I am trying to use NExus to download containers. We have a proxy set up for outbound traffic and I do have all the appropriate firewall exceptions put in place. Using curl it works. I am trying to download from Red Hat’s registry and Docker Hub. I am getting the following error:
[user@podman01 ~]$ podman --log-level=debug pull nexus.example.com:9091/hello-world
INFO[0000] podman filtering at log level debug
DEBU[0000] Called pull.PersistentPreRunE(podman --log-level=debug pull nexus.example.com:9091/hello-world)
DEBU[0000] Using conmon: "/usr/bin/conmon"
INFO[0000] Using sqlite as database backend
DEBU[0000] systemd-logind: Unknown object '/'.
DEBU[0000] Using graph driver overlay
DEBU[0000] Using graph root /opt/aap/.local/share/containers/storage
DEBU[0000] Using run root /run/user/1600/containers
DEBU[0000] Using static dir /opt/aap/.local/share/containers/storage/libpod
DEBU[0000] Using tmp dir /run/user/1600/libpod/tmp
DEBU[0000] Using volume path /opt/aap/.local/share/containers/storage/volumes
DEBU[0000] Using transient store: false
DEBU[0000] [graphdriver] trying provided driver "overlay"
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that metacopy is not being used
DEBU[0000] Cached value indicated that native-diff is usable
DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false
DEBU[0000] Initializing event backend journald
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument
DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument
DEBU[0000] Configured OCI runtime crun-vm initialization failed: no valid executable found for OCI runtime crun-vm: invalid argument
DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument
DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument
DEBU[0000] Configured OCI runtime runc initialization failed: no valid executable found for OCI runtime runc: invalid argument
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument
DEBU[0000] Using OCI runtime "/usr/bin/crun"
INFO[0000] Setting parallel job count to 25
DEBU[0000] Pulling image nexus.example.com:9091/hello-world (policy: always)
DEBU[0000] Looking up image "nexus.example.com:9091/hello-world" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Trying "nexus.example.com:9091/hello-world:latest" ...
DEBU[0000] reference "[overlay@/opt/aap/.local/share/containers/storage+/run/user/1600/containers]nexus.example.com:9091/hello-world:latest" does not resolve to an image ID
DEBU[0000] Trying "nexus.example.com:9091/hello-world:latest" ...
DEBU[0000] reference "[overlay@/opt/aap/.local/share/containers/storage+/run/user/1600/containers]nexus.example.com:9091/hello-world:latest" does not resolve to an image ID
DEBU[0000] Trying "nexus.example.com:9091/hello-world" ...
DEBU[0000] Loading registries configuration "/opt/aap/.config/containers/registries.conf"
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Attempting to pull candidate nexus.example.com:9091/hello-world:latest for nexus.example.com:9091/hello-world
DEBU[0000] parsed reference into "[overlay@/opt/aap/.local/share/containers/storage+/run/user/1600/containers]nexus.example.com:9091/hello-world:latest"
Trying to pull nexus.example.com:9091/hello-world:latest...
DEBU[0000] Copying source image //nexus.example.com:9091/hello-world:latest to destination image [overlay@/opt/aap/.local/share/containers/storage+/run/user/1600/containers]nexus.example.com:9091/hello-world:latest
DEBU[0000] Using registries.d directory /etc/containers/registries.d
DEBU[0000] Trying to access "nexus.example.com:9091/hello-world:latest"
DEBU[0000] No credentials matching nexus.example.com:9091/hello-world found in /run/user/1600/containers/auth.json
DEBU[0000] No credentials matching nexus.example.com:9091/hello-world found in /opt/aap/.config/containers/auth.json
DEBU[0000] No credentials matching nexus.example.com:9091/hello-world found in /opt/aap/.docker/config.json
DEBU[0000] No credentials matching nexus.example.com:9091/hello-world found in /opt/aap/.dockercfg
DEBU[0000] No credentials for nexus.example.com:9091/hello-world found
DEBU[0000] No signature storage configuration found for nexus.example.com:9091/hello-world:latest, using built-in default file:///opt/aap/.local/share/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/nexus.example.com:9091
