1564830 – [Satellite 6.3]Unable to sync docker images from 'quay.io' registry.

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1564830 - [Satellite 6.3]Unable to sync docker images from 'quay.io' registry.

Summary: [Satellite 6.3]Unable to sync docker images from 'quay.io' registry.

Keywords:
Status:	CLOSED DUPLICATE of bug 1572302
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Pulp
Sub Component:
Version:	6.3.0
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-08 05:19 UTC by Amar Huchchanavar
Modified:	2021-12-10 15:55 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-05-09 14:26:28 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Amar Huchchanavar 2018-04-08 05:19:30 UTC

Description of problem:
Unable to sync docker images from quay.io registry.
It fails with an error 'Could not find registry API at https://quay.io/api/v1/repository/'


Version-Release number of selected component (if applicable):
Satellite 6.3

How reproducible:
Always 

Steps to Reproduce:
1.Configure docker repository with url https://quay.io/api/v1/repository/  or  https://quay.io/
2.Try to sync the repository.


Actual results:
Fails with an error : 
Could not find registry API at https://quay.io/

Expected results:
It should sync the images from the Quay

Additional info:
Quay allows access via api when providing authentication token.
With satellite, I do not see any possible way to do it.

Comment 3 Tom McKay 2018-04-26 19:12:49 UTC

This works fine, as far as I can tell. Note that to sync from quay.io a username and token password must be specified in the repo details. This can be found on the quay.io user settings page.

Please let me know if there are any questions. Thanks!

Comment 4 Tom McKay 2018-05-07 13:59:44 UTC

Reopening... this works upstream but not in 6.3.0. Pulp is not able to find a registry at https://quay.io even w/ username/password.

Comment 5 amacdona@redhat.com 2018-05-07 18:28:06 UTC

I was able to get this to work with current master on pulp and pulp_docker. It is unclear if there is a bug or if the reproduction steps were incorrect.

1. I made a public repository on quay.io, https://quay.io/repository/asmacdo/busybox

2. Create a pulp repo

$ pulp-admin docker repo create --repo-id myquay --feed https://quay.io/repository/ --upstream-name asmacdo/busybox

3. Sync 

$ pulp-admin docker repo sync run --repo-id myquay

There could be an auth issue as well, but please make sure that the feed and upstream name are both correct.

Comment 6 Tom McKay 2018-05-07 20:39:13 UTC

@amacdona - Does it work in either of these versions?
pulp-server-2.13.4.6-1.el7sat.noarch.rpm 
pulp-server-2.13.4.9-1.el7sat.noarch.rpm

Comment 7 Ina Panova 2018-05-09 12:59:41 UTC

i did not look very deep in here but this looks like same issue with tokens and scope specification like in google registry.

as you can see the scope is not specified by registry in the auth-header
>>Download failed: Download of https://quay.io/v2/auth?service=quay.io failed with code 401: UNAUTHORIZED

$ git checkout grc-sat 
Switched to branch 'grc-sat'
[ipanova@ina pulp_docker]$ for s in {qpidd,pulp_celerybeat,pulp_resource_manager,pulp_workers,httpd}; do sudo systemctl restart $s; done
[ipanova@ina pulp_docker]$ pulp-admin -vv docker repo sync run --repo-id myquay

Task Succeeded

Task Succeeded


$ pulp-admin docker repo list


+----------------------------------------------------------------------+
                          Docker Repositories
+----------------------------------------------------------------------+

Id:                  myquay
Display Name:        None
Description:         None
Content Unit Counts: 
  Docker Blob:     3
  Docker Manifest: 1
  Docker Tag:      1


with this patch we in a defensive way are setting the scope even if the registry did not provide it:

>>> Download succeeded: https://quay.io/v2/auth?scope=repository%3Aasmacdo%2Fbusybox%3Apull&service=quay.io.

Note You need to log in before you can comment on or make changes to this bug.