404 when fetching docker image from artifactory hosted docker registry about docker2aci HOT 11 CLOSED

We add the /v1/ here:

from docker2aci.

@jaybuff are you seeing docker2aci fail against artifactory?
On Sep 17, 2015 03:07, "Iago López Galeiras" [email protected]
wrote:

We add the /v1/ here:

docker2aci/lib/backend/repository/repository.go

Line 347 in 8ac8ccf

path.Join(strings.TrimSpace(endpointEl), "v1"))

—
Reply to this email directly or view it on GitHub
#85 (comment).

from docker2aci.

Yes, pulling a docker image from artifactory using rkt-0.6.1 results in a 404. 0.6.1 has the line @iaguis references. I'm investigating why it doesn't work. Here's the actual command and error:

$ rkt --insecure-skip-verify fetch docker://registry.example.com/myns/myrepo:2.0
rkt: fetching image from docker://registry.example.com/myns/myrepo:2.0
error converting docker image to ACI: error getting ImageID from tag 2.0: HTTP code: 404. URL: https://registry.example.com/repositories/myns/myrepo/tags

from docker2aci.

Ah, artifactory 3.9.4 doesn't set the X-Docker-Endpoints header in response to the GET /v1/repositories/myns/myrepo/images. I'm not sure if other versions of artifactory set it.

from docker2aci.

Hi all, I am still not able to fetch a Docker image via rkt from Artifactory 4.8.2.
CA Certificate has been added to CoreOS after:

/var/lib/rkt/rkt fetch docker://<artifactoryhost>:50000/coreos/etcd:v3.0.2 --insecure-options=image image: remote fetching from URL "docker://<artifactoryhost>:50000/coreos/etcd:v3.0.2" fetch: Get https://<artifactoryhost>:50000/v2: x509: certificate signed by unknown authority

After the CA certificate was added, I get:
/var/lib/rkt/rkt fetch docker://<artifactoryhost>:50000/coreos/etcd:v3.0.2 --insecure-options=all image: remote fetching from URL "docker://<artifactoryhost>:50000/coreos/etcd:v3.0.2" fetch: unexpected http code: 400

With docker it works:
docker pull <artifactoryhost>:50000/coreos/etcd:v3.0.2 v3.0.2: Pulling from coreos/etcd e110a4a17941: Already exists 31eef2201534: Already exists a043d21891c5: Already exists fd2d99e13d06: Already exists Digest: sha256:d432e9d3a759eb599b075f92f32d661e5b2e6acaaa80377740fb55d474581f04 Status: Image is up to date for <artifactoryhost>:50000/coreos/etcd:v3.0.2

Any idea on this?

from docker2aci.

does --debug give you any more information on which URL is 400ing?

On 18 August 2016 at 14:05, Stefan Vetter [email protected] wrote:

Hi all, I am still not able to fetch a Docker image via rkt from
Artifactory 4.8.2.
CA Certificate has been added to CoreOS after:

/var/lib/rkt/rkt fetch docker://:50000/coreos/etcd:v3.0.2
--insecure-options=image
image: remote fetching from URL "docker://:
50000/coreos/etcd:v3.0.2"
fetch: Get https://:50000/v2: x509: certificate signed
by unknown authority

After the CA certificate was added, I get:
/var/lib/rkt/rkt fetch docker://:50000/coreos/etcd:v3.0.2
--insecure-options=all
image: remote fetching from URL "docker://:
50000/coreos/etcd:v3.0.2"
fetch: unexpected http code: 400

With docker it works:
docker pull docker.wdf.sap.corp:50000/coreos/etcd:v3.0.2
v3.0.2: Pulling from coreos/etcd
e110a4a17941: Already exists
31eef2201534: Already exists
a043d21891c5: Already exists
fd2d99e13d06: Already exists
Digest: sha256:d432e9d3a759eb599b075f92f32d66
1e5b2e6acaaa80377740fb55d474581f04
Status: Image is up to date for docker.wdf.sap.corp:50000/
coreos/etcd:v3.0.2

Any idea on this?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#85 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/ACewN1kkKD1tsIwgiOM3ZyHAAZBQemG6ks5qhEqJgaJpZM4F-wZs
.

from docker2aci.

Also to give it a mention it does not work with docker2aci itself:
bin/docker2aci docker://>artifactoryhost<:50000/coreos/etcd:v3.0.2 --debug -insecure-skip-verify=true -insecure-allow-http=true
Error: conversion error: unexpected http code: 400

from docker2aci.

Another hint probably:

docker save -o etcd_3.0.2.docker b1ef96aec70b docker2aci etcd_3.0.2.docker Error: conversion error: repositories file not found

While when running the pulled/saved image via docker it works properly.

