RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1381739 - must specify port when using insecure registries with 'atomic pull'
Summary: must specify port when using insecure registries with 'atomic pull'
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: atomic
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Brent Baude
QA Contact: atomic-bugs@redhat.com
Yoana Ruseva
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-04 21:02 UTC by Micah Abbott
Modified: 2016-12-06 17:42 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-06 17:42:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2857 0 normal SHIPPED_LIVE atomic bug fix and enhancement update 2016-12-06 22:40:27 UTC

Description Micah Abbott 2016-10-04 21:02:18 UTC 
Using atomic-1.12.5-2.el7.x86_64 in RHELAH 7.3

When trying to perform an 'atomic pull' from an insecure registry, the user may encounter this error:

# atomic --debug pull registry.access.stage.redhat.com/rhel7/cockpit-ws
Image registry.access.stage.redhat.com/rhel7/cockpit-ws is being pulled to docker ...
[Errno -2] Name or service not known
Traceback (most recent call last):
  File "/bin/atomic", line 186, in <module>
    sys.exit(_func())
  File "/usr/lib/python2.7/site-packages/Atomic/pull.py", line 56, in pull_image
    handler()
  File "/usr/lib/python2.7/site-packages/Atomic/pull.py", line 40, in pull_docker_image
    insecure = True if is_insecure_registry(self.d.info()['RegistryConfig'], strip_port(registry)) else False
  File "/usr/lib/python2.7/site-packages/Atomic/util.py", line 690, in is_insecure_registry
    for j in get_ips_from_host(i):
  File "/usr/lib/python2.7/site-packages/Atomic/util.py", line 674, in get_ips_from_host
    return list(set([x[4][0] for x in socket.getaddrinfo(_host, None)]))
gaierror: [Errno -2] Name or service not known


The workaround is to specify the port for the insecure registry in '/etc/sysconfig/docker' and during the 'atomic pull' command:


# grep INSECURE_REGISTRY /etc/sysconfig/docker
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
INSECURE_REGISTRY='--insecure-registry registry.access.stage.redhat.com:80'

# atomic --debug pull registry.access.stage.redhat.com:80/rhel7
Comment 1 Brent Baude 2016-10-04 21:06:00 UTC 
Fixed upstream -> https://github.com/projectatomic/atomic/pull/678
Comment 3 Daniel Walsh 2016-10-10 15:53:45 UTC 
Fixed in atomic-1.13.
Comment 5 Alex Jia 2016-11-01 08:59:40 UTC 
[root@bootp-73-3-203 ~]# rpm -q atomic
atomic-1.13.5-1.el7.x86_64

[root@bootp-73-3-203 ~]# grep INSECURE_REGISTRY /etc/sysconfig/docker
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
# INSECURE_REGISTRY='--insecure-registry'
INSECURE_REGISTRY='--insecure-registry registry.access.stage.redhat.com'

[root@bootp-73-3-203 ~]# atomic --debug pull registry.access.stage.redhat.com/rhel7
Image registry.access.stage.redhat.com/rhel7 is being pulled to docker ...
Pulling registry.access.stage.redhat.com/rhel7:latest ...
Executing: /usr/bin/skopeo --debug --tls-verify=false copy --remove-signatures docker://registry.access.stage.redhat.com/rhel7:latest docker-daemon:registry.access.stage.redhat.com/rhel7:latest
DEBU[0000] Using registries.d directory /etc/containers/registries.d for sigstore configuration 
DEBU[0000]  Using "default-docker" configuration        
DEBU[0000]  No signature storage configuration found for registry.access.stage.redhat.com/rhel7:latest 
DEBU[0000] IsRunningImageAllowed for image docker:registry.access.stage.redhat.com/rhel7:latest 
DEBU[0000]  Using default policy section                
DEBU[0000]  Requirement 0: allowed                      
DEBU[0000] Overall: allowed                             
DEBU[0000] GET https://registry.access.stage.redhat.com/v2/ 
DEBU[0001] Ping https://registry.access.stage.redhat.com/v2/ err <nil> 
DEBU[0001] Ping https://registry.access.stage.redhat.com/v2/ status 200 
DEBU[0001] GET https://registry.access.stage.redhat.com/v2/rhel7/manifests/latest 
DEBU[0003] Will convert manifest from MIME type application/vnd.docker.distribution.manifest.v1+prettyjws to application/vnd.docker.distribution.manifest.v2+json 
Copying blob sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5
DEBU[0003] Downloading rhel7/blobs/sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5 
DEBU[0003] GET https://registry.access.stage.redhat.com/v2/rhel7/blobs/sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5 
DEBU[0004] Detected compression format gzip             
 0 B / 68.76 MB [--------------------------------------------------------------]DEBU[0004] Using original blob without modification     
DEBU[0004] Sending as tar file sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5 
 68.75 MB / 68.76 MB [=========================================================]DEBU[0650] Consuming rest of the original blob to satisfy getOriginalLayerCopyWriter 

DEBU[0650] Computed DiffID sha256:34d3e0e77091d9d51c6f70a7a7a4f7536aab214a55e02a8923af8f80cbe60d30 for layer sha256:972548a33962c6f466128fc90db5d224d8bb5f589ffd9a998a43f323c7111cf5 
Copying blob sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979
DEBU[0650] Downloading rhel7/blobs/sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979 
DEBU[0650] GET https://registry.access.stage.redhat.com/v2/rhel7/blobs/sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979 
 68.76 MB / 68.76 MB [=========================================================]DEBU[0652] Detected compression format gzip             
 0 B / 730 B [-----------------------------------------------------------------]DEBU[0652] Using original blob without modification     
DEBU[0652] Sending as tar file sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979 
DEBU[0652] Consuming rest of the original blob to satisfy getOriginalLayerCopyWriter 

DEBU[0652] Computed DiffID sha256:ccd6fc81ec49bd45f04db699401eb149b1945bb7292476b390ebdcdd7d975697 for layer sha256:9b0dee6356a152d6cbac4adf6ce40ae4df40442d559931862ad65c78ed373979 
Copying config sha256:f98706e16e41e56c4beaeea9fa77cd00fe35693635ed274f128876713afc0a1e
DEBU[0652] No compression detected                      
 0 B / 1.71 KB [---------------------------------------------------------------]DEBU[0652] Using original blob without modification     
DEBU[0652] Sending as tar file sha256:f98706e16e41e56c4beaeea9fa77cd00fe35693635ed274f128876713afc0a1e 

Writing manifest to image destination
DEBU[0652] Sending as tar file manifest.json            
Storing signatures
DEBU[0652] docker-daemon: Closing tar stream            
DEBU[0652] docker-daemon: Waiting for status            
 1.71 KB / 1.71 KB [===========================================================]DEBU[0673] docker-daemon: sending done, status <nil>    

[root@bootp-73-3-203 ~]# atomic images list
   REPOSITORY                               TAG      IMAGE ID       CREATED            VIRTUAL SIZE   TYPE      
   registry.access.stage.redhat.com/rhel7   latest   f98706e16e41   2016-10-26 20:02   192.51 MB      Docker
Comment 7 errata-xmlrpc 2016-12-06 17:42:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2857.html
Note You need to log in before you can comment on or make changes to this bug.