Bug 1419487

Summary: Sanitize Docker v1 Registry Logging
Product: Red Hat Enterprise Linux 7 Reporter: Marko Myllynen <myllynen>
Component: docker-registryAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED EOL QA Contact: atomic-bugs <atomic-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: lsm5, thrcka
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-10 12:49:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marko Myllynen 2017-02-06 10:32:45 UTC 
Description of problem:
After configuring a secure v1 Docker Registry with docker and docker-registry on "warn" level logging and pushing few images, I see system log being flooded with these kinds of messages:

Feb  6 09:59:03 rhev-i24c-01 dockerd-current: time="2017-02-06T09:59:03.698273419+02:00" level=error msg="Attempting next endpoint for push after error: Get https://registry.example.com:5000/v2/: EOF"
Feb  6 09:59:03 rhev-i24c-01 gunicorn: 192.168.122.1 - - [06/Feb/2017:09:59:03] "GET /v2/ HTTP/1.1" 404 233 "-" "docker/1.12.5 go/go1.7.4 kernel/3.10.0-514.6.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.5 \(linux\))"
Feb  6 09:59:03 rhev-i24c-01 gunicorn: 06/Feb/2017:09:59:03 +0000 INFO: 192.168.122.1 - - [06/Feb/2017:09:59:03] "GET /v2/ HTTP/1.1" 404 233 "-" "docker/1.12.5 go/go1.7.4 kernel/3.10.0-514.6.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.5 \(linux\))"
Feb  6 09:59:03 rhev-i24c-01 dockerd-current: time="2017-02-06T09:59:03.708042748+02:00" level=error msg="Upload failed: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: \"<!DOCTYPE HTML PUBLIC \\\"-//W3C//DTD HTML 3.2 Final//EN\\\">\\n<title>404 Not Found</title>\\n<h1>Not Found</h1>\\n<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>\\n\""
Feb  6 09:59:03 rhev-i24c-01 gunicorn: 192.168.122.1 - - [06/Feb/2017:09:59:03] "POST /v2/openshift3/ose-docker-registry/blobs/uploads/ HTTP/1.1" 404 233 "-" "docker/1.12.5 go/go1.7.4 kernel/3.10.0-514.6.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.5 \(linux\))"
Feb  6 09:59:03 rhev-i24c-01 gunicorn: 06/Feb/2017:09:59:03 +0000 INFO: 192.168.122.1 - - [06/Feb/2017:09:59:03] "POST /v2/openshift3/ose-docker-registry/blobs/uploads/ HTTP/1.1" 404 233 "-" "docker/1.12.5 go/go1.7.4 kernel/3.10.0-514.6.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.5 \(linux\))"

These should not be logged on warn level (debug would look more appropriate) and it might be also considered to use a dedicated log file for these.

Please also note the wrong timezone by gunicorn.

There might be other cases as well which I didn't come across now, would be great to have docker-registry logging reviewed and sanitized in general. If done in upstream/Fedora already, then please consider backporting to RHEL 7.

Thanks.

Version-Release number of selected component (if applicable):
docker-registry-0.9.1-7.el7.x86_64
Comment 1 Marko Myllynen 2017-02-06 10:33:59 UTC 
See also:

https://bugzilla.redhat.com/show_bug.cgi?id=1419485
https://bugzilla.redhat.com/show_bug.cgi?id=1419486
Comment 3 Lokesh Mandvekar 2019-04-10 12:49:49 UTC 
docker-registry has been obsoleted by docker-distribution. Please file a bug against docker-distribution if this issue exists with it as well..