1511869 – Docker login failed in proxy environment against an authenticated registry

Bug 1511869 - Docker login failed in proxy environment against an authenticated registry

Summary: Docker login failed in proxy environment against an authenticated registry

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.7.z
Assignee:	Michael Gugino
QA Contact:	Gan Huang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-11-10 10:32 UTC by Gan Huang
Modified:	2018-04-05 09:31 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-04-05 09:30:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0636	0	None	None	None	2018-04-05 09:31:32 UTC

Description Gan Huang 2017-11-10 10:32:51 UTC

Description of problem:
While  triggering test against an authenticated registry behind proxy, unable  to perform `docker login` against the authenticated registry.

TASK [docker : Create credentials for docker cli registry auth] ****************
FAILED - RETRYING: Create credentials for docker cli registry auth (3 retries left).
FAILED - RETRYING: Create credentials for docker cli registry auth (2 retries left).
FAILED - RETRYING: Create credentials for docker cli registry auth (1 retries left).
fatal:  [host-8-241-83.host.centralci.eng.rdu2.redhat.com]: FAILED! =>  {"attempts": 3, "changed": true, "cmd": ["docker",  "--config=/root/.docker", "login", "-u", "test", "-p", "password-xxxx",  "registry.reg-aws.openshift.com:443"], "delta": "0:00:45.047867", "end":  "2017-11-08 21:23:07.725973", "failed": true, "msg": "non-zero return  code", "rc": 1, "start": "2017-11-08 21:22:22.678106", "stderr": "Error  response from daemon: Get https://registry.reg-aws.openshift.com:443/v1/users/: dial tcp 52.54.206.155:443: i/o timeout", "stderr_lines": ["Error response from daemon: Get https://registry.reg-aws.openshift.com:443/v1/users/: dial tcp 52.54.206.155:443: i/o timeout"], "stdout": "", "stdout_lines": []}
    to retry, use: --limit @/home/slave5/workspace/Run-Ansible-Playbooks/private-openshift-ansible/playbooks/byo/config.retry

Version-Release number of the following components:
openshift-ansible-3.7.5-1.git.0.7900f45.el7.noarch.rpm
docker-1.12.6-67.gitec8512b.el7.x86_64


How reproducible:
always

Steps to Reproduce:
1. Trigger installation behind proxy against au authenticated registry which needs to execute `docker login`
2.
3.

Actual results:
see above

Expected results:

Additional info:
After removing the instances security-group which disables the internet connections, manually run `docker login xxx` succeed.

Comment 1 Michael Gugino 2017-11-10 20:01:14 UTC

We will need to support environment variables at the play level to fix this.

Comment 2 Michael Gugino 2017-11-10 20:17:36 UTC

Looking into this further, the docker login actually requests the docker daemon to do the network call, so the proxy settings need to be applied to the docker daemon, which they appear to be.

Comment 3 Michael Gugino 2017-11-10 21:00:13 UTC

After some further investigation, this looks like it should be working.

Gan, can you post your inventory?

You should have the following variables set in your inventory/group_vars to ensure docker is configured to use a proxy:

openshift_http_proxy
openshift_https_proxy
openshift_no_proxy

These proxy settings should be present in
/etc/sysconfig/docker

Can you verify any proxy settings in that file?

Also, can you post the output of the docker role's tasks?

Comment 7 Michael Gugino 2017-11-13 18:40:49 UTC

Gan,

Thank you for the additional information, it was helpful in understanding the root of this issue.

PR Created: https://github.com/openshift/openshift-ansible/pull/6102

Comment 9 Gan Huang 2018-01-25 09:09:19 UTC

Tested in openshift-ansible-3.7.26-1.git.0.f87f1af.el7.noarch.rpm and passed.

Need to attach a errata build for the fix.

Comment 11 Gan Huang 2018-02-08 02:20:24 UTC

Per comment 9, moving to verified.

Comment 15 errata-xmlrpc 2018-04-05 09:30:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0636

Note You need to log in before you can comment on or make changes to this bug.