Bug 1381739 - must specify port when using insecure registries with 'atomic pull'
Summary: must specify port when using insecure registries with 'atomic pull'
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: atomic
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Brent Baude
QA Contact: atomic-bugs@redhat.com
Yoana Ruseva
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-04 21:02 UTC by Micah Abbott
Modified: 2016-12-06 17:42 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-06 17:42:24 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2857 0 normal SHIPPED_LIVE atomic bug fix and enhancement update 2016-12-06 22:40:27 UTC

Description Micah Abbott 2016-10-04 21:02:18 UTC 
Using atomic-1.12.5-2.el7.x86_64 in RHELAH 7.3

When trying to perform an 'atomic pull' from an insecure registry, the user may encounter this error:

# atomic --debug pull registry.access.stage.redhat.com/rhel7/cockpit-ws
Image registry.access.stage.redhat.com/rhel7/cockpit-ws is being pulled to docker ...
[Errno -2] Name or service not known
Traceback (most recent call last):
  File "/bin/atomic", line 186, in <module>
    sys.exit(_func())
  File "/usr/lib/python2.7/site-packages/Atomic/pull.py", line 56, in pull_image
    handler()
  File "/usr/lib/python2.7/site-packages/Atomic/pull.py", line 40, in pull_docker_image
    insecure = True if is_insecure_registry(self.d.info()['RegistryConfig'], strip_port(registry)) else False
  File "/usr/lib/python2.7/site-packages/Atomic/util.py", line 690, in is_insecure_registry
    for j in get_ips_from_host(i):
  File "/usr/lib/python2.7/site-packages/Atomic/util.py", line 674, in get_ips_from_host
    return list(set([x[4][0] for x in socket.getaddrinfo(_host, None)]))
gaierror: [Errno -2] Name or service not known


The workaround is to specify the port for the insecure registry in '/etc/sysconfig/docker' and during the 'atomic pull' command:


# grep INSECURE_REGISTRY /etc/sysconfig/docker
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
INSECURE_REGISTRY='--insecure-registry registry.access.stage.redhat.com:80'

# atomic --debug pull registry.access.stage.redhat.com:80/rhel7
Comment 1 Brent Baude 2016-10-04 21:06:00 UTC 
Fixed upstream -> https://github.com/projectatomic/atomic/pull/678
Comment 3 Daniel Walsh 2016-10-10 15:53:45 UTC 
Fixed in atomic-1.13.
Comment 5 Alex Jia 2016-11-01 08:59:40 UTC 
[root@bootp-73-3-203 ~]# rpm -q atomic
atomic-1.13.5-1.el7.x86_64

[root@bootp-73-3-203 ~]# grep INSECURE_REGISTRY /etc/sysconfig/docker
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
# INSECURE_REGISTRY='--insecure-registry'
INSECURE_REGISTRY='--insecure-registry registry.access.stage.redhat.com'

[root@bootp-73-3-203 ~]# atomic --debug pull registry.access.stage.redhat.com/rhel7
Image registry.access.stage.redhat.com/rhel7 is being pulled to docker ...
Pulling registry.access.stage.redhat.com/rhel7:latest ...
Executing: /usr/bin/skopeo --debug --tls-verify=false copy --remove-signatures docker://registry.access.stage.redhat.com/rhel7:latest docker-daemon:registry.access.stage.redhat.com/rhel7:latest
DEBU[0000] Using registries.d directory /etc/containers/registries.d for sigstore configuration 
DEBU[0000]  Using "default-docker" configuration        
DEBU[0000]  No signature storage configuration found for registry.access.stage.redhat.com/rhel7:latest 
DEBU[0000] IsRunningImageAllowed for image docker:registry.access.stage.redhat.com/rhel7:latest 
DEBU[0000]  Using default policy section                
DEBU[0000]  Requirement 0: allowed                      
DEBU[0000] Overall: allowed                             
DEBU[0000] GET https://registry.access.stage.redhat.com/v2/ 
DEBU[0001] Ping https://registry.access.stage.redhat.com/v2/ err <nil> 
DEBU[0001] Ping https://registry.access.stage.redhat.com/v2/ status 200 
DEBU[0001] GET https://registry.access.stage.redhat.com/v2/rhel7/manifests/latest 
DEBU[0003] Will convert manifest from MIME type application/vnd.docker.distribution.manifest.v1+prettyjws to application/vnd.docker.distribution.manifest.v2+json 
Copying blob sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5
DEBU[0003] Downloading rhel7/blobs/sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5 
DEBU[0003] GET https://registry.access.stage.redhat.com/v2/rhel7/blobs/sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5 
DEBU[0004] Detected compression format gzip             
 0 B / 68.76 MB [--------------------------------------------------------------]DEBU[0004] Using original blob without modification     
DEBU[0004] Sending as tar file sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5 
 68.75 MB / 68.76 MB [=========================================================]DEBU[0650] Consuming rest of the original blob to satisfy getOriginalLayerCopyWriter 

DEBU[0650] Computed DiffID sha256:34d3e0e77091d9d51c6f70a7a7a4f7536aab214a55e02a8923af8f80cbe60d30 for layer sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5 
Copying blob sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979
DEBU[0650] Downloading rhel7/blobs/sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979 
DEBU[0650] GET https://registry.access.stage.redhat.com/v2/rhel7/blobs/sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979 
 68.76 MB / 68.76 MB [=========================================================]DEBU[0652] Detected compression format gzip             
 0 B / 730 B [-----------------------------------------------------------------]DEBU[0652] Using original blob without modification     
DEBU[0652] Sending as tar file sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979 
DEBU[0652] Consuming rest of the original blob to satisfy getOriginalLayerCopyWriter 

DEBU[0652] Computed DiffID sha256:ccd6fc81ec49bd45f04db699401eb149b1945bb7292476b390ebdcdd7d975697 for layer sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979 
Copying config sha256:f98706e16e41e56c4beaeea9fa77cd00fe35693635ed274f128876713afc0a1e
DEBU[0652] No compression detected                      
 0 B / 1.71 KB [---------------------------------------------------------------]DEBU[0652] Using original blob without modification     
DEBU[0652] Sending as tar file sha256:f98706e16e41e56c4beaeea9fa77cd00fe35693635ed274f128876713afc0a1e 

Writing manifest to image destination
DEBU[0652] Sending as tar file manifest.json            
Storing signatures
DEBU[0652] docker-daemon: Closing tar stream            
DEBU[0652] docker-daemon: Waiting for status            
 1.71 KB / 1.71 KB [===========================================================]DEBU[0673] docker-daemon: sending done, status <nil>    

[root@bootp-73-3-203 ~]# atomic images list
   REPOSITORY                               TAG      IMAGE ID       CREATED            VIRTUAL SIZE   TYPE      
   registry.access.stage.redhat.com/rhel7   latest   f98706e16e41   2016-10-26 20:02   192.51 MB      Docker
Comment 7 errata-xmlrpc 2016-12-06 17:42:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2857.html
Note You need to log in before you can comment on or make changes to this bug.