Bug 1368999 - [extras-rhel-7.2.7] Docker daemon returns header text/plain instead of application/json
Summary: [extras-rhel-7.2.7] Docker daemon returns header text/plain instead of applic...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: docker
Version: 7.2
Hardware: Unspecified
OS: Unspecified
high
urgent
Target Milestone: rc
: ---
Assignee: Lokesh Mandvekar
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
: 1368140 1373123 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-22 10:03 UTC by Praveen Kumar
Modified: 2019-12-16 06:26 UTC (History)
14 users (show)

Fixed In Version: docker-1.10.3-46.el7.14
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1371266 (view as bug list)
Environment:
Last Closed: 2016-09-15 08:30:51 UTC
Target Upstream Version:


Attachments (Terms of Use)
Fix response issue (816 bytes, patch)
2016-08-24 09:45 UTC, Praveen Kumar
no flags Details | Diff
Fix response issue (1.06 KB, patch)
2016-08-24 09:46 UTC, Praveen Kumar
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1827 normal SHIPPED_LIVE docker bug fix update 2016-09-15 11:57:19 UTC

Description Praveen Kumar 2016-08-22 10:03:46 UTC
Description of problem:

Docker daemon return header as text/plain when query it using curl which blocks to connect with eclipse tooling.


Version-Release number of selected component (if applicable):
Docker version 1.10.3, build 2a93377-unsupported

How reproducible:
Every time

Steps to Reproduce:
1. Start docker daemon and generated certs. (We used Container develop kit)
 
2. Try to query to docker daemon using curl.

curl --cacert $DOCKER_CERT_PATH/ca.pem --cert $DOCKER_CERT_PATH/cert.pfx --pass supersecret -v https://172.28.128.4:2376/images/json

3. You can check response header like below

< HTTP/1.1 200 OK
< Date: Fri, 19 Aug 2016 17:05:01 GMT
< Content-Type: text/plain; charset=utf-8
< Transfer-Encoding: chunked


Actual results:


< HTTP/1.1 200 OK
< Date: Fri, 19 Aug 2016 17:05:01 GMT
< Content-Type: text/plain; charset=utf-8
< Transfer-Encoding: chunked


Expected results:

< HTTP/1.1 200 OK
< Content-Type: application/json
* Server Docker/1.10.3 (linux) is not blacklisted
< Server: Docker/1.10.3 (linux)
< Date: Fri, 19 Aug 2016 16:56:51 GMT
< Transfer-Encoding: chunked

Additional info:

Please refer: https://github.com/projectatomic/adb-atomic-developer-bundle/issues/511

Comment 4 Antonio Murdaca 2016-08-22 13:59:14 UTC
can you, by any means, try to replicate this behavior with the upstream docker 1.10.3 version? (just to narrow this issue down to one of our patches if the issue is there)

Comment 5 Roland Grunberg 2016-08-22 14:00:07 UTC
This seems similar to Bug 1243999. That one was filed against Docker 1.7 and fixed in 1.8. The bug links to the fix that was applied to upstream docker master.

Comment 6 Antonio Murdaca 2016-08-22 15:36:55 UTC
This is an issue with Authz docker subsystem - reported upstream https://github.com/docker/docker/issues/25927 - now working with them on a fix

Comment 7 Praveen Kumar 2016-08-24 09:45:41 UTC
Created attachment 1193558 [details]
Fix response issue

Comment 8 Praveen Kumar 2016-08-24 09:46:05 UTC
Created attachment 1193559 [details]
Fix response issue

Comment 9 Praveen Kumar 2016-08-24 09:47:09 UTC
I tested it with upstream patch and did a scratch build which works as expected.

https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=11652247 , Please do tag build for same so we can consume it.

Comment 10 Antonio Murdaca 2016-08-24 09:53:05 UTC
Yeah, once it's reviewed and merged I'll backport the fix to 1.10.3 and 1.12.1 and update in Fedora.

Comment 11 Antonio Murdaca 2016-08-24 10:11:09 UTC
Patch backported to 1.10.3 branches and 1.12 - now building, moving to modified

Comment 15 Daniel Veillard 2016-08-26 12:16:16 UTC
Antonio, what is the build NVR ? If that was built do you have an errata
to push this on QE etc ...

Daniel

Comment 16 Lokesh Mandvekar 2016-08-26 12:29:11 UTC
I'm pretty certain that commit hasn't been included yet if it was recently merged into projectatomic/docker. I could do a new build once I have PM ack on this.

Comment 19 Alex Jia 2016-08-31 02:19:10 UTC
I tried to connect to the local Docker daemon then list images between docker-1.10.3-46.el7.10.x86_64 and docker-1.10.3-46.el7.14.x86_64, it works well for me.

1. on docker-1.10.3-46.el7.10.x86_64 w/ curl-7.29.0-32.el7.x86_64

* About to connect() to http port 80 (#0)
*   Trying /var/run/docker.sock...
* Failed to set TCP_KEEPIDLE on fd 3
* Failed to set TCP_KEEPINTVL on fd 3
* Connected to http (/var/run/docker.sock) port 80 (#0)
> GET /images/json HTTP/1.1
> User-Agent: curl/7.29.0
> Host: http
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Wed, 31 Aug 2016 02:00:37 GMT
< Content-Type: text/plain; charset=utf-8
< Transfer-Encoding: chunked
<ignore .../>


2. on docker-1.10.3-46.el7.14.x86_64 w/ curl-7.29.0-32.el7.x86_64

* About to connect() to http port 80 (#0)
*   Trying /var/run/docker.sock...
* Failed to set TCP_KEEPIDLE on fd 3
* Failed to set TCP_KEEPINTVL on fd 3
* Connected to http (/var/run/docker.sock) port 80 (#0)
> GET /images/json HTTP/1.1
> User-Agent: curl/7.29.0
> Host: http
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: application/json
< Server: Docker/1.10.3 (linux)
< Date: Wed, 31 Aug 2016 02:05:54 GMT
< Transfer-Encoding: chunked
<ignore .../>

NOTE: the Content-Type is application/json not text/plain now.

Praveen, could you give a double check in your real work environment, thanks in advance.

Comment 20 Praveen Kumar 2016-08-31 06:36:31 UTC
I tested with docker-common-1.10.3-46.el7.14.x86_64 and this is now resolved.

➜  cdk curl --cacert $DOCKER_CERT_PATH/ca.pem --cert $DOCKER_CERT_PATH/cert.pfx --pass supersecret -v https://172.28.128.4:2376/containers/json
* Hostname was NOT found in DNS cache
*   Trying 172.28.128.4...
* Connected to 172.28.128.4 (172.28.128.4) port 2376 (#0)
* WARNING: SSL: Certificate type not set, assuming PKCS#12 format.
* Client certificate: client
* WARNING: using IP address, SNI is being disabled by the OS.
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate: example.com
* Server certificate: example.com
> GET /containers/json HTTP/1.1
> User-Agent: curl/7.37.1
> Host: 172.28.128.4:2376
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: application/json
* Server Docker/1.10.3 (linux) is not blacklisted
< Server: Docker/1.10.3 (linux)
< Date: Wed, 31 Aug 2016 06:34:39 GMT
< Transfer-Encoding: chunked

Comment 21 Václav Kadlčík 2016-09-12 08:00:20 UTC
*** Bug 1368140 has been marked as a duplicate of this bug. ***

Comment 23 errata-xmlrpc 2016-09-15 08:30:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-1827.html

Comment 24 Miheer Salunke 2016-09-16 16:39:08 UTC
*** Bug 1373123 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.