With additional options:
./docker2aci -image=coreos/etcd:3.0.2 /tmp/etcd_3.0.2.docker -debug=true -insecure-skip-verify=true -insecure-allow-http=true Error: conversion error: repositories file not found

from docker2aci.

Made another test to verify where the problem really comes from:

Have been setting up nginx to proxy quay with following configuration which resulted in the same error:

upstream docker-registry {
  server quay-registry.s3.amazonaws.com;
}

server {
  listen 6443;
  server_name 192.168.10.1;

  ssl on;
  ssl_certificate /etc/pki/tls/certs/192.168.10.1.pem;
  ssl_certificate_key /etc/pki/tls/certs/192.168.10.1.key;

  client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

  # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
  chunked_transfer_encoding on;

  add_header Docker-Distribution-API-Version registry/2.0;

  location / {
    auth_basic off;
    proxy_pass            http://docker-registry;
    proxy_set_header      Host           $http_host;   # required for docker client's sake
    proxy_set_header      X-Real-IP      $remote_addr; # pass on real client's IP
    proxy_set_header      Authorization  "";  # see https://github.com/dotcloud/docker-registry/issues/170
    proxy_read_timeout    900;
  }

  location /_ping {
    auth_basic off;
    proxy_pass            http://docker-registry;
    proxy_set_header      Host           $http_host;   # required for docker client's sake
    proxy_set_header      X-Real-IP      $remote_addr; # pass on real client's IP
    proxy_set_header      Authorization  "";  # see https://github.com/dotcloud/docker-registry/issues/170
    proxy_read_timeout    900;
  }

  location /v1/_ping {
    auth_basic off;
    proxy_pass            http://docker-registry;
    proxy_set_header      Host           $http_host;   # required for docker client's sake
    proxy_set_header      X-Real-IP      $remote_addr; # pass on real client's IP
    proxy_set_header      Authorization  "";  # see https://github.com/dotcloud/docker-registry/issues/170
    proxy_read_timeout    900;
  }

  location /v2/ {
    if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
      return 404;
    }

    proxy_pass            http://docker-registry;
    proxy_set_header      Host                            $http_host;   # required for docker client's sake
    proxy_set_header      X-Real-IP                       $remote_addr; # pass on real client's IP
    proxy_set_header      X-Forwarded-For                 $proxy_add_x_forwarded_for;
    proxy_set_header      X-Forwarded-Proto               $scheme;
    proxy_read_timeout    900;
  }
}

from docker2aci.

Latest information: nginx proxy does not work out properly for performing analysis as based on the command it delivers other results as artifactory.
If you want me to test some commands/binaries, don't hesitate to drop me a comment.

Thanks!

from docker2aci.

Nope, no information. Sorry.

Am Donnerstag, 18. August 2016 schrieb Jonathan Boulle :

does --debug give you any more information on which URL is 400ing?

On 18 August 2016 at 14:05, Stefan Vetter <[email protected]
javascript:_e(%7B%7D,'cvml','[email protected]');> wrote:

Hi all, I am still not able to fetch a Docker image via rkt from
Artifactory 4.8.2.
CA Certificate has been added to CoreOS after:

/var/lib/rkt/rkt fetch docker://:
50000/coreos/etcd:v3.0.2
--insecure-options=image
image: remote fetching from URL "docker://:
50000/coreos/etcd:v3.0.2"
fetch: Get https://:50000/v2: x509: certificate signed
by unknown authority

After the CA certificate was added, I get:
/var/lib/rkt/rkt fetch docker://:
50000/coreos/etcd:v3.0.2
--insecure-options=all
image: remote fetching from URL "docker://:
50000/coreos/etcd:v3.0.2"
fetch: unexpected http code: 400

With docker it works:
docker pull docker.wdf.sap.corp:50000/coreos/etcd:v3.0.2
v3.0.2: Pulling from coreos/etcd
e110a4a17941: Already exists
31eef2201534: Already exists
a043d21891c5: Already exists
fd2d99e13d06: Already exists
Digest: sha256:d432e9d3a759eb599b075f92f32d66
1e5b2e6acaaa80377740fb55d474581f04
Status: Image is up to date for docker.wdf.sap.corp:50000/
coreos/etcd:v3.0.2

Any idea on this?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#85 (comment),
or mute
the thread
<https://github.com/notifications/unsubscribe-auth/
ACewN1kkKD1tsIwgiOM3ZyHAAZBQemG6ks5qhEqJgaJpZM4F-wZs>
.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#85 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AFI-HwGwSY-XVEugW6jPiyoee4Bbcf-yks5qhFJjgaJpZM4F-wZs
.

from docker2aci.