Bug 1413310
Summary: | docker info always reports HTTPS and v1 for Registry even when first configured registry is insecure and v2 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Aron Parsons <aparsons> |
Component: | docker | Assignee: | Jindrich Novy <jnovy> |
Status: | CLOSED WONTFIX | QA Contact: | atomic-bugs <atomic-bugs> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 7.3 | CC: | amurdaca, aparsons, dornelas, lsm5, pasik |
Target Milestone: | rc | Keywords: | Extras |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-02-28 19:42:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1186913 |
Description
Aron Parsons
2017-01-14 19:27:12 UTC
I'm fairly positive this is just a display issue at this point. Aron, can you confirm that if you specify "--add-registry=docker.knack.works" (or, better yet, use /etc/containers/registries.conf) with docker 1.12.6 or docker-latest 1.13.1 that you can pull from your v2 registry even though the docker daemon reports: Registry: https://docker.knack.works/v1/ Here's a test: # rpm -q docker-latest docker-latest-1.13.1-37.git9a813fa.el7.x86_64 # grep -A1 "\[registries.search\]" /etc/containers/registries.conf [registries.search] registries = ['myregistry.example.redhat.com:5000','registry.access.redhat.com'] # curl -w "%{http_code}\n" http://myregistry.example.redhat.com:5000/v1/_ping 404 page not found 404 # curl -w "%{http_code}\n" http://myregistry.example.redhat.com:5000/v2/ {}200 * This is a docker-distribution v2 registry that dosen't support v1 # docker info | grep -A6 Registry WARNING: You're not using the default seccomp profile Registry: https://myregistry.example.redhat.com:5000/v1/ Experimental: false Insecure Registries: myregistry.example.redhat.com:5000 127.0.0.0/8 Live Restore Enabled: false Registries: myregistry.example.redhat.com:5000 (insecure), registry.access.redhat.com (secure), docker.io (secure) * It's still reported as v1 and HTTPS even though it's neither # docker pull myregistry.example.redhat.com:5000/rhel72 Using default tag: latest Trying to pull repository myregistry.example.redhat.com:5000/rhel72 ... latest: Pulling from myregistry.example.redhat.com:5000/rhel72 60555de892ec: Pull complete Digest: sha256:bf54eba0767f4cfd65f37555899f1067e27fc5ed0f63513f37a8258f48e87eb3 Status: Downloaded newer image for myregistry.example.redhat.com:5000/rhel72:latest * Daemon still correctly pulls via v2 and HTTP Derrick, Confirm that this is just a display issue. Adding the registry allows pulling without prefixing the registry hostname as the first component. Aron, thanks for the confirmation. The Red Hat Enterprise Linux 7 life cycle has entered Maintenance Support 1 Phase, which means that only qualified Critical and Important Security errata advisories (RHSAs) and some Urgent Priority Bug Fix errata advisories (RHBAs) will be released as they become available. Unfortunately, this issue was not selected to be included in Red Hat Enterprise Linux 7, because it is seen either as low or moderate impact to a small number of use-cases. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise, we recommend moving the request to Red Hat Enterprise Linux 8 if applicable. See the Red Hat Enterprise Linux Life Cycle for more details: https://access.redhat.com/support/policy/updates/errata/#Maintenance_Support_1_Phase |