Bug 1255502 - Docker build fails when pulling image from repository
Summary: Docker build fails when pulling image from repository
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 3.0.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Cesar Wong
QA Contact: Wenjing Zheng
Depends On:
TreeView+ depends on / blocked
Reported: 2015-08-20 18:35 UTC by Kenny Woodson
Modified: 2015-09-22 19:52 UTC (History)
5 users (show)

Fixed In Version: openshift-
Doc Type: Bug Fix
Doc Text:
Cause: Docker client libraries needed to be updated. Consequence: OpenShift was unable to import an image from an authenticated v2 registry. Fix: Docker client libraries were updated. Result: OpenShift can now import an image from an authenticated v2 registry.
Clone Of:
Last Closed: 2015-09-22 19:52:54 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1835 normal SHIPPED_LIVE Red Hat OpenShift Enterprise bug fix and enhancement update 2015-09-22 23:52:35 UTC

Description Kenny Woodson 2015-08-20 18:35:13 UTC
Description of problem:
When doing a docker build based on an image from the internal docker registry, the registry responds with the following message:

F0818 16:18:36.664505       1 builder.go:64] Build error: pulling with digest 
reference failed from v2 registry

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. Create a Docker file that uses an image.  ex. FROM <anyimage>
2. Use oc new-app to create the previous container from step 1.
3. Create a new docker file that references the FROM line with the container from step 1. ex. FROM <image_from_step_1>
4. Use oc new-app to build the container from step 3.
5. Verify the error message, "pulling with digest 
reference failed from v2 registry"

Actual results:
Builds fail when building containers based on images already in the registry.

Expected results:
Builds should succeed when building containers based on containers that are in the internal v3 docker registry.

Additional info:
We ran into this issue when building a few containers for our monitoring solution.  We debugged this issue and according to Cesar,

"I found the issue is a Docker bug that seems to have been introduced in 1.7.1. The problem seems to be in the parsing of a Dockerfile FROM spec that includes a SHA digest. The lookup into the auth config map fails (most likely because it's not handling the ':' in the spec correctly) and then the right credentials are not passed to the registry. This only happens in 'docker build'. Other operations like 'docker pull' work because the credentials are handled differently."

"I found that the Docker issue we ran into has been fixed in more recent versions of Docker (starting with 1.8). At least part of the fix went into this commit: https://github.com/docker/docker/commit/02c7bbefb8841e5e86a4b9d467defa668e3ea613 which is tagged with 1.8."

Comment 2 Cesar Wong 2015-08-24 13:12:55 UTC
The issue is with the format of the credential map passed to Docker from the client. It can be reproduced with images that have a sha digest or not. The fix in https://github.com/docker/docker/commit/02c7bbefb8841e5e86a4b9d467defa668e3ea613 should be all that's needed to fix this.

Comment 3 Cesar Wong 2015-09-09 16:10:33 UTC
Fixed with https://github.com/openshift/origin/pull/4535

Comment 5 Johnny Liu 2015-09-11 10:08:03 UTC
Verified this bug with openshift-, and PASS.

1. Create git repo, include a docker file, just like: https://github.com/jianlinliu/docker-build
2. Run "oc new-app https://github.com/jianlinliu/docker-build", this would trigger a docker build, it will push a new docker images into internal docker registry.
$ oc describe po docker-build-1-srs9t|grep "Image"
3. Create another git repo, include a docker file, that uses docker images generated from step 2 with "FROM", e.g: https://github.com/jianlinliu/docker-build1
4. Run "oc new-app https://github.com/jianlinliu/docker-build1", build and deploy successfully.

$ oc build-logs docker-build1-1
I0911 05:50:27.807942       1 docker.go:202] Cloning source from https://github.com/jianlinliu/docker-build1
Step 0 : FROM
 ---> 26904fe2c1eb
Step 1 : ADD test /opt/jialiu_test
 ---> 9e06855d6446

Comment 7 errata-xmlrpc 2015-09-22 19:52:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.