Running chocolatey in docker container fails
Asked Answered
L

6

15

I have docker on windows server 2016. The Dockerfile contains some build tools to be installed via chocolatey. It fails every time when I am trying to build image from mentioned Dockerfile. The chocolatey tool is not running in container.

# Use the latest Windows Server Core image. 
FROM microsoft/windowsservercore

ENV chocolateyUseWindowsCompression false

RUN powershell -Command \
        iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')); \
        choco feature disable --name showDownloadProgress

RUN choco install visualstudio2015professional 
RUN choco install qtcreator 
RUN choco install curl 
RUN choco install jq 
RUN choco install 7zip.install 
RUN choco install jfrog-cli 
RUN choco install jom

Build command here.........
    C:\Program Files\Docker>docker build -t test -f Dockerfile.txt .
    Sending build context to Docker daemon  54.73MB
    Step 1/10 : FROM microsoft/windowsservercore
    latest: Pulling from microsoft/windowsservercore
    3889bb8d808b: Pull complete
    fb1ebf2c42b6: Pull complete
    Digest: sha256:750440935dd3ef8ea148a8e4f83a0397540a8014938ae7b59eb78211da1d5969
    Status: Downloaded newer image for microsoft/windowsservercore:latest
     ---> 7d89a4baf66c
    Step 2/10 : ENV chocolateyUseWindowsCompression false
     ---> Running in 8a7b1fc97da5
     ---> 0f3c89daf01c
    Removing intermediate container 8a7b1fc97da5
    Step 3/10 : RUN powershell -Command     iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'));     choco feature disable --name showDownloadProgress
     ---> Running in f7088454db37
    Exception calling "DownloadString" with "1" argument(s): "Unable to connect to
    the remote server"
    At line:1 char:1
    + iex ((new-object net.webclient).DownloadString('https://chocolatey.or ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : WebException

    choco : The term 'choco' is not recognized as the name of a cmdlet, function,
    script file, or operable program. Check the spelling of the name, or if a path
    was included, verify that the path is correct and try again.
    At line:1 char:88
    + ... .DownloadString('https://chocolatey.org/install.ps1')); choco feature ...
    +                                                             ~~~~~
        + CategoryInfo          : ObjectNotFound: (choco:String) [], CommandNotFou
       ndException
        + FullyQualifiedErrorId : CommandNotFoundException

    The command 'cmd /S /C powershell -Command     iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'));     choco feature disable --name showDownloadProgress' returned a non-zero code: 1
Lowerclassman answered 25/7, 2018 at 11:1 Comment(0)
G
11

I had this problem a while ago. It was destroying me for some time, I could not work out why one Docker image I had was building fine while the next one was not.

I finally traced it to an issue with restricted TLS, whereby the newer Windows docker base images required TLS1.2 which is not enabled by default. You may be encountering this with your windows server core base container.

The Chocolatey documentation refers to this situation in their section about installing-with-restricted-tls.

Their fix at time of writing was to do a little musical chairs with the TLS settings before putting them back - see below

$securityProtocolSettingsOriginal = [System.Net.ServicePointManager]::SecurityProtocol

try {
  # Set TLS 1.2 (3072), then TLS 1.1 (768), then TLS 1.0 (192), finally SSL 3.0 (48)
  # Use integers because the enumeration values for TLS 1.2 and TLS 1.1 won't
  # exist in .NET 4.0, even though they are addressable if .NET 4.5+ is
  # installed (.NET 4.5 is an in-place upgrade).
  [System.Net.ServicePointManager]::SecurityProtocol = 3072 -bor 768 -bor 192 -bor 48
} catch {

  Write-Warning 'Unable to set PowerShell to use TLS 1.2 and TLS 1.1 due to old .NET Framework installed. If you see underlying connection closed or trust errors, you may need to do one or more of the following: (1) upgrade to .NET Framework 4.5 and PowerShell v3, (2) specify internal Chocolatey package location (set $env:chocolateyDownloadUrl prior to install or host the package internally), (3) use the Download + PowerShell method of install. See https://chocolatey.org/install for all install options.'
}

iex ((New-Object 
System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

[System.Net.ServicePointManager]::SecurityProtocol = $securityProtocolSettingsOriginal

Failing that, run your container without choco using docker run --name mycontainer -d [your container id] then use an interactive shell using docker exec -it mycontainer powershell and you'll be able to run the choco install interactively to get more information about the failure.

Goldin answered 14/12, 2018 at 3:26 Comment(0)
F
4

Did you research following from https://github.com/chocolatey/choco/issues/1055

SET chocolateyUseWindowsCompression='false' REM No spaces in the equals
@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

And closest question here: Powershell unable to connect to internet at all

Fenestrated answered 13/12, 2018 at 5:41 Comment(0)
F
3

For me this turned out to be my antivirus specifically Symantec in my case, worked as soon as it was disabled.

Fugal answered 6/11, 2018 at 13:52 Comment(0)
R
1

I managed to install choco from web in a corp network with proxy settings.

first step is creating a proxy.ps1:

$ProxyAddress = "http://proxy:port"
[system.net.webrequest]::defaultwebproxy = New-Object system.net.webproxy($ProxyAddress)
$CredCache = [System.Net.CredentialCache]::new()
$NetCreds = [System.Net.NetworkCredential]::new("username","password","")
$CredCache.Add($ProxyAddress, "Basic", $NetCreds)
[system.net.webrequest]::defaultwebproxy.credentials = $CredCache
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true

and then in Dockfile, do it this way:

FROM mcr.microsoft.com/windows:1809-amd64 AS base
SHELL ["cmd", "/S", "/C"]

# add proxy to powershell profile for all users
ADD proxy.ps1 C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1
# Install Chocolatey
RUN powershell -ExecutionPolicy unrestricted -Command `
    iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
Reine answered 6/11, 2019 at 7:33 Comment(1)
True hero. I spent hours trying various ways to get chocolatey installed in my Windows docker on a corporate proxy. Copy/pasted these and changed proxy var and it was done in 30 seconds.Sesquioxide
H
0

For anyone finding this issue in/after 2024, I was able to install Chocolatey using the normal powershell install instruction here on mcr.microsoft.com/windows/servercore:ltsc2022 and subsequently install software in the container without issue. As far as I can tell, the compatibility issue surrounding TLS has been resolved in the current latest versions.

Happ answered 27/3 at 15:12 Comment(0)
A
-1

The key is in the error message:

"Unable to connect to the remote server"

Your Docker container doesn't have internet connectivity to download the Chocolatey install script.

Agnew answered 25/7, 2018 at 14:51 Comment(1)
When I pull other images for e.g. hello-world from docker hub or windowsservicecore image it worked. I have set the proxy settings. Is there any docker command to verify the status of internet connection?Lowerclassman

© 2022 - 2024 — McMap. All rights reserved.