Home » Version Control System » Fix failed to pull the image with the policy “always” error from the daemon
Version Control System

Fix failed to pull the image with the policy “always” error from the daemon

Christianby
Leave a Comment on Fix failed to pull the image with the policy “always” error from the daemon
git-pull-error

A Docker image is a file used to execute code in a Docker container. It acts as a set of instructions to build a Docker container (more like a template). A Docker image contains application code, libraries, tools, dependencies, and other files needed to make an application run. The Registry is a stateless, highly scalable server-side application that stores and lets you distribute Docker images. It is open-source, under the permissive Apache license. In this article, you will learn how to fix failed to pull the image with the policy “always” error from the daemon. Here are some related guides: How to manually update Docker desktop. How to install Docker Desktop and register GitLab-Runner with Docker Windows executor, and how to host Multiple Domains In Tomcat.

How to download a Docker Image

To download a particular image, or set of images (i.e., a repository), use docker pull. If no tag is provided, Docker Engine uses the :latest tag as a default. Kindly refer to some of these related guides: How to install Git on macOS. How to clone a repository and install software from GitHub on Windows, How to Pull your first Nginx Container Image from Docker Hu hub, and how to fix “Panic: Failed to register the GitLab-runner, you may be having network issues“.

You should use the Registry if you want to:
- Tightly control where your images are being stored.
- Fully own your images distribution pipeline.
- Integrate image storage and distribution tightly into your in-house development workflow

Reason for the Error “failed to pull the image with the policy “always” error from the daemon”

You will encounter this error also when running a pipeline job in GitLab. This is because the image in question does not match the container version. I simulated this using the following image (mcr.microsoft.com/windows/servercore:ltsc2022), and the error below was prompted. Please see the solution below. 

Pulling docker image windows ...
WARNING: Failed to pull image with policy "always": Error response from daemon: pull access denied for windows, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
ERROR: Job failed: failed to pull image "windows" with specified policies [always]: Error response from daemon: pull access denied for windows, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

Windows offers four container base images that users can build from. Each base image is a different type of Windows or Windows Server operating system, has a different on-disk footprint. And has a different set of Windows APIs set. Each base image is briefly described below:

  • Nano Server is an ultralight Windows offering for new application development.
  • Server Core is medium in size and a good option for “lifting and shifting” Windows Server apps.
  • Windows is the largest image and has full Windows API support for workloads.
  • Windows Server is slightly smaller than the Windows image, has full Windows API support, and allows you to use more server features.

You may also want to see this guide on how to install and uninstall Docker Desktop on Windows 10 and Windows Server. How to install and upgrade Docker Engine from binaries on Windows, and Preparation failed: Error during connect in the default daemon configuration.

Solution: Use the right Container Base Image

Windows requires the host OS version to match the container OS version. If you want to run a container based on a newer Windows build, make sure you have an equivalent host build. Otherwise, you can use Hyper-V isolation to run older containers on new host builds. Please specify in the config.toml file the right image that matches the container OS version that you are running.

I am running a Docker Desktop on a Windows 20H2 device with a Windows Container daemon. Ensure you specify the right image “mcr.microsoft.com/windows:20H2” as shown in the file below. 

[[runners]]
  name = "docker-windows executor"
  url = "https://gitlabcom/"
  token = "xxxxxxxxxxxxxxx"
  executor = "docker-windows"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = xxxxx
    image = "mcr.microsoft.com/windows:20H2"

When this has been correctly specified and you run your job again, it will succeed as shown below.

result: Pulling docker image mcr.microsoft.com/windows:20H2 ...
Using docker image sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx for mcr.microsoft.com/windows:20H2 with digest mcr.microsoft.com/windows@xxxxxxx...
Preparing environment
00:10
Running on RUNNER-xxxxxxx via
techDPC

Note: The message could also occur when you use the wrong image name. Please check your image if it exists on the Docker Hub Repository with the correct tag. Also, If the repository is private you need to authenticate your GitLab Runner in the registry. Read more on using a private Docker registry.

Kindly refer to this troubleshooting guide for more information “Docker image OS” windows” cannot be used on this platform: No matching manifest for linux/amd64 in the manifest list entries from Microsoft Docker Registry“.

I hope you found this blog post helpful on how to fix failed to pull the image with the policy “always” error from the daemon. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x