Keyservers for Docker constantly failing

[chingc]

Hi, I'm running Vagrant 1.8.7 on 10.11.6 El Capitan and the docker provisioner fails repeatedly when it tries to download the key needed for installation. I've experienced this even when attempting to install docker manually, so this isn't really a problem with Vagrant. I was wondering if you can include the key with Vagrant so it doesn't have to download it from what appears to be extremely unreliable sources.

Eventually it will work if I keep trying, but today I've been trying for the past 30 minutes and still I get this error. It has been frustrating.

I know this isn't a problem with my network connection because my other Vagrantfiles (that don't try to install docker) are downloading and installing packages just fine.

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

  Vagrant.configure("2") do |config|

  config.vm.box = "debian/jessie64"
  config.vm.box_version = "~> 8.6.1"
  config.vm.provision "docker"

end

Error

The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

curl -sSL https://get.docker.com/ | sh

Stdout from the command:

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.unkAJ5I1RQ --no-auto-check-trustdb --trust-model always --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
?: ha.pool.sks-keyservers.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect: Success
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.VZyZN0Zhfz --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
?: [fd 4]: read error: Connection reset by peer
gpgkeys: key 58118E89F3A912897C070ADBF76221572C52609D can't be retrieved
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.ShABLMVIBN --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
?: [fd 4]: read error: Connection reset by peer
gpgkeys: key 58118E89F3A912897C070ADBF76221572C52609D partially retrieved (probably corrupt)


Stderr from the command:

stdin: is not a tty
+ sh -c apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
gpg: requesting key 2C52609D from hkp server ha.pool.sks-keyservers.net
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
+ sh -c apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
gpg: requesting key 2C52609D from hkp server pgp.mit.edu
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
+ sh -c apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
gpg: requesting key 2C52609D from hkp server keyserver.ubuntu.com
gpg: no valid OpenPGP data found.
gpg: key 2C52609D: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1
+ sh -c apt-key adv -k 58118E89F3A912897C070ADBF76221572C52609D >/dev/null

[matschaffer]

What version of VirtualBox are you using?

I'm hitting similar problems (Connection reset by peer on gpg calls) and so far what I've managed to dig up (ubuntu bug report, virtualbox forum post) points to issues with VirtualBox 5.1.

[matschaffer]

I've been doing some wireshark work on this today and it's looking like VirtualBox is trying to reassemble fragmented packets but doing so incorrectly.

What I'm seeing on the host OS as a 5 segment 4781 byte HTTP response from the key server is turning into a 1 segment 2894 byte truncated response inside the VM.

You may want to run tcpdumps on both sides to compare. I was testing just with a vanilla vagrant init ubuntu/trusty64 (just make sure to check #7969 if you haven't already downloaded the box). Started tcpdump on both sides then ran apt-key adv --keyserver keyserver.ubuntu.com --recv 58118E89F3A912897C070ADBF76221572C52609D

Output was:

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.vYZUuyVe5z --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv 58118E89F3A912897C070ADBF76221572C52609D
gpg: requesting key 2C52609D from hkp server keyserver.ubuntu.com
?: [fd 4]: read error: Connection reset by peer
gpgkeys: key 58118E89F3A912897C070ADBF76221572C52609D partially retrieved (probably corrupt)
gpg: no valid OpenPGP data found.
gpg: key 2C52609D: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1

What I don't yet have any idea of is why not everyone on my team is seeing this with the same versions of vagrant and virtual box.

[matschaffer]

I was unable to find a downgraded version that works (5.0 had the same issue, 4.0 won't install on Mac Sierra), but the r111957 test build seems to work.

Source: https://www.virtualbox.org/ticket/16084

[chingc]

@matschaffer I'm using v5.1.8. The bug ticket you linked sounds like it's describing something more serious. If it's true, why does it only seem to affect downloading keys? I don't have issues downloading anything else.

[geerlingguy]

@chingc - Over on Drupal VM's issue queue, we've found downgrading to 5.1.6 is the current best fix for this issue :( https://www.virtualbox.org/wiki/Download_Old_Builds_5_1

[chingc]

I haven't experienced this issue since I updated to VirtualBox 5.1.10. Anyone else?

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.