Bug 1308818

Summary: [platformmanagement_public_435] Can not import private docker image from v1 docker registry
Product: OKD Reporter: weiwei jiang <wjiang>
Component: Image RegistryAssignee: Michal Minar <miminar>
Status: CLOSED WONTFIX QA Contact: Wei Sun <wsun>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.xCC: aos-bugs, ccoleman, wsun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-16 15:45:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description weiwei jiang 2016-02-16 08:18:51 UTC 
Description of problem:
After setup a v1 docker registry with authentication, fail to import the private images from the registry
I0216 02:46:08.906989    3629 importer.go:308] importing remote Docker repository registry=https://test.com:80 repository=test/busybox insecure=true
I0216 02:46:08.907458    3629 importer.go:695] Falling back to an HTTP check for an insecure registry {https  <nil> test.com:80   }: Get https://test.com:80/v2/: tls: o
versized record received with length 20527
I0216 02:46:08.918202    3629 credentials.go:134] Found secret to match http://test.com:80/v2/test/busybox/tags/list (test.com:80/v2/test/busybox/tags/list): 
I0216 02:46:08.920888    3629 importer.go:352] unable to access tags for repository &importer.importRepository{Ref:api.DockerImageReference{Registry:"test.com:80", Name
space:"test", Name:"busybox", Tag:"", ID:""}, Registry:(*url.URL)(0xc215307680), Name:"test/busybox", Insecure:true, Tags:[]importer.importTag(nil), Digests:[]importer.
importDigest(nil), MaximumTags:5, AdditionalTags:[]string(nil), Err:error(nil)}: &client.UnexpectedHTTPResponseError{ParseErr:(*json.SyntaxError)(0xc20fef5540), Respons
e:[]uint8{0x3c, 0x21, 0x44, 0x4f, 0x43, 0x54, 0x59, 0x50, 0x45, 0x20, 0x48, 0x54, 0x4d, 0x4c, 0x20, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x20, 0x22, 0x2d, 0x2f, 0x2f, 0x
57, 0x33, 0x43, 0x2f, 0x2f, 0x44, 0x54, 0x44, 0x20, 0x48, 0x54, 0x4d, 0x4c, 0x20, 0x33, 0x2e, 0x32, 0x20, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x2f, 0x2f, 0x45, 0x4e, 0x22, 0x
3e, 0xa, 0x3c, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x3e, 0x34, 0x30, 0x34, 0x20, 0x4e, 0x6f, 0x74, 0x20, 0x46, 0x6f, 0x75, 0x6e, 0x64, 0x3c, 0x2f, 0x74, 0x69, 0x74, 0x6c, 0x6
5, 0x3e, 0xa, 0x3c, 0x68, 0x31, 0x3e, 0x4e, 0x6f, 0x74, 0x20, 0x46, 0x6f, 0x75, 0x6e, 0x64, 0x3c, 0x2f, 0x68, 0x31, 0x3e, 0xa, 0x3c, 0x70, 0x3e, 0x54, 0x68, 0x65, 0x20,
 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x20, 0x55, 0x52, 0x4c, 0x20, 0x77, 0x61, 0x73, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x66, 0x6f, 0x75, 0x6e, 0x64, 0x20,
 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x20, 0x20, 0x49, 0x66, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x65, 0x64, 0x20, 0x74, 0x68, 0x65, 0x20, 0x55, 0x52, 0x4c, 0x20, 0x6d, 0x61, 0x6e, 0x75, 0x61, 0x6c, 0x6c, 0x79, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x63,
 0x68, 0x65, 0x63, 0x6b, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x73, 0x70, 0x65, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x74, 0x72, 0x79, 0x20, 0x61,
 0x67, 0x61, 0x69, 0x6e, 0x2e, 0x3c, 0x2f, 0x70, 0x3e, 0xa}}
I0216 02:46:08.921267    3629 rest.go:241] create new stream: &api.ImageStream{TypeMeta:unversioned.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:api.ObjectMeta{Name:"bc
", GenerateName:"", Namespace:"wjiang", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:unversioned.Time{Time:time.Time{sec:0, nsec:0, loc:(*ti
me.Location)(nil)}}, DeletionTimestamp:(*unversioned.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string{
"openshift.io/image.dockerRepositoryCheck":"2016-02-16T07:46:08Z"}}, Spec:api.ImageStreamSpec{DockerImageRepository:"", Tags:map[string]api.TagReference(nil)}, Status:a
pi.ImageStreamStatus{DockerImageRepository:"", Tags:map[string]api.TagEventList(nil)}}
I0216 02:46:08.925099    3629 image_change_controller.go:47] Build image change controller detected ImageStream change 172.30.236.234:5000/wjiang/bc


