Rancher pull from private, insecure registry:2 doesn't work "docker pull" works fine

I’m having a puzzling problem: I have an internal insecure registry:2 that is set up that way in the docker daemon start and in rancher according to:

http://docs.rancher.com/rancher/latest/en/environments/registries/

In fact docker is okay with it. When I issue a docker pull it works great:

docker pull ptl01o9eap01c:5000/docker-node-example:2016-07-08_9b87d40
2016-07-08_9b87d40: Pulling from docker-node-example

5c90d4a2d1a8: Pull complete
ab30c63719b1: Pull complete
c6072700a242: Pull complete
abb742d515b4: Pull complete
22efa86cdb65: Pull complete
7fcedccb573d: Pull complete
8ebed4b5b124: Pull complete
2d43c33b2e09: Pull complete
5a85a942432d: Pull complete
b7233a123543: Pull complete
Digest: sha256:80f5b68712d0a2ace2154ff209a70e2d90610ece460a38aaaae8e0d3fa9d4a97
Status: Downloaded newer image for ptl01o9eap01c:5000/docker-node-example:2016-07-08_9b87d40

However when I try to do it in a rancher compose or in the GUI

It unfortunately doesn’t work.

I get this from the rancher agent logs:

ImageValidationError: Image [rancher/agent-instance:v0.8.3] failed to pull: Error while pulling image: Get https://index.docker.io/v1/repositories/rancher/agent-instance/images: dial tcp 54.173.200.203:443: getsockopt: connection refused
2016-07-13 21:32:31,284 ERROR agent [140682024949072] [event.py:112] Error in request : b519af13-c4fd-4fc8-ab53-a3cc3317d0cc
Traceback (most recent call last):
File “/var/lib/cattle/pyagent/cattle/agent/event.py”, line 95, in _worker_main
resp = agent.execute(req)
File “/var/lib/cattle/pyagent/cattle/agent/init.py”, line 15, in execute
return self._router.route(req)
File “/var/lib/cattle/pyagent/cattle/plugins/core/event_router.py”, line 13, in route
resp = handler.execute(req)
File “/var/lib/cattle/pyagent/cattle/agent/handler.py”, line 34, in execute
return method(req=req, **req.data.dict)
File “/var/lib/cattle/pyagent/cattle/storage/init.py”, line 27, in image_activate
action=lambda: self._do_image_activate(image, storage_pool,
File “/var/lib/cattle/pyagent/cattle/agent/handler.py”, line 72, in _do
action()
File “/var/lib/cattle/pyagent/cattle/storage/init.py”, line 28, in
progress)
File “/var/lib/cattle/pyagent/cattle/plugins/docker/storage.py”, line 162, in _do_image_activate
raise e

Version info

Rancher v1.1.0
Cattle v0.165.4

I’m behind a firewall so I can’t get to docker hub (part of the reason for using a local registry) but rancher seems to be ignoring that from the image name when it tries to pull the image

Note I do not have a username or password on my registry:v2 yet but tried filling out rancher private registry creation a variety of ways to no avail:

Any ideas on why rancher isn’t honoring the private registry but docker does it with no problem? Thank you!

I figured this out in case this helps anyone. If you are going to run behind a firewall (aka NO internet access) you must ensure that your rancher running server has the two images installed or else compose and/or starting images inside rancher isn’t going to work:

$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rancher/agent-instance v0.8.3 b6b013f2aa85 4 weeks ago 330.9 MB
rancher/agent v1.0.2 860ed2b2e8e3 4 weeks ago 454.3 MB

We have docs on how to run with no internet access:

http://docs.rancher.com/rancher/latest/en/installing-rancher/installing-server/no-internet-access/

Ahh great, that’s much better - glad you can use an internal repository even. Thank you!

I may open source an ansible-playbook that gets rancher running from scratch that might be useful at some point. Ill update this post when I do that.