Login/Register
Diagnosing download timeout from chocolatey.org in a Windows Docker build
Asked Answered
dockerchocolateydocker-for-windows
S

2

7

I'm trying to put together a Windows Docker container that can run .NET builds. Given the dependencies I need the best way to do so seemed to be to make use of Chocolatey. However in the install step for Chocolatey I am getting a download timeout trying to run the command

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

The full error is below.

Exception calling "DownloadString" with "1" argument(s): "The operation has
timed out"
At C:\install.ps1:3 char:51
+ ... ess -Force; iex ((New-Object System.Net.WebClient).DownloadString('ht ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordE
   xception
    + FullyQualifiedErrorId : WebException

This seems strange for a number of reasons.

  1. I have successfully built this Docker image on a machine I hand rolled, but the failure happens consistently on our provisioned build machine.
  2. I can RDP onto the machine and download the script outside the context of the docker container with no problem.
  3. I can ping chocolatey.org without issue within the Docker container.
  4. I can download the content of other sites from within the Docker container (i.e. google.com or nuget.org).
  5. I have completely destroyed this build machine and provisioned a new one (via BOSH).

Conclusion: There seems to be some kind of networking issue related to Docker that does not prevent connection to the servers at chocolatey.org, but nonetheless prevents reading the contents of URLs from there.

However I'm out of tools for troubleshooting and any ideas would be greatly appreciated.

Full Docker file

FROM microsoft/windowsservercore:1709

COPY install.ps1 /install.ps1
RUN powershell /install.ps1

ENTRYPOINT powershell

Full install.ps1

$ErrorActionPreference = "Stop"

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

choco install 7zip -y
choco install visualstudio2017professional -y
choco install visualstudio2017-workload-manageddesktop --includeOptional --pre -y
choco install visualstudio2017-workload-universal --includeOptional --pre -y

choco install nuget.commandline
Saliferous answered 4/6, 2018 at 22:23 Comment(0)
O
2

When you are installing Chocolatey itself, ensure that TLS1.2 is available. This command line will add the TLS1.2 protocol to any existing protocols in the current console:

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12

To enable TLS1.2 on a system wide and permanent scope you must use the registry:

HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\Enabled = 1
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault = 0

Also, after Chocolatey is installed, there are some chocolatey settings that can be useful for network issues:

choco config set --name="'commandExecutionTimeoutSeconds'" --value="'2700'"
choco config set --name="'webRequestTimeoutSeconds'" --value="'30'"
choco config set --name="'proxy'" --value="'myproxy.myorg.com:8080'"
choco config set --name="'proxyUser'" --value="'username'"
choco config set --name="'proxyPassword'" --value="'P@ssw0rd'"
Odaniel answered 24/4, 2020 at 21:0 Comment(0)
C
0

Solution If you have the following:

PowerShell v3+ .NET Framework 4.5 You can just run the following instead of just the one-liner to get Chocolatey installed:

$securityProtocolSettingsOriginal = [System.Net.ServicePointManager]::SecurityProtocol

try { # Set TLS 1.2 (3072), then TLS 1.1 (768), then TLS 1.0 (192), finally SSL 3.0 (48) # Use integers because the enumeration values for TLS 1.2 and TLS 1.1 won't # exist in .NET 4.0, even though they are addressable if .NET 4.5+ is # installed (.NET 4.5 is an in-place upgrade). [System.Net.ServicePointManager]::SecurityProtocol = 3072 -bor 768 -bor 192 -bor 48 } catch { Write-Warning 'Unable to set PowerShell to use TLS 1.2 and TLS 1.1 due to old .NET Framework installed. If you see underlying connection closed or trust errors, you may need to do one or more of the following: (1) upgrade to .NET Framework 4.5 and PowerShell v3, (2) specify internal Chocolatey package location (set $env:chocolateyDownloadUrl prior to install or host the package internally), (3) use the Download + PowerShell method of install. See https://chocolatey.org/install for all install options.' }

iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

[System.Net.ServicePointManager]::SecurityProtocol = $securityProtocolSettingsOriginal

Colorific answered 14/8, 2018 at 16:55 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.