DEBU[0000] GET https://nexus.example.com:9091/v2/
DEBU[0000] Ping https://nexus.example.com:9091/v2/ err Get "https://nexus.example.com:9091/v2/": http: server gave HTTP response to HTTPS client (&url.Error{Op:"Get", URL:"https://nexus.example.com:9091/v2/", Err:(*errors.errorString)(0x55ed63a1dc20)})
DEBU[0000] GET http://nexus.example.com:9091/v2/
DEBU[0000] Ping http://nexus.example.com:9091/v2/ status 401
DEBU[0000] GET http://nexus.example.com:9091/v2/hello-world/manifests/latest
DEBU[0000] Content-Type from manifest GET is "application/vnd.oci.image.index.v1+json"
DEBU[0000] Using SQLite blob info cache at /opt/aap/.local/share/containers/cache/blob-info-cache-v1.sqlite
DEBU[0000] Source is a manifest list; copying (only) instance sha256:2771e37a12b7bcb2902456ecf3f29bf9ee11ec348e66e8eb322d9780ad7fc2df for current system
DEBU[0000] GET http://nexus.example.com:9091/v2/hello-world/manifests/sha256:2771e37a12b7bcb2902456ecf3f29bf9ee11ec348e66e8eb322d9780ad7fc2df
DEBU[0000] Content-Type from manifest GET is "application/vnd.oci.image.manifest.v1+json"
DEBU[0000] IsRunningImageAllowed for image docker:nexus.example.com:9091/hello-world:latest
DEBU[0000] Using default policy section
DEBU[0000] Requirement 0: allowed
DEBU[0000] Overall: allowed
DEBU[0000] Downloading /v2/hello-world/blobs/sha256:1b44b5a3e06a9aae883e7bf25e45c100be0bb81a0e01b32de604f3ac44711634
DEBU[0000] GET http://nexus.example.com:9091/v2/hello-world/blobs/sha256:1b44b5a3e06a9aae883e7bf25e45c100be0bb81a0e01b32de604f3ac44711634
DEBU[0020] Error pulling candidate nexus.example.com:9091/hello-world:latest: copying system image from manifest list: parsing image configuration: fetching blob: received unexpected HTTP status: 502 Bad Gateway
Error: copying system image from manifest list: parsing image configuration: fetching blob: received unexpected HTTP status: 502 Bad Gateway
DEBU[0020] Shutting down engines
INFO[0020] Received shutdown.Stop(), terminating! PID=896567
[user@podman01 ~]$ podman --log-level=debug pull nexus.example.com:9093/rhel9/nginx-120
INFO[0000] podman filtering at log level debug
DEBU[0000] Called pull.PersistentPreRunE(podman --log-level=debug pull nexus.example.com:9093/rhel9/nginx-120)
DEBU[0000] Using conmon: "/usr/bin/conmon"
INFO[0000] Using sqlite as database backend
DEBU[0000] systemd-logind: Unknown object '/'.
DEBU[0000] Using graph driver overlay
DEBU[0000] Using graph root /opt/aap/.local/share/containers/storage
DEBU[0000] Using run root /run/user/1600/containers
DEBU[0000] Using static dir /opt/aap/.local/share/containers/storage/libpod
DEBU[0000] Using tmp dir /run/user/1600/libpod/tmp
DEBU[0000] Using volume path /opt/aap/.local/share/containers/storage/volumes
DEBU[0000] Using transient store: false
DEBU[0000] [graphdriver] trying provided driver "overlay"
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that metacopy is not being used
DEBU[0000] Cached value indicated that native-diff is usable
DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false
DEBU[0000] Initializing event backend journald
DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument
DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument
DEBU[0000] Configured OCI runtime crun-vm initialization failed: no valid executable found for OCI runtime crun-vm: invalid argument
DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument
DEBU[0000] Configured OCI runtime runc initialization failed: no valid executable found for OCI runtime runc: invalid argument
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument
DEBU[0000] Using OCI runtime "/usr/bin/crun"
INFO[0000] Setting parallel job count to 25
DEBU[0000] Pulling image nexus.example.com:9093/rhel9/nginx-120 (policy: always)
DEBU[0000] Looking up image "nexus.example.com:9093/rhel9/nginx-120" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Trying "nexus.example.com:9093/rhel9/nginx-120:latest" ...
DEBU[0000] reference "[overlay@/opt/aap/.local/share/containers/storage+/run/user/1600/containers]nexus.example.com:9093/rhel9/nginx-120:latest" does not resolve to an image ID
DEBU[0000] Trying "nexus.example.com:9093/rhel9/nginx-120:latest" ...
