Bug 1419487 - Sanitize Docker v1 Registry Logging
Summary: Sanitize Docker v1 Registry Logging
Keywords:
Status: CLOSED EOL
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: docker-registry
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Lokesh Mandvekar
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-06 10:32 UTC by Marko Myllynen
Modified: 2019-04-10 12:49 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-04-10 12:49:49 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Marko Myllynen 2017-02-06 10:32:45 UTC
Description of problem:
After configuring a secure v1 Docker Registry with docker and docker-registry on "warn" level logging and pushing few images, I see system log being flooded with these kinds of messages:

Feb  6 09:59:03 rhev-i24c-01 dockerd-current: time="2017-02-06T09:59:03.698273419+02:00" level=error msg="Attempting next endpoint for push after error: Get https://registry.example.com:5000/v2/: EOF"
Feb  6 09:59:03 rhev-i24c-01 gunicorn: 192.168.122.1 - - [06/Feb/2017:09:59:03] "GET /v2/ HTTP/1.1" 404 233 "-" "docker/1.12.5 go/go1.7.4 kernel/3.10.0-514.6.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.5 \(linux\))"
Feb  6 09:59:03 rhev-i24c-01 gunicorn: 06/Feb/2017:09:59:03 +0000 INFO: 192.168.122.1 - - [06/Feb/2017:09:59:03] "GET /v2/ HTTP/1.1" 404 233 "-" "docker/1.12.5 go/go1.7.4 kernel/3.10.0-514.6.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.5 \(linux\))"
Feb  6 09:59:03 rhev-i24c-01 dockerd-current: time="2017-02-06T09:59:03.708042748+02:00" level=error msg="Upload failed: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: \"<!DOCTYPE HTML PUBLIC \\\"-//W3C//DTD HTML 3.2 Final//EN\\\">\\n<title>404 Not Found</title>\\n<h1>Not Found</h1>\\n<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>\\n\""
Feb  6 09:59:03 rhev-i24c-01 gunicorn: 192.168.122.1 - - [06/Feb/2017:09:59:03] "POST /v2/openshift3/ose-docker-registry/blobs/uploads/ HTTP/1.1" 404 233 "-" "docker/1.12.5 go/go1.7.4 kernel/3.10.0-514.6.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.5 \(linux\))"
Feb  6 09:59:03 rhev-i24c-01 gunicorn: 06/Feb/2017:09:59:03 +0000 INFO: 192.168.122.1 - - [06/Feb/2017:09:59:03] "POST /v2/openshift3/ose-docker-registry/blobs/uploads/ HTTP/1.1" 404 233 "-" "docker/1.12.5 go/go1.7.4 kernel/3.10.0-514.6.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.5 \(linux\))"

These should not be logged on warn level (debug would look more appropriate) and it might be also considered to use a dedicated log file for these.

Please also note the wrong timezone by gunicorn.

There might be other cases as well which I didn't come across now, would be great to have docker-registry logging reviewed and sanitized in general. If done in upstream/Fedora already, then please consider backporting to RHEL 7.

Thanks.

Version-Release number of selected component (if applicable):
docker-registry-0.9.1-7.el7.x86_64

Comment 3 Lokesh Mandvekar 2019-04-10 12:49:49 UTC
docker-registry has been obsoleted by docker-distribution. Please file a bug against docker-distribution if this issue exists with it as well..


Note You need to log in before you can comment on or make changes to this bug.