Unable to pull images from docker.io registry even after successful login (`dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: read udp 10.0.2.100:47063->10.0.2.3:53: i/o timeout`)
I am trying to run nerdctl inside WSL 2 (Ubuntu 20.04). Everything is setup and running (following this guide: https://medium.com/geekculture/move-away-from-docker-now-and-utilize-wsl2-systemd-genie-containerd-with-nerdctl-d5f729dcf227). But I ran into problems when trying to pull any images.
nerdctl run -d httpd
docker.io/library/httpd:latest: resolving |--------------------------------------|
elapsed: 9.9 s total: 0.0 B (0.0 B/s)
INFO[0010] trying next host
error="failed to do request: Head \"https://registry-1.docker.io/v2/library/httpd/manifests/latest\":
dial tcp: lookup registry-1.docker.io on 10.0.2.3:53:
read udp 10.0.2.100:47063->10.0.2.3:53: i/o timeout" host=registry-1.docker.io
FATA[0010] failed to resolve reference "docker.io/library/httpd:latest": failed to do request:
Head "https://registry-1.docker.io/v2/library/httpd/manifests/latest":
dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: read
udp 10.0.2.100:47063->10.0.2.3:53: i/o timeout
I have performed successful login using nerdctl login --username <myuser> --password <mypwd> docker.io
How can I fix this?
nerdctl:
nerdctl version Client: Version: v0.15.0 Git commit: b72b5ca14550b2e23a42787664b6182524c5053f
Server: containerd: Version: v1.5.8 GitCommit: 1e5ef943eb76627a6d3b6de8cd1ef6537f393a71
Containerd:
containerd --version containerd github.com/containerd/containerd v1.5.8 1e5ef943eb76627a6d3b6de8cd1ef6537f393a71
OS:
Edition Windows 11 Pro Version 21H2 OS build 22000.376 Experience Windows Feature Experience Pack 1000.22000.376.0
WSL 2 Kernel (Ubuntu 20.04)
uname -r 5.10.60.1-microsoft-standard-WSL2
PS: I tried the following:
nerdctl --debug-full login DEBU[0000] attempting v2 login to registry endpoint https://registry-1.docker.io/v2/ Login Succeeded
and just after that it still fails with same error.
Perhaps a duplicate of https://github.com/containerd/nerdctl/issues/622 , but not sure. (#622 only happens occasionally on CirrusCI)
Workaround: sudo nerdctl
Another potential workaround: enter the rootlesskit namespaces with containerd-rootless-setuptool.sh nsenter bash, and vi /etc/resolv.conf to use an alternative DNS such as 8.8.8.8
Thanks for tagging and replying @AkihiroSuda. It is not a connectivity issue.
slirp4netns process might have been killed accidentally, or you might have too old (< 0.4.0) slirp4netns in the $PATH?
I was having this same issue (although without attempting to log in), and changing the DNS resolver fixed it. Happy to help troubleshoot in any way I can.
nerdctl version 0.16.1
containerd github.com/containerd/containerd v1.5.9 1407cab509ff0d96baa4f0eb6ff9980270e6e620
uname -r: 5.10.16.3-microsoft-standard-WSL2
well, it was not dns, I would not be able to login if DNS is not working.
I'm having the same problem with (co)lima but only with >2 cpus: https://github.com/abiosoft/colima/issues/137
I was having the same problem and I solved it by restarting the daemon of docker
I'm new to Docker, and I had the same TCP I/O error (not using nerdctl though). It turns out virtualization was off in the BIOS and Docker Desktop would stay stuck at starting. The TCP error was a red herring of the underlying virtualization crashing. Leaving that here if someone ever run into this use case.
Check if UDP port for 10.0.2.3:53 is blocked by firewall (likely) set in your setup. If yes, it will work after unblocking and remove/recreate the pod
I was having the same problem and I solved it by restarting the daemon of docker
On debian based OS to restart docker you can run: sudo systemctl restart docker