Bug 1389328
| Summary: | Rhel-push-plugin blocks a push to a local registry | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Göran Uddeborg <goeran> |
| Component: | docker | Assignee: | Lokesh Mandvekar <lsm5> |
| Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | amurdaca, dichen, lsm5, lsu |
| Target Milestone: | rc | Keywords: | Extras |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-06 17:44:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Göran Uddeborg
2016-10-27 13:06:20 UTC
(In reply to Göran Uddeborg from comment #0) > Description of problem: > Trying to push an image to a local registry, I get the following error: > > Error response from daemon: plugin rhel-push-plugin failed with error: > AuthZPlugin.AuthZReq: Error: No such image: > docker-river.got.jeppesensystems.com:5000/devops/centos-jeppesen > > > Version-Release number of selected component (if applicable): > docker-rhel-push-plugin-1.10.3-46.el7.14.x86_64 > > > How reproducible: > Every time > > > Steps to Reproduce: > 1. Build an image based on centos:centos7: docker build > --tag=docker-river.got.jeppesensystems.com:5000/devops/centos-jeppesen: > centos7jeppesen centos7jeppesen > 2. Add an additional tag (I don't know if this matters): docker tag --force > docker-river.got.jeppesensystems.com:5000/devops/centos-jeppesen: > centos7jeppesen > docker-river.got.jeppesensystems.com:5000/devops/centos-jeppesen:7 > 2. Push the image: docker push > docker-river.got.jeppesensystems.com:5000/devops/centos-jeppesen How is this even working w/o the plugin enabled? this will push ":latest" tag by default but you don't have any "latest" tag, do you? > > Actual results: > The error message above. > > > Expected results: > Successful push. > > > Additional info: > I made an alternative docker.service file where I removed the > --authorization-plugin=rhel-push-plugin line from the ExecStart command, and > restarted docker. Then I could successfully push. This seems to confirm > the plugin is indeed the reason. > > I'm confused for at least two reasons: > > 1. Bug 1344448 seems to be about this problem. That report should have been > fixed in 1.10.3-44.el7 according to the errata. As can be seen above, we > have an even later version, 1.10.3-46.el7. Is it an immediate regression, > or do I not understand that other bug? > > 2. This image isn't really based on RHEL, but on CentOS. It seems the > plugin shouldn't block it even if I tried to push to docker.io. (The host > where I build is a RHEL host, though.) Even if it's not based on RHEL the plugin does the check and as you can see from the above message it's not saying "blocked", it's saying just that the image isn't found. Fixed by https://github.com/projectatomic/rhel-push-plugin/commit/bc8b12c38bbe86ba2d94928bdefdb934cab0ceac Assigning to Lokesh to rebuild for RHEL (In reply to Antonio Murdaca from comment #2) > (In reply to Göran Uddeborg from comment #0) > How is this even working w/o the plugin enabled? this will push ":latest" > tag by default but you don't have any "latest" tag, do you? Is that really what it is supposed to mean? The docker-push man page doesn't say clearly what it means to push without specifying a tag. I don't find any reference quickly, but I thought it meant push all images with the given name. And without the plugin, that indeed is what docker does. > Even if it's not based on RHEL the plugin does the check and as you can see > from the above message it's not saying "blocked", it's saying just that the > image isn't found. But the effect is that no images get pushed, and the command returns with an error status. Since the push succeeds without the plugin, I thought it was only a bad message. I thought it was what the plugin said when it blocked. In docker-rhel-push-plugin-1.12.3-4.el7.x86_64 #docker tag docker.io/centos:latest localhost:5000/centos:7 #docker push localhost:5000/centos // omit the tag here The push refers to a repository [localhost:5000/centos] 97ca462ad9ee: Pushed 7: digest: sha256:b2f9d1c0ff5f87a4743104d099a3d561002ac500db1b9bfa02a783a46e0d366c size: 529 Move to verified, please correct me if the steps are not right. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2859.html Hi all, The same error popped out again, Error response from daemon: plugin rhel-push-plugin failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. when I execute '$ docker push localhost:5000/my-ubuntu:latest' with docker-rhel-push-plugin-1.13.1-103.git7f2769b.el7.x86_64 Sorry I did not paste the whole error info, ``` Error response from daemon: plugin rhel-push-plugin failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host? ``` while my docker service works active with no error. Never mind, it's my fault. I add tls configs for docker daemon, forgot to config the rhel-push-plugin. Please ignore my comments |