Download failure within official ubuntu docker images on Ubuntu 14.04 host

Question

Trying to build a new docker image from the official ubuntu:12.04 and ubuntu:latest on a Ubuntu 14.04.02 Trusty Server.

It is not a DNS problem. It's working fine. I'm not behind a proxy. I get the network connection, but can't download the files. Always get 404: file not found, but the url is correct.

Finally Tried the following Dockerfile to prove my point:

FROM ubuntu
ADD 'http://ftp.unicamp.br/pub/apache/tomcat/tomcat-7/v7.0.62/bin/apache-tomcat-7.0.62.tar.gz' /
COPY wget /usr/bin/
COPY ping /bin/
COPY libidn.so.11 /usr/lib/x86_64-linux-gnu/
RUN ping -c 4 ftp.unicamp.br
RUN wget http://ftp.unicamp.br/pub/apache/tomcat/tomcat-7/v7.0.62/bin/apache-tomcat-7.0.62.tar.gz
RUN tar zxf apache-tomcat-7.0.62.tar.gz

Ran the command docker build --no-cache=true -t raoni/tomcat:0.1 .

And got the following output:

Sending build context to Docker daemon 1.885 MB
Sending build context to Docker daemon
Step 0 : FROM ubuntu
 ---> 6d4946999d4f
Step 1 : ADD http://ftp.unicamp.br/pub/apache/tomcat/tomcat-7/v7.0.62/bin/apache-tomcat-7.0.62.tar.gz /
Downloading [==================================================>] 8.825 MB/8.825 MB
 ---> 6d13d9232ebb
Removing intermediate container a3c80c01a112
Step 2 : COPY wget /usr/bin/
 ---> ba1d72d7b503
Removing intermediate container c004c20c396e
Step 3 : COPY ping /bin/
 ---> 59fb0419c477
Removing intermediate container c2f3d5035458
Step 4 : COPY libidn.so.11 /usr/lib/x86_64-linux-gnu/
 ---> 66cf1b0c13cc
Removing intermediate container 3dccacf5c992
Step 5 : RUN ping -c 4 ftp.unicamp.br
 ---> Running in 62bbdda28ef6
PING ftp.unicamp.br (143.106.10.149) 56(84) bytes of data.
64 bytes from ftp.unicamp.br (143.106.10.149): icmp_seq=1 ttl=52 time=31.6 ms
64 bytes from ftp.unicamp.br (143.106.10.149): icmp_seq=2 ttl=52 time=31.7 ms
64 bytes from ftp.unicamp.br (143.106.10.149): icmp_seq=3 ttl=52 time=31.8 ms
64 bytes from ftp.unicamp.br (143.106.10.149): icmp_seq=4 ttl=52 time=32.0 ms

--- ftp.unicamp.br ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 31.609/31.818/32.067/0.211 ms
 ---> cffab8d12f25
Removing intermediate container 62bbdda28ef6
Step 6 : RUN wget http://ftp.unicamp.br/pub/apache/tomcat/tomcat-7/v7.0.62/bin/apache-tomcat-7.0.62.tar.gz
 ---> Running in c38cf1dfb7a9
--2015-06-23 22:36:17--  http://ftp.unicamp.br/pub/apache/tomcat/tomcat-7/v7.0.62/bin/apache-tomcat-7.0.62.tar.gz
Resolving ftp.unicamp.br (ftp.unicamp.br)... 143.106.10.149
Connecting to ftp.unicamp.br (ftp.unicamp.br)|143.106.10.149|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2015-06-23 22:36:17 ERROR 404: Not Found.

The command '/bin/sh -c wget http://ftp.unicamp.br/pub/apache/tomcat/tomcat-7/v7.0.62/bin/apache-tomcat-7.0.62.tar.gz' returned a non-zero code: 8

This output shows that:

1. The url is valid and accessible. The ADD command was able to download the file successfully.
2. The network connection in the container is OK, since it is able to ping the remote host.
3. The container is able to resolve the DNS name.

Apt-get update shows the exact same problem, as in the following excerpt output from the command docker run ubuntu:12.04 apt-get update:

Err http://archive.ubuntu.com precise/main Sources
  404  Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com precise/restricted Sources
  404  Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com precise/universe Sources
  404  Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com precise/universe amd64 Packages
  404  Not Found [IP: 91.189.91.13 80]

For information, the docker version command output shows:

root@vm:~/docker/test# docker version
Client version: 1.7.0
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 0baf609
OS/Arch (client): linux/amd64
Server version: 1.7.0
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 0baf609
OS/Arch (server): linux/amd64

Thanks in advance.

EDIT:

Ufw was inactive. Thanks Thomas.

It was a network IPS behaving oddly at the edge. Network support fixed and it is now working OK.

Answer 1

There is an important difference to understand when docker build executes a ADD instruction and when it executes a RUN instruction.

• with the ADD instruction, the download takes place from the docker host and then is pushed into the build context.
• with the RUN instruction, the download takes place from within a running container.

This difference can explain why it works with one and fails with the other.

Since your host is Ubuntu, make sure you followed the Docker installation instructions regarding the ufw firewall which says:

If you use UFW (Uncomplicated Firewall) on the same host as you run Docker, you’ll need to do additional configuration. Docker uses a bridge to manage container networking. By default, UFW drops all forwarding traffic. As a result, for Docker to run when UFW is enabled, you must set UFW’s forwarding policy appropriately.

Also if you want to investigate from within a container the issue and easily try out commands to figure the problem out, I suggest you open a bash shell in a container created from that same ubuntu image:

docker run -it ubuntu /bin/bash -l

and from there you will be able to diagnose the issue, for instance with:

route
cat /etc/resolv.conf
apt-get update && apt-get -y install traceroute telnet
traceroute ftp.unicamp.br
telnet ftp.unicamp.br 80