SKOPEO_UNKNOWN_ERROR

[remidinishanth-ntnx]

Is this a request for help?:

➜ aevolume anchore-cli image add docker.io/library/debian:latest Error: cannot fetch image digest/manifest from registry HTTP Code: 400 Detail: {u'error_codes': [u'SKOPEO_UNKNOWN_ERROR'], u'raw_exception_message': u'Error encountered in skopeo operation. cmd=/bin/sh -c skopeo inspect --raw --tls-verify=false docker://docker.io/library/debian:latest, rc=1, stdout=None, stderr=b\'time="2020-02-06T13:49:37Z" level=fatal msg="pinging docker registry returned: Get http://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 127.0.0.11:53: read udp 127.0.0.1:34663->127.0.0.11:53: i/o timeout" \n\', error_code=SKOPEO_UNKNOWN_ERROR'}

I am able to pull images from docker.io

Is this a BUG REPORT or a FEATURE REQUEST? (choose one):

Version of Anchore Engine and Anchore CLI if applicable:

What happened:

What did you expect to happen:

Any relevant log output from /var/log/anchore:

What docker images are you using:

How to reproduce the issue:

Anything else we need to know:

[remidinishanth-ntnx]

Maybe some ports were used by other applications, I restarted the machine and everything worked. Is the error because of the port being used by some other service?

[zhill]

@remidinishanth This is an error indicating that the anchore service cannot connect to Docker Hub. Since it looks like a read timeout on port 53, I'm guessing there is a DNS issue that prevented the container from being able to lookup the DNS name. That may have been an issue with docker's internal networking that was resolved when you restarted the system. Are you still seeing issues?

[navinprasadk]

@zhill I'm also getting the same error. I've restarted the docker service in the VM. Do I need to restart the VM too?

[zhill]

@zhill I'm also getting the same error. I've restarted the docker service in the VM. Do I need to restart the VM too?

Hi @navinprasadk it's really hard to say. These issues are very specific to your environment and may be impacted by proxies, firewalls, or local host networking configurations. I recommend debugging it using a simple container like alpine or debian and just trying to curl/ping Docker Hub or some other site from within the container.

[frittentheke]

@zhill to be fair, the verbosity or rather the distinction between different errors is not really good with Skopeo. I ran into credentials being revoked once and received just the same error not helping the end-user at all.

Maybe it's possible to get Skopeo (awsome tool BTW) to handle and report proper errors for more of the usual cases up the stack of communication ....

• no route to host
• dns resolution error
• timeout
• ssl handshake errors
• all HTTP errors incl. authentication in full (not just HTTP code)

[zhill]

@frittentheke yes, the output from skopeo isn't great but engine can do a bit better at trying to distinguish the class of error even if not 100% accurate.