`registry-mirrors` not affecting `docker-compose`
Closed this issue · 4 comments
Issue Description
For unfortunate reasons, DockerHub is currently unable to connect directly in Chinese Mainland. So I set up a registry mirror and configure podman to use the mirror.
My /etc/containers/registries.conf file is similar with this:
(private mirror url replaced with public alternative)
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "docker.io"
[[registry.mirror]]
location = "dockerproxy.cn"After this, podman pull can properly connect to the registry mirror and fetch images. But podman compose pull, which launches docker-compose, does not work. Error message:
$ podman compose pull --dry-run
[+] Pulling 2/2
✘ DRY-RUN MODE - docker-gen - Pull error for image: nginxproxy/docker-gen 0.2s
✘ DRY-RUN MODE - nginx - Pull error for image: nginx:alpine 0.2s
failed to do request: Head "https://registry-1.docker.io/v2/library/nginx/manifests/alpine": read tcp [[__src_ip_removed__]]->[2600:1f18:2148:bc01:20a3:9c3e:d4a7:9fb]:443: read: connection reset by peer
Error: executing /usr/local/bin/docker-compose pull --dry-run: exit status 18
It seems that docker-compose never know about the registry mirror set in /etc/containers/registries.conf and (tell podman to or itself?) connect to DockerHub directly.
Steps to reproduce the issue
Steps to reproduce the issue
- Install latest
podman,podman-docker. - Configure registry mirror for podman. Add
to
unqualified-search-registries = ["docker.io"] [[registry]] prefix = "docker.io" location = "docker.io" [[registry.mirror]] location = "dockerproxy.cn"
/etc/containers/registries.conf. - Run
podman --log-level=debug pull nginx:alpineto check podman can pull image from the mirror. - Create a simple compose file, maybe:
as
services: nginx: image: nginx:alpine restart: unless-stopped
docker-compose.yml. - Run
podman compose pull, which could not work and reproduces the issue.
Describe the results you received
Describe the results you received
podman compose pull (docker-compose) does not use podman registry mirrors.
Describe the results you expected
Describe the results you expected
podman compose pull (docker-compose) should use registry mirrors, alike podman pull does.
podman info output
host:
arch: amd64
buildahVersion: 1.35.4
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
cgroupManager: cgroupfs
cgroupVersion: v2
conmon:
package: conmon-2.1.12-r0
path: /usr/bin/conmon
version: 'conmon version 2.1.12, commit: unknown'
cpuUtilization:
idlePercent: 97.67
systemPercent: 0.21
userPercent: 2.12
cpus: 6
databaseBackend: sqlite
distribution:
distribution: alpine
version: 3.20.3
eventLogger: file
freeLocks: 2005
hostname: volta
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 6.6.34-1-lts
linkmode: dynamic
logDriver: k8s-file
memFree: 61229166592
memTotal: 84114042880
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.10.0-r0
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.10.0
package: netavark-1.10.3-r0
path: /usr/libexec/podman/netavark
version: netavark 1.10.3
ociRuntime:
name: crun
package: crun-1.15-r0
path: /usr/bin/crun
version: |-
crun version 1.15
commit: e6eacaf4034e84185fd8780ac9262bbf57082278
rundir: /tmp/storage-run-1000/crun
spec: 1.0.0
+SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-2024.06.07-r0
version: |
pasta unknown version
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: /tmp/storage-run-1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /etc/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.3-r0
version: |-
slirp4netns version 1.2.3
commit: c22fde291bb35b354e6ca44d13be181c76a0a432
libslirp: 4.8.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.5
swapFree: 4294963200
swapTotal: 4294963200
uptime: 1722h 37m 39.00s (Approximately 71.75 days)
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
docker.io:
Blocked: false
Insecure: false
Location: docker.io
MirrorByDigestOnly: false
Mirrors:
- Insecure: false
Location: docker.****(private mirror in intranet removed, `dockerproxy.cn` should work as well)
PullFromMirror: ""
Prefix: docker.io
PullFromMirror: ""
search:
- docker.io
store:
configFile: /home/sthu/.config/containers/storage.conf
containerStore:
number: 9
paused: 0
running: 9
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/sthu/.local/share/containers/storage
graphRootAllocated: 31870896955392
graphRootUsed: 78382493696
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Supports shifting: "false"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 26
runRoot: /tmp/containers-user-1000/containers
transientStore: false
volumePath: /home/sthu/.local/share/containers/storage/volumes
version:
APIVersion: 5.0.3
Built: 1720373660
BuiltTime: Mon Jul 8 01:34:20 2024
GitCommit: ""
GoVersion: go1.22.5
Os: linux
OsArch: linux/amd64
Version: 5.0.3Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
No
Additional environment details
docker-compose --version: Docker Compose version v2.24.6
What I have installed on my Alpine Linux via apk:
podman-5.0.3-r2 x86_64 {podman} (Apache-2.0) [installed]
podman-docker-5.0.3-r2 x86_64 {podman} (Apache-2.0) [installed]
podman-openrc-5.0.3-r2 x86_64 {podman} (Apache-2.0) [installed]
podman-zsh-completion-5.0.3-r2 x86_64 {podman} (Apache-2.0) [installed]
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
Go with a couple of simple questions first?
- You did remember to restart the podman service to pick up the changes in the registries.conf file.
- Does
podman pull alpinework? - Does
podman --remote pull nginxwork?
Go with a couple of simple questions first?
- You did remember to restart the podman service to pick up the changes in the registries.conf file.
Yes, I have run sudo service podman restart.
- Does
podman pull alpinework?
Yes.
- Does
podman --remote pull nginxwork?
No, running this as unprivileged user will use the origin registry (registry-1.docker.io) and fail.
By the way, I just tried running this as root, it works.
Does docker-compose pull work in the same way as podman --remote pull? If so, how can I configure mirror for unprivileged --remote pull?
Yes podman --remote pull and docker-compose both use the podman socket.
Rootless mode is not using the rootful podman socket.
$ systemctl --user restart podman.service
To restart it.
Yes podman --remote pull and docker-compose both use the podman socket.
Rootless mode is not using the rootful podman socket. $ systemctl --user restart podman.service
To restart it.
I'm using Alpine Linux, so there's no systemd.
I found podman.<user> service in /etc/init.d. After restarting it, everything works fine! 🥰
Thanks for your kindly help!