hi; i can pull any image from mcr.microsoft.com on my server. gitlab installed on same server(docker) but when is using in giltab ci/cd i get “net/http: TLS handshake timeout”.
my .gitlab-ci.yml on self hosted gitlab
- cat /etc/resolv.conf
- ping -c 2 mcr.microsoft.com
- docker pull hello-world
- docker pull mcr.microsoft.com/dotnet/sdk:5.0
I’ve copied your configuration into a test project on GitLab.com SaaS, and it worked publish (#2574281949) · Jobs · Michael Friedrich / ci-cd-playground · GitLab
I would investigate on your self-hosted runner which is executing the job, if there is anything intercepting or blocking network traffic to the container registry.
ping sends ICMP packets, which is using a different protocol to
docker pull which communicates over http/TLS.
Maybe the internet connection is too slow, and the TLS handshake fails, linux networking - Docker pull: TLS handshake timeout - Server Fault has some more insights. Or you’ll need to configure an outgoing HTTP proxy in your company environment to being able to transfer HTTP traffic.
I have no problem to pull any image from https://mcr.microsoft.com in same server gitlab-runner installed. firewall is off.
i also accessto https://mcr.microsoft.com inside gitlab-runner container:
but pull from .gitlab-ci-.yml is too long. is any setting to increase network performance?
Hm, tricky. I do believe that this is a Docker problem, where the runner itself spawns a container (Docker in Docker) and then somewhat network inception problems may occur.
Is there a possibility to install gitlab-runner directly on the machine (not in Docker) and compare if the behaviour continues? This would help to rule out a DinD problem.
Another idea would be to use the Dependency Proxy in GitLab and cache Docker images, moving them more local to GitLab and avoid the pull timeouts. Dependency Proxy | GitLab Still, this won’t solve the first pull timing out.