barca

                  Hello Kunal,

                   

                  The OS is

                  [root@vs-lce-269 entelgy]# more /etc/redhat-release

                  CentOS Linux release 7.7.1908 (Core)

                   

                  Yes I restarted docker when I did the config changes.

                   

                  DNS entries are correct  (set by customer)

                   

                  [root@vs-lce-269 entelgy]# more /etc/resolv.conf

                  search ral.es

                  nameserver 192.168.1.136

                  nameserver 194.224.248.26

                   

                  I don't know why it doesn't work. I have read a lot about the problem but all answers talk about proxy and DNS problems.

                   

                  Thank you very much for your help.

                   

                  BR.

                   

                  Raúl

                  • 6. Re: TrueSight Vulnerability Management 3.1 Import Images
                    Raul Calderon de la Barca

                    Hi,

                     

                    I have opened a case with support and we have created the registry like an air-gapped enviroment and now it is working.

                     

                    I have installed the database and the elasticsearch.

                     

                    [root@vs-lce-269 truesight-sm]# curl http://localhost:5000/v2/_catalog

                    {"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

                     

                    [root@vs-lce-269 truesight-sm]# python truesight-sm.py status --deployment database

                    /usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.25.8) or chardet (2.2.1) doesn't match a supported version!

                      RequestsDependencyWarning)

                    [INFO] **************************************************

                    [INFO] TrueSight Stack Manager V3.1.00.1565

                    [INFO] **************************************************

                    [INFO] Initialization completed.

                    [INFO] Execution started

                    [INFO] Getting status of components for deployment 'database': all

                    [INFO] Install All products from the inventory file

                    [INFO] Getting status of component 'postgres'

                    [INFO] Status:

                    Component  Version    Status

                    ---------  -------    ------

                    postgres   10.3.2.29  pg_ctl: server is running (PID: 2439)

                     

                     

                     

                     

                    [INFO] --------------------------------------------------

                    [INFO] Execution completed in 30.57 ms

                    [INFO] --------------------------------------------------

                    [root@vs-lce-269 truesight-sm]#

                     

                    [root@vs-lce-269 truesight-sm]# python truesight-sm.py status --deployment elasticsearch

                    /usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.25.8) or chardet (2.2.1) doesn't match a supported version!

                      RequestsDependencyWarning)

                    [INFO] **************************************************

                    [INFO] TrueSight Stack Manager V3.1.00.1565

                    [INFO] **************************************************

                    [INFO] Initialization completed.

                    [INFO] Execution started

                    [INFO] Getting status of components for deployment 'elasticsearch': all

                    [INFO] Install All products from the inventory file

                    [INFO] Status:

                    Component  Version    Status

                    ---------  -------    ------

                    es         6.8.0.103  DCA Index Service Daemon is running.

                     

                     

                     

                     

                    [INFO] --------------------------------------------------

                    [INFO] Execution completed in 35.22 ms

                    [INFO] --------------------------------------------------

                     

                    Thank you very much.

                     

                    BR.

                     

                    Raúl

                    1 of 1 people found this helpful