DEBU[0000] reference "[overlay@/opt/aap/.local/share/containers/storage+/run/user/1600/containers]nexus.example.com:9093/rhel9/nginx-120:latest" does not resolve to an image ID
DEBU[0000] Trying "nexus.example.com:9093/rhel9/nginx-120" ...
DEBU[0000] Loading registries configuration "/opt/aap/.config/containers/registries.conf"
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Attempting to pull candidate nexus.example.com:9093/rhel9/nginx-120:latest for nexus.example.com:9093/rhel9/nginx-120
DEBU[0000] parsed reference into "[overlay@/opt/aap/.local/share/containers/storage+/run/user/1600/containers]nexus.example.com:9093/rhel9/nginx-120:latest"
Trying to pull nexus.example.com:9093/rhel9/nginx-120:latest...
DEBU[0000] Copying source image //nexus.example.com:9093/rhel9/nginx-120:latest to destination image [overlay@/opt/aap/.local/share/containers/storage+/run/user/1600/containers]nexus.example.com:9093/rhel9/nginx-120:latest
DEBU[0000] Using registries.d directory /etc/containers/registries.d
DEBU[0000] Trying to access "nexus.example.com:9093/rhel9/nginx-120:latest"
DEBU[0000] No credentials matching nexus.example.com:9093/rhel9/nginx-120 found in /run/user/1600/containers/auth.json
DEBU[0000] No credentials matching nexus.example.com:9093/rhel9/nginx-120 found in /opt/aap/.config/containers/auth.json
DEBU[0000] No credentials matching nexus.example.com:9093/rhel9/nginx-120 found in /opt/aap/.docker/config.json
DEBU[0000] No credentials matching nexus.example.com:9093/rhel9/nginx-120 found in /opt/aap/.dockercfg
DEBU[0000] No credentials for nexus.example.com:9093/rhel9/nginx-120 found
DEBU[0000] No signature storage configuration found for nexus.example.com:9093/rhel9/nginx-120:latest, using built-in default file:///opt/aap/.local/share/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/nexus.example.com:9093
DEBU[0000] GET https://nexus.example.com:9093/v2/
DEBU[0000] Ping https://nexus.example.com:9093/v2/ err Get "https://nexus.example.com:9093/v2/": http: server gave HTTP response to HTTPS client (&url.Error{Op:"Get", URL:"https://nexus.example.com:9093/v2/", Err:(*errors.errorString)(0x563d442afc20)})
DEBU[0000] GET http://nexus.example.com:9093/v2/
DEBU[0000] Ping http://nexus.example.com:9093/v2/ status 401
DEBU[0000] GET http://nexus.example.com:9093/v2/rhel9/nginx-120/manifests/latest
DEBU[0000] Content-Type from manifest GET is "application/vnd.oci.image.index.v1+json"
DEBU[0000] Using SQLite blob info cache at /opt/aap/.local/share/containers/cache/blob-info-cache-v1.sqlite
DEBU[0000] Source is a manifest list; copying (only) instance sha256:ee6f8f937bc726fd714dde00f25e515ba9e2726d364e5f8764a853c25a1762dd for current system
DEBU[0000] GET http://nexus.example.com:9093/v2/rhel9/nginx-120/manifests/sha256:ee6f8f937bc726fd714dde00f25e515ba9e2726d364e5f8764a853c25a1762dd
DEBU[0000] Content-Type from manifest GET is "application/vnd.oci.image.manifest.v1+json"
DEBU[0000] IsRunningImageAllowed for image docker:nexus.example.com:9093/rhel9/nginx-120:latest
DEBU[0000] Using default policy section
DEBU[0000] Requirement 0: allowed
DEBU[0000] Overall: allowed
DEBU[0000] Downloading /v2/rhel9/nginx-120/blobs/sha256:81bbc99649880ff97cf59c50ec42d7e9ecd76a5042d4b03999f98745ddf272f0
DEBU[0000] GET http://nexus.example.com:9093/v2/rhel9/nginx-120/blobs/sha256:81bbc99649880ff97cf59c50ec42d7e9ecd76a5042d4b03999f98745ddf272f0
DEBU[0020] Error pulling candidate nexus.example.com:9093/rhel9/nginx-120:latest: copying system image from manifest list: parsing image configuration: fetching blob: received unexpected HTTP status: 502 Bad Gateway
Error: copying system image from manifest list: parsing image configuration: fetching blob: received unexpected HTTP status: 502 Bad Gateway
DEBU[0020] Shutting down engines
INFO[0020] Received shutdown.Stop(), terminating! PID=896834