Created attachment 1515751 [details] List of packages installed on machine where feature did work in the past One of changes introduced in Satellite 6.5 allows users to execute docker commands against Satellite server (FQDN, not Crane exposed on specific port). `docker pull`, which is one of primary supported commands, does not work. I have verified that this feature does not work on Satellite 6.5 snap 8, but it did work on forklift development box in late November (foreman commit: 3371bd6d380316588fccc740a41b293ccfc0f250 ; Katello commit: d83615fa0c523a10f1931a833a45f285e0e4e386; full list of installed packages in attachement). I was not able to setup environment with current Foreman master or with older Satellite snap, so I couldn't verify if that stopped working in recent Satellite snap, or somehow got broken during upstream -> downstream transition. Assigning Regression keyword because that feature was tested early in development cycle and was working back then. Version-Release number of selected component (if applicable): Satellite 6.5 snap 8 katello-3.10.0-0.6.rc1.el7sat.noarch pulp-server-2.18.0-0.1.rc.el7sat.noarch foreman-1.20.1.1-1.el7sat.noarch satellite-6.5.0-5.beta.el7sat.noarch Steps to Reproduce: 1. hammer product create --name="docker-prod" --organization-id="1" 2. hammer repository create --content-type docker --docker-upstream-name alpine --name alpine --product-id :id --url https://registry-1.docker.io/ 3. hammer repository synchronize --id :id 4. Set Library "Unauthenticated pull" to true or use `docker login` 5. docker pull $HOSTNAME/default_organization-docker-prod-alpine Using default tag: latest Trying to pull repository $HOSTNAME/default_organization-docker-prod-alpine ... error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\n</p>\n</body></html>\n" 6. docker pull $HOSTNAME:5000/default_organization-docker-prod-alpine Using default tag: latest Trying to pull repository $HOSTNAME:5000/default_organization-docker-prod-alpine ... sha256:621c2f39f8133acb8e64023a94dbdf0d5ca81896102b9e57c0dc184cadaf5528: Pulling from $HOSTNAME:5000/default_organization-docker-prod-alpine 4fe2ade4980c: Pull complete Digest: sha256:621c2f39f8133acb8e64023a94dbdf0d5ca81896102b9e57c0dc184cadaf5528 Status: Downloaded newer image for $HOSTNAME:5000/default_organization-docker-prod-alpine:latest Actual results: It is possible to pull image directly from Crane, but pulling them from Satellite hostname is not possible. Expected results: Using Satellite FQDN as docker hub URL is working for pulling images.
The problem is that the web server is not forwarding requests coming in on port 443 to whatever port Crane is running on. I am guessing the installer is not configuring the web server to do that.
Created redmine issue https://projects.theforeman.org/issues/25922 from this bug
Upstream bug assigned to jsherril
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/25922 has been resolved.
Fix verified. I have tried pulling container images from Library, from new lifecycle environment and from new lifecycle environment with custom registry name pattern. Each time, I tried with unauthenticated pull set to on and after `docker login`. I tried on alpine (all tags) and nodejs ("latest" tag only). Each pull succeeded. Version: Satellite 6.5 snap 14 foreman-1.20.1.10-1.el7sat.noarch pulp-server-2.18.0-0.1.rc.el7sat.noarch satellite-6.5.0-6.beta.el7sat.noarch katello-3.10.0-0.6.rc1.el7sat.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222