-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker pull should have a --verbose option to see all of the network calls #336
Comments
Wouldn't tcpdump, wireshark, etc be a lot more reliable and the standard way of identifying these requests? |
I don't think this should be a command-line option; the client doesn't pull the image, it's the daemon doing so. So if configuration changes are needed, those likely need to be made on the daemon host. For the daemon host, there is already an option to obtain this information; enable Here's what's shown if both docker pull some-domain.example.com/foobar:latest
Does that solve your use case? |
If this option will show all of the hosts that are communicated with in the course of resolving and retrieving an image, then yes it will. Alternately, if there is admin documentation somewhere that lists all domains that would need to be whitelisted for docker to work effectively behind a restrictive firewall, that would also work. |
I'm not sure such a list exists; the layers themselves may be distributed through different hosts, based on the location that the pull originates from. However, the best source of information (for Docker Hub) would be [email protected] - I don't have that information available 😅 |
+1 |
+1 |
I find this is a very useful feature if implemented. I faced some issues where I could login to docker registry, but the image pull fails, although I could pull the image from other nodes. The error message says |
I'm not seeing this behavior. With debug logging on I'm only seeing generic "pulling" messages but not the actual API calls. I'm troubleshooting registry behavior that doesn't match the documentation so I do need to see the exact API calls. Documentation on how to enable debug at this level gets a bit hard to follow, is there a log level higher than "debug"? |
with the reduced rate limit, this is even more annoying: We now have mandatory local proxy registries and having no simple way to verify this is bad. |
Hi guys, I would need also a bit more detailed output. My output of pull:
Is there any way how can I get more detailed output? My
|
Look in the logs for the daemon, they may contain more details about the failure. "unknown blob" sounds like a possible issue with the image in the registry though |
sorry for late response. Yes, there was probably a bug in our artifactory, our IT has applied some workaround and it has started working. |
An improper workaround is to write a yaml and |
@thaJeztah That doesn't show the entirety of the request's content. I want to diagnose a container registry and behavior of the CLI, I have yet to find a way to view request or response data for pulling an image. |
+1 |
We have an issue where we're getting EOF errors and have been unable to recreate the issue anywhere but our Jenkins worker nodes when running pipelines. It's a intermittent issue, so we would love to be able to have extra debugging enabled until we figure it out. It's a weird one, from what we can tell, nothing changed in the environment, and is unable to be replicated anywhere reliably. |
hangs |
I'am also wanna a |
Many organizations are now applying more aggressive outbound blocking of network requests, every to the point of blocking all outbound traffic unless specifically whitelisted. It would be good if there were a command line flag available on
docker pull
such that you can force it to print out the host/ip and port of any outbound requests. This would make it easier to work with security teams to get all of the necessary destinations correctly whitelisted.The text was updated successfully, but these errors were encountered: