Reputation: 800
Diagnosing download timeout from chocolatey.org in a Windows Docker build
I'm trying to put together a Windows Docker container that can run .NET builds. Given the dependencies I need the best way to do so seemed to be to make use of Chocolatey. However in the install step for Chocolatey I am getting a download timeout trying to run the command
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
The full error is below.
Exception calling "DownloadString" with "1" argument(s): "The operation has
timed out"
At C:\install.ps1:3 char:51
+ ... ess -Force; iex ((New-Object System.Net.WebClient).DownloadString('ht ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordE
xception
+ FullyQualifiedErrorId : WebException
This seems strange for a number of reasons.
- I have successfully built this Docker image on a machine I hand rolled, but the failure happens consistently on our provisioned build machine.
- I can RDP onto the machine and download the script outside the context of the docker container with no problem.
- I can ping chocolatey.org without issue within the Docker container.
- I can download the content of other sites from within the Docker container (i.e. google.com or nuget.org).
- I have completely destroyed this build machine and provisioned a new one (via BOSH).
Conclusion: There seems to be some kind of networking issue related to Docker that does not prevent connection to the servers at chocolatey.org, but nonetheless prevents reading the contents of URLs from there.
However I'm out of tools for troubleshooting and any ideas would be greatly appreciated.
Full Docker file
FROM microsoft/windowsservercore:1709
COPY install.ps1 /install.ps1
RUN powershell /install.ps1
ENTRYPOINT powershell
Full install.ps1
$ErrorActionPreference = "Stop"
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install 7zip -y
choco install visualstudio2017professional -y
choco install visualstudio2017-workload-manageddesktop --includeOptional --pre -y
choco install visualstudio2017-workload-universal --includeOptional --pre -y
choco install nuget.commandline
Upvotes: 7
Views: 1803
Answers (2)
Reputation: 2320
When you are installing Chocolatey itself, ensure that TLS1.2 is available. This command line will add the TLS1.2 protocol to any existing protocols in the current console:
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
To enable TLS1.2 on a system wide and permanent scope you must use the registry:
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\Enabled = 1
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault = 0
Also, after Chocolatey is installed, there are some chocolatey settings that can be useful for network issues:
choco config set --name="'commandExecutionTimeoutSeconds'" --value="'2700'"
choco config set --name="'webRequestTimeoutSeconds'" --value="'30'"
choco config set --name="'proxy'" --value="'myproxy.myorg.com:8080'"
choco config set --name="'proxyUser'" --value="'username'"
choco config set --name="'proxyPassword'" --value="'P@ssw0rd'"
Upvotes: 2
Reputation: 1
Solution If you have the following:
PowerShell v3+ .NET Framework 4.5 You can just run the following instead of just the one-liner to get Chocolatey installed:
$securityProtocolSettingsOriginal = [System.Net.ServicePointManager]::SecurityProtocol
try { # Set TLS 1.2 (3072), then TLS 1.1 (768), then TLS 1.0 (192), finally SSL 3.0 (48) # Use integers because the enumeration values for TLS 1.2 and TLS 1.1 won't # exist in .NET 4.0, even though they are addressable if .NET 4.5+ is # installed (.NET 4.5 is an in-place upgrade). [System.Net.ServicePointManager]::SecurityProtocol = 3072 -bor 768 -bor 192 -bor 48 } catch { Write-Warning 'Unable to set PowerShell to use TLS 1.2 and TLS 1.1 due to old .NET Framework installed. If you see underlying connection closed or trust errors, you may need to do one or more of the following: (1) upgrade to .NET Framework 4.5 and PowerShell v3, (2) specify internal Chocolatey package location (set $env:chocolateyDownloadUrl prior to install or host the package internally), (3) use the Download + PowerShell method of install. See https://chocolatey.org/install for all install options.' }
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
[System.Net.ServicePointManager]::SecurityProtocol = $securityProtocolSettingsOriginal
Upvotes: 0
Related Questions
- Running chocolatey in docker container fails
- Can’t install Choclatey into windows docker container
- How do I install Docker using Chocolatey?
- Not able to install packages using chcolatey in docker container
- The command 'cmd /S /C choco install --no-progress -y curl' returned a non-zero code: 3221225785
- Docker for Windows: error pulling image configuration: i/o timeout
- Trying to create a Jenkins docker container using chocolatey in a windows container
- Docker error on Windows 2016 "Client.Timeout exceeded while awaiting headers"
- Docker cannot access any Internet URL during build
- Docker install failed on windows 10 host