Bug 90820 - pull-dkr forgets HTTP credentials on subsequent hits
Summary: pull-dkr forgets HTTP credentials on subsequent hits
Status: RESOLVED WONTFIX
Alias: None
Product: systemd
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: systemd-bugs
QA Contact: systemd-bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-02 14:03 UTC by Gunther Klessinger
Modified: 2016-02-01 17:50 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Description Gunther Klessinger 2015-06-02 14:03:04 UTC
High,
systemd version: 219, fedora 22

Summary: machinectl does first hit correctly with http creds within the URL - but forgets them in subsequent hit(s).
And I did not see an option to supply user creds to machinectl.

-----------

Details:

Trying the (great) pull-dkr on my PRIVATE docker reqistry, with a http basic authing proxy infront of it.

Since it has http auth on, when pulling using docker it works like:

[root@f2 axc]# docker login https://axchange.axiros.com  
Username: ax__Js3MQjrGKcjwS94j  (<-- just a temporary token)
Password: 
Email: asdf@asdf.de
WARNING: login credentials saved in /root/.dockercfg.
Login Succeeded
[root@f2 axc]# docker pull axchange.axiros.com/axcdocker/jessie:latest    
Trying to pull repository axchange.axiros.com/axcdocker/jessie ...
2863afcd1309: Download complete 
(...)

------------

Using machinectl:

[root@f2 site-packages]# machinectl pull-dkr 'axcdocker/jessie:latest' --dkr-index-url https://ax__Js3MQjrGKcjwS94j:AXC@axchange.axiros.com  --verify=no

(note that I've put the creds into the URL)

Enqueued transfer job 1. Press C-c to continue download in background.
Pulling 'axcdocker/jessie' with tag 'latest', saving as 'jessie'.
Downloading 380B for https://ax__Js3MQjrGKcjwS94j:AXC@axchange.axiros.com/v1/repositories/axcdocker/jessie/images.
Download of https://ax__Js3MQjrGKcjwS94j:AXC@axchange.axiros.com/v1/repositories/axcdocker/jessie/images complete.
Index lookup succeeded, directed to registry axchange.axiros.com.
Downloading 172B for https://axchange.axiros.com/v1/repositories/axcdocker/jessie/tags/latest.
HTTP request to https://axchange.axiros.com/v1/repositories/axcdocker/jessie/tags/latest failed with code 400.
Failed to retrieve tags list.
Exiting.

stracing it, grepping for the URL:
[root@f2 site-packages]# cat trace |grep axchange
writev(2, [{"Downloading 380B for https://ax_"..., 114}, {"\n", 1}], 2Downloading 380B for https://ax__Js3MQjrGKcjwS94j:AXC@axchange.axiros.com/v1/repositories/axcdocker/jessie/images.
writev(2, [{"Download of https://ax__Js3MQjrG"..., 114}, {"\n", 1}], 2Download of https://ax__Js3MQjrGKcjwS94j:AXC@axchange.axiros.com/v1/repositories/axcdocker/jessie/images complete.
writev(2, [{"Index lookup succeeded, directed"..., 65}, {"\n", 1}], 2Index lookup succeeded, directed to registry axchange.axiros.com.
writev(2, [{"Downloading 172B for https://axc"..., 94}, {"\n", 1}], 2Downloading 172B for https://axchange.axiros.com/v1/repositories/axcdocker/jessie/tags/latest.
writev(2, [{"HTTP request to https://axchange"..., 110}, {"\n", 1}], 2HTTP request to https://axchange.axiros.com/v1/repositories/axcdocker/jessie/tags/latest failed with code 400.
[root@f2 site-packages]# 


-> the hit for the tags did not have the creds, so the registry server says no no.

-----------


Can help myself with proxies for now but would be cool if machinectl could handle that, best with username password options at least for basic auth.


Thanks,
Gunther
Comment 1 Gunther Klessinger 2015-06-02 14:08:57 UTC
PS: let me know if you need a set of credentials for trying. But I guess its simple enough to understand & commit in without ;-)
Comment 2 Lennart Poettering 2015-06-09 22:54:57 UTC
Can you try this with v220? Can you reproduce it there?
Comment 3 Gunther Klessinger 2015-06-10 00:38:14 UTC
Hi,

last time i tried 220 on rawhide I ran into this Selinux Access denied problem and it seems not yet fixed. 

But: You can quickly check yourself, created a private repo which accepts ANY user as long password is AXC:

On 219 I get:

[root@f2 ~]# machinectl pull-dkr 'axcdocker/jessie' --dkr-index-url https://foo:AXC@axchange.axiros.com  --verify=no
(...)
Downloading 380B for https://foo:AXC@axchange.axiros.com/v1/repositories/axcdocker/jessie/images.
Index lookup succeeded, directed to registry axchange.axiros.com.
Downloading 172B for https://axchange.axiros.com/v1/repositories/axcdocker/jessie/tags/latest.
(...)Failed to retrieve tags list.
Exiting.

If the second hit is WITH creds then the bug is fixed.

Servus,
Gunther

PS: Creating a little PaaS thingy around systemd & would love to develop around 220 already. Any hint where to get a binary (any OS)?

Compiling it last time I got funny "protocol not supported" errors at journalctl, so I continued with 219...
Comment 4 Lennart Poettering 2016-02-01 17:50:04 UTC
dkr support has been removed form importd. Closing.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.