Bug 1252422
Summary: | docker.py in new package docker-python does not work with client certificate authentication | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jarle Bjørgeengen <jarle> |
Component: | python-docker-py | Assignee: | Tomas Tomecek <ttomecek> |
Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.1 | CC: | dwalsh, lsm5 |
Target Milestone: | rc | Keywords: | Extras |
Target Release: | --- | Flags: | jhonce:
needinfo-
|
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-10-10 11:04:31 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jarle Bjørgeengen
2015-08-11 11:20:44 UTC
nginx access log says (when running the above python snippet): 129.240.0.118 - - [11/Aug/2015:13:22:10 +0200] "GET /v2/ HTTP/1.1" 400 252 "-" "python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-229.4.2.el7.x86_64" "-" 129.240.0.118 - - [11/Aug/2015:13:22:10 +0200] "GET /v1/_ping HTTP/1.1" 400 252 "-" "python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-229.4.2.el7.x86_64" "-" When running docker pull it says: 129.240.0.118 - - [11/Aug/2015:13:23:50 +0200] "GET /v2/ HTTP/1.1" 404 233 "-" "docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.4.2.el7.x86_64 os/linux arch/amd64" "-" 129.240.0.118 - - [11/Aug/2015:13:23:50 +0200] "GET /v1/_ping HTTP/1.1" 200 2 "-" "docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.4.2.el7.x86_64 os/linux arch/amd64" "-" 129.240.0.118 - - [11/Aug/2015:13:23:50 +0200] "GET /v1/_ping HTTP/1.1" 200 2 "-" "docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.4.2.el7.x86_64 os/linux arch/amd64" "-" 129.240.0.118 - - [11/Aug/2015:13:23:50 +0200] "GET /v1/repositories/uio-logstash/images HTTP/1.1" 200 760 "-" "docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.4.2.el7.x86_64 os/linux arch/amd64" "-" 129.240.0.118 - - [11/Aug/2015:13:23:51 +0200] "GET /v1/repositories/uio-logstash/tags HTTP/1.1" 200 158 "-" "docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.4.2.el7.x86_64 os/linux arch/amd64" "-" 129.240.0.118 - - [11/Aug/2015:13:23:51 +0200] "GET /v1/images/90a9503d3cb1c249f1ec04de4f70904bcdc096a7ba76bc31de8b4ebb9405d633/ancestry HTTP/1.1" 200 476 "-" "docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.4.2.el7.x86_64 os/linux So it seems that the reason is indeed that the ping_registry() in ../auth/auth.py tries to access the registry without providing the client certificates in /etc/docker/certs.d, hence it fails. When commenting out the ping check I bangs the head against the next error: ========================================== Traceback (most recent call last): File "/root/.ansible/tmp/ansible-tmp-1439293825.39-44102419682611/docker", line 3132, in <module> main() File "/root/.ansible/tmp/ansible-tmp-1439293825.39-44102419682611/docker", line 1494, in main started(manager, containers, count, name) File "/root/.ansible/tmp/ansible-tmp-1439293825.39-44102419682611/docker", line 1354, in started created = manager.create_containers(delta) File "/root/.ansible/tmp/ansible-tmp-1439293825.39-44102419682611/docker", line 1227, in create_containers containers = do_create(count, params) File "/root/.ansible/tmp/ansible-tmp-1439293825.39-44102419682611/docker", line 1217, in do_create result = self.client.create_container(**params) File "/usr/lib/python2.7/site-packages/docker/client.py", line 237, in create_container volume_driver File "/usr/lib/python2.7/site-packages/docker/utils/utils.py", line 546, in create_container_config 'mem_limit has been moved to host_config in API version 1.19' docker.errors.InvalidVersion: mem_limit has been moved to host_config in API version 1.19 ==================================== This seems to be https://github.com/ansible/ansible-modules-core/issues/1707, which in turn is triggered by the upstream change https://github.com/docker/docker-py/pull/644 Sigh... Is it possible to rollback the version of docker-py to one closer to the one that what was in EPEL until compability problems is sorted out? Another upshot is that https://bugzilla.redhat.com/show_bug.cgi?id=1251392 also (at least for now) disappears. FYI: It works with. yum remove docker-python yum install python-pip pip install docker.py==1.2.3 Lokesh can you look into this? Jon update please. It appears the dependencies have all been corrected now. We have updated python-docker-py to "python-docker-py-1.7.2-1.el7". Can you please check if the update resolves your problem? I know there was a lot of upstream development related to connecting to a secure registry. I'm closing this one since it's more than 1 year old and I presume the issue is no longer present (we updated the package to latest upstream release of major version 1 -- 1.10.6). Please reopen if you run into the issue again. |