Red Hat Bugzilla – Bug 1464188
docker push on exposed registry url without port results in "unauthorized: authentication required"
Last modified: 2017-09-05 06:35:14 EDT
Description of problem:
Secure and expose registry, then push causes "unauthorized: authentication required". If port is on 443, for instance, then running "docker push" should default to trying 443 (if in additional registries in /etc/sysconfig/docker or if specifying https://) or 80 (if in insecure registry or if specifying http://). As it stands this message occurs unless manually specifying the actual port.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Secure and expose registry
2. docker push registry.cloudapps.example.com/openshift/php:latest
Cannot set persistent booleans, please try as root.
The push refers to a repository [registry.cloudapps.example.com/openshift/php]
unauthorized: authentication required
not sure if this appears only in certain conditions. I documented in a KCS solution https://access.redhat.com/solutions/3090231 -- may be related to upstream issue https://github.com/openshift/origin/issues/12260 and PRs https://github.com/openshift/origin/pull/11391 and https://github.com/openshift/origin/pull/14319
This is a slightly odd user experience, as we should expect that if you specify https, or if it's a known secure registry, that you'd automatically try port 443. Or otherwise it would be good to have a slightly more useful error message.
Or if the above is not able to be modified due to upstream conventions, we can change this to a docs bug to add a quick note in the docs, "On a secured, exposed registry it is required to specify the port"
*** This bug has been marked as a duplicate of bug 1439614 ***
The above bug is not public, is there some way we can change that so those of us affected by this can keep track of the progress?
Copying Oleg from the private bug:
I've found that it was fixed in Docker v17.04.0-ce-rc1:
So we need to wait for docker update to pickup this fix.
and is it going to be backported to 1.12 since that is what OCP is released with?
(In reply to Boris Kurktchiev from comment #4)
> and is it going to be backported to 1.12 since that is what OCP is released
Dan might know if that is doable (or know a person who can triage it).
Either rename this bugzilla to Docker or create a new bug to back port those patches.
Daniel I think this is what you mean
I'm going to backport that patch, assuming assumuing the docker/distribution registry used by openshift has the fix already backported.
Michal could you check if openshift registry has this patch https://github.com/docker/distribution/commit/462bb55c3f05def7f4ddee3c3965f08a25777df9 ?
Patch backported here https://github.com/projectatomic/docker/commit/c87521300a1fbe4acc342e26fdf434f8b49a57f8
*** Bug 1439614 has been marked as a duplicate of this bug. ***
*** Bug 1480499 has been marked as a duplicate of this bug. ***
A similar problem is fine for me, Bug 1472974
Move to verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.