Bug 1511869
| Summary: | Docker login failed in proxy environment against an authenticated registry | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Gan Huang <ghuang> |
| Component: | Installer | Assignee: | Michael Gugino <mgugino> |
| Status: | CLOSED ERRATA | QA Contact: | Gan Huang <ghuang> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.7.0 | CC: | aos-bugs, ghuang, jokerman, mgugino, mmccomas |
| Target Milestone: | --- | ||
| Target Release: | 3.7.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-04-05 09:30:40 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
We will need to support environment variables at the play level to fix this. Looking into this further, the docker login actually requests the docker daemon to do the network call, so the proxy settings need to be applied to the docker daemon, which they appear to be. After some further investigation, this looks like it should be working. Gan, can you post your inventory? You should have the following variables set in your inventory/group_vars to ensure docker is configured to use a proxy: openshift_http_proxy openshift_https_proxy openshift_no_proxy These proxy settings should be present in /etc/sysconfig/docker Can you verify any proxy settings in that file? Also, can you post the output of the docker role's tasks? Gan, Thank you for the additional information, it was helpful in understanding the root of this issue. PR Created: https://github.com/openshift/openshift-ansible/pull/6102 Tested in openshift-ansible-3.7.26-1.git.0.f87f1af.el7.noarch.rpm and passed. Need to attach a errata build for the fix. Per comment 9, moving to verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0636 |
Description of problem: While triggering test against an authenticated registry behind proxy, unable to perform `docker login` against the authenticated registry. TASK [docker : Create credentials for docker cli registry auth] **************** FAILED - RETRYING: Create credentials for docker cli registry auth (3 retries left). FAILED - RETRYING: Create credentials for docker cli registry auth (2 retries left). FAILED - RETRYING: Create credentials for docker cli registry auth (1 retries left). fatal: [host-8-241-83.host.centralci.eng.rdu2.redhat.com]: FAILED! => {"attempts": 3, "changed": true, "cmd": ["docker", "--config=/root/.docker", "login", "-u", "test", "-p", "password-xxxx", "registry.reg-aws.openshift.com:443"], "delta": "0:00:45.047867", "end": "2017-11-08 21:23:07.725973", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-11-08 21:22:22.678106", "stderr": "Error response from daemon: Get https://registry.reg-aws.openshift.com:443/v1/users/: dial tcp 52.54.206.155:443: i/o timeout", "stderr_lines": ["Error response from daemon: Get https://registry.reg-aws.openshift.com:443/v1/users/: dial tcp 52.54.206.155:443: i/o timeout"], "stdout": "", "stdout_lines": []} to retry, use: --limit @/home/slave5/workspace/Run-Ansible-Playbooks/private-openshift-ansible/playbooks/byo/config.retry Version-Release number of the following components: openshift-ansible-3.7.5-1.git.0.7900f45.el7.noarch.rpm docker-1.12.6-67.gitec8512b.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Trigger installation behind proxy against au authenticated registry which needs to execute `docker login` 2. 3. Actual results: see above Expected results: Additional info: After removing the instances security-group which disables the internet connections, manually run `docker login xxx` succeed.