Version-Release number of selected component (if applicable):
devenv-rhel7_3433

How reproducible:
always

Steps to Reproduce:
1.  Setup a private docker registry with v1 version
1> Add the insecure registry to /etc/sysconfig/docker & restart docker service
OPTIONS='--insecure-registry 172.30.0.0/16 --insecure-registry 172.17.0.0/16 --selinux-enabled'
2> docker run -d registry
3> docker run -d -v /nginx.conf:/etc/nginx/conf.d/registry.conf -v /htpasswd:/etc/nginx/.htpasswd nginx
# cat nginx.conf 
server {
  listen 80;
  server_name test.com;
  add_header 'Docker-Distribution-Api-Version' 'registry/1.0' always;
  location / {
     proxy_pass http://172.17.0.1:5000;
     auth_basic "Restricted";
     auth_basic_user_file /etc/nginx/.htpasswd;
  }
} 
2.Create a imagestreamimport 
# oc create -f isi
{
  "kind": "ImageStreamImport",
  "apiVersion": "v1",
  "metadata": {
    "name": "bc"
  },
  "spec":{
  "import": true,
  "repository": {
    "from": {"kind": "DockerImage", "name": "test.com:80/test/busybox"},
    "importPolicy": {"insecure": true }
  }}
}
3.Check the imagestream & check the master log (loglevel=5)

Actual results:
I0216 02:46:08.906989    3629 importer.go:308] importing remote Docker repository registry=https://test.com:80 repository=test/busybox insecure=true
I0216 02:46:08.907458    3629 importer.go:695] Falling back to an HTTP check for an insecure registry {https  <nil> test.com:80   }: Get https://test.com:80/v2/: tls: o
versized record received with length 20527
I0216 02:46:08.918202    3629 credentials.go:134] Found secret to match http://test.com:80/v2/test/busybox/tags/list (test.com:80/v2/test/busybox/tags/list): 
I0216 02:46:08.920888    3629 importer.go:352] unable to access tags for repository &importer.importRepository{Ref:api.DockerImageReference{Registry:"test.com:80", Name
space:"test", Name:"busybox", Tag:"", ID:""}, Registry:(*url.URL)(0xc215307680), Name:"test/busybox", Insecure:true, Tags:[]importer.importTag(nil), Digests:[]importer.
importDigest(nil), MaximumTags:5, AdditionalTags:[]string(nil), Err:error(nil)}: &client.UnexpectedHTTPResponseError{ParseErr:(*json.SyntaxError)(0xc20fef5540), Respons
e:[]uint8{0x3c, 0x21, 0x44, 0x4f, 0x43, 0x54, 0x59, 0x50, 0x45, 0x20, 0x48, 0x54, 0x4d, 0x4c, 0x20, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x20, 0x22, 0x2d, 0x2f, 0x2f, 0x
57, 0x33, 0x43, 0x2f, 0x2f, 0x44, 0x54, 0x44, 0x20, 0x48, 0x54, 0x4d, 0x4c, 0x20, 0x33, 0x2e, 0x32, 0x20, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x2f, 0x2f, 0x45, 0x4e, 0x22, 0x
3e, 0xa, 0x3c, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x3e, 0x34, 0x30, 0x34, 0x20, 0x4e, 0x6f, 0x74, 0x20, 0x46, 0x6f, 0x75, 0x6e, 0x64, 0x3c, 0x2f, 0x74, 0x69, 0x74, 0x6c, 0x6
5, 0x3e, 0xa, 0x3c, 0x68, 0x31, 0x3e, 0x4e, 0x6f, 0x74, 0x20, 0x46, 0x6f, 0x75, 0x6e, 0x64, 0x3c, 0x2f, 0x68, 0x31, 0x3e, 0xa, 0x3c, 0x70, 0x3e, 0x54, 0x68, 0x65, 0x20,
 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x20, 0x55, 0x52, 0x4c, 0x20, 0x77, 0x61, 0x73, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x66, 0x6f, 0x75, 0x6e, 0x64, 0x20,
 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x20, 0x20, 0x49, 0x66, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x65, 0x64, 0x20, 0x74, 0x68, 0x65, 0x20, 0x55, 0x52, 0x4c, 0x20, 0x6d, 0x61, 0x6e, 0x75, 0x61, 0x6c, 0x6c, 0x79, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x63,
 0x68, 0x65, 0x63, 0x6b, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x73, 0x70, 0x65, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x74, 0x72, 0x79, 0x20, 0x61,
 0x67, 0x61, 0x69, 0x6e, 0x2e, 0x3c, 0x2f, 0x70, 0x3e, 0xa}}
I0216 02:46:08.921267    3629 rest.go:241] create new stream: &api.ImageStream{TypeMeta:unversioned.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:api.ObjectMeta{Name:"bc
", GenerateName:"", Namespace:"wjiang", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:unversioned.Time{Time:time.Time{sec:0, nsec:0, loc:(*ti
me.Location)(nil)}}, DeletionTimestamp:(*unversioned.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string{
"openshift.io/image.dockerRepositoryCheck":"2016-02-16T07:46:08Z"}}, Spec:api.ImageStreamSpec{DockerImageRepository:"", Tags:map[string]api.TagReference(nil)}, Status:a
pi.ImageStreamStatus{DockerImageRepository:"", Tags:map[string]api.TagEventList(nil)}}
I0216 02:46:08.925099    3629 image_change_controller.go:47] Build image change controller detected ImageStream change 172.30.236.234:5000/wjiang/bc


Expected results:
should work well

Additional info:
Comment 1 Clayton Coleman 2016-02-16 15:45:42 UTC 
This is as designed - we won't support private import from V1 registries for now, because the complexity is too high.  We may get an RFE for it but v1 is basically dead.