Bug 1661019 - [Container Admin] docker pull does not work
Summary: [Container Admin] docker pull does not work
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Container Management
Version: 6.5.0
Hardware: Unspecified
OS: Unspecified
urgent vote
Target Milestone: 6.5.0
Assignee: Justin Sherrill
QA Contact: Mirek Długosz
Depends On:
TreeView+ depends on / blocked
Reported: 2018-12-19 20:21 UTC by Mirek Długosz
Modified: 2019-11-05 22:42 UTC (History)
5 users (show)

Fixed In Version: tfm-rubygem-katello-
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2019-05-14 12:39:37 UTC
Target Upstream Version:

Attachments (Terms of Use)
List of packages installed on machine where feature did work in the past (26.02 KB, text/plain)
2018-12-19 20:21 UTC, Mirek Długosz
no flags Details

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 25922 0 Normal Closed [Container Admin] docker pull does not work 2020-05-18 08:59:18 UTC
Red Hat Product Errata RHSA-2019:1222 0 None None None 2019-05-14 12:39:45 UTC

Description Mirek Długosz 2018-12-19 20:21:43 UTC
Created attachment 1515751 [details]
List of packages installed on machine where feature did work in the past

One of changes introduced in Satellite 6.5 allows users to execute docker commands against Satellite server (FQDN, not Crane exposed on specific port). `docker pull`, which is one of primary supported commands, does not work.

I have verified that this feature does not work on Satellite 6.5 snap 8, but it did work on forklift development box in late November (foreman commit: 3371bd6d380316588fccc740a41b293ccfc0f250 ; Katello commit: d83615fa0c523a10f1931a833a45f285e0e4e386; full list of installed packages in attachement). I was not able to setup environment with current Foreman master or with older Satellite snap, so I couldn't verify if that stopped working in recent Satellite snap, or somehow got broken during upstream -> downstream transition. Assigning Regression keyword because that feature was tested early in development cycle and was working back then.

Version-Release number of selected component (if applicable):
Satellite 6.5 snap 8

Steps to Reproduce:
1. hammer product create --name="docker-prod" --organization-id="1"
2. hammer repository create --content-type docker --docker-upstream-name alpine --name alpine --product-id :id --url https://registry-1.docker.io/
3. hammer repository synchronize --id :id
4. Set Library "Unauthenticated pull" to true or use `docker login`
5. docker pull $HOSTNAME/default_organization-docker-prod-alpine
Using default tag: latest
Trying to pull repository $HOSTNAME/default_organization-docker-prod-alpine ...
error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\n</p>\n</body></html>\n"
6. docker pull $HOSTNAME:5000/default_organization-docker-prod-alpine
Using default tag: latest
Trying to pull repository $HOSTNAME:5000/default_organization-docker-prod-alpine ...
sha256:621c2f39f8133acb8e64023a94dbdf0d5ca81896102b9e57c0dc184cadaf5528: Pulling from $HOSTNAME:5000/default_organization-docker-prod-alpine
4fe2ade4980c: Pull complete
Digest: sha256:621c2f39f8133acb8e64023a94dbdf0d5ca81896102b9e57c0dc184cadaf5528
Status: Downloaded newer image for $HOSTNAME:5000/default_organization-docker-prod-alpine:latest

Actual results:
It is possible to pull image directly from Crane, but pulling them from Satellite hostname is not possible.

Expected results:
Using Satellite FQDN as docker hub URL is working for pulling images.

Comment 1 Dennis Kliban 2018-12-20 14:15:21 UTC
The problem is that the web server is not forwarding requests coming in on port 443 to whatever port Crane is running on. I am guessing the installer is not configuring the web server to do that.

Comment 3 Justin Sherrill 2019-01-25 17:12:23 UTC
Created redmine issue https://projects.theforeman.org/issues/25922 from this bug

Comment 4 Bryan Kearney 2019-01-25 19:05:01 UTC
Upstream bug assigned to jsherril

Comment 5 Bryan Kearney 2019-01-25 19:05:02 UTC
Upstream bug assigned to jsherril

Comment 6 Bryan Kearney 2019-01-28 17:04:48 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/25922 has been resolved.

Comment 9 Mirek Długosz 2019-02-04 13:02:42 UTC
Fix verified.

I have tried pulling container images from Library, from new lifecycle environment and from new lifecycle environment with custom registry name pattern. Each time, I tried with unauthenticated pull set to on and after `docker login`. I tried on alpine (all tags) and nodejs ("latest" tag only). Each pull succeeded.

Satellite 6.5 snap 14

Comment 12 errata-xmlrpc 2019-05-14 12:39:37 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.