Bug 1511869 – Docker login failed in proxy environment against an authenticated registry

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1511869 - Docker login failed in proxy environment against an authenticated registry

Summary:	Docker login failed in proxy environment against an authenticated registry

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer (Show other bugs)
Sub Component:
Version:	3.7.0
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	---
Target Release:	3.7.z
Assigned To:	Michael Gugino
QA Contact:	Gan Huang
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-11-10 05:32 EST by Gan Huang
Modified:	2018-04-05 05:31 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-04-05 05:30:40 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0636	None	None	None	2018-04-05 05:31 EDT

Groups: None (edit)

Description Gan Huang 2017-11-10 05:32:51 EST

Description of problem:
While  triggering test against an authenticated registry behind proxy, unable  to perform `docker login` against the authenticated registry.

TASK [docker : Create credentials for docker cli registry auth] ****************
FAILED - RETRYING: Create credentials for docker cli registry auth (3 retries left).
FAILED - RETRYING: Create credentials for docker cli registry auth (2 retries left).
FAILED - RETRYING: Create credentials for docker cli registry auth (1 retries left).
fatal:  [host-8-241-83.host.centralci.eng.rdu2.redhat.com]: FAILED! =>  {"attempts": 3, "changed": true, "cmd": ["docker",  "--config=/root/.docker", "login", "-u", "test", "-p", "password-xxxx",  "registry.reg-aws.openshift.com:443"], "delta": "0:00:45.047867", "end":  "2017-11-08 21:23:07.725973", "failed": true, "msg": "non-zero return  code", "rc": 1, "start": "2017-11-08 21:22:22.678106", "stderr": "Error  response from daemon: Get https://registry.reg-aws.openshift.com:443/v1/users/: dial tcp 52.54.206.155:443: i/o timeout", "stderr_lines": ["Error response from daemon: Get https://registry.reg-aws.openshift.com:443/v1/users/: dial tcp 52.54.206.155:443: i/o timeout"], "stdout": "", "stdout_lines": []}
    to retry, use: --limit @/home/slave5/workspace/Run-Ansible-Playbooks/private-openshift-ansible/playbooks/byo/config.retry

Version-Release number of the following components:
openshift-ansible-3.7.5-1.git.0.7900f45.el7.noarch.rpm
docker-1.12.6-67.gitec8512b.el7.x86_64


How reproducible:
always

Steps to Reproduce:
1. Trigger installation behind proxy against au authenticated registry which needs to execute `docker login`
2.
3.

Actual results:
see above

Expected results:

Additional info:
After removing the instances security-group which disables the internet connections, manually run `docker login xxx` succeed.

Comment 1 Michael Gugino 2017-11-10 15:01:14 EST

We will need to support environment variables at the play level to fix this.

Comment 2 Michael Gugino 2017-11-10 15:17:36 EST

Looking into this further, the docker login actually requests the docker daemon to do the network call, so the proxy settings need to be applied to the docker daemon, which they appear to be.

Comment 3 Michael Gugino 2017-11-10 16:00:13 EST

After some further investigation, this looks like it should be working.

Gan, can you post your inventory?

You should have the following variables set in your inventory/group_vars to ensure docker is configured to use a proxy:

openshift_http_proxy
openshift_https_proxy
openshift_no_proxy

These proxy settings should be present in
/etc/sysconfig/docker

Can you verify any proxy settings in that file?

Also, can you post the output of the docker role's tasks?

Comment 7 Michael Gugino 2017-11-13 13:40:49 EST

Gan,

Thank you for the additional information, it was helpful in understanding the root of this issue.

PR Created: https://github.com/openshift/openshift-ansible/pull/6102

Comment 9 Gan Huang 2018-01-25 04:09:19 EST

Tested in openshift-ansible-3.7.26-1.git.0.f87f1af.el7.noarch.rpm and passed.

Need to attach a errata build for the fix.

Comment 11 Gan Huang 2018-02-07 21:20:24 EST

Per comment 9, moving to verified.

Comment 15 errata-xmlrpc 2018-04-05 05:30:40 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0636

Note You need to log in before you can comment on or make changes to this bug.