You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@aurora.apache.org by Giulio Eulisse <gi...@cern.ch> on 2016/11/24 13:27:48 UTC
Unable to authenticate with docker registry
Hi,
I’ve a very simple service which uses the Mesos conteinizer and a
docker image:
```
Service(cluster = 'o2',
environment = 'devel',
role = 'root',
name = 'hello_world-docker',
task = hello_world_task,
container = Mesos(image=DockerImage(name='ubuntu',
tag='latest'))
)
```
Notice the job runs without the "container" attribute. If I add it, I
get:
```
a few seconds ago - FAILED : Failed to launch container: Collect failed:
Failed to decode HTTP responses: No response decoded HTTP/1.1 200
Connection established
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Www-Authenticate: Bearer
realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/ubuntu:pull"
Date: Thu, 24 Nov 2016 13:15:36 GMT
Content-Length: 146
Strict-Transport-Security: max-age=31536000
{"errors":[{"code":"UNAUTHORIZED","message":"authentication
required","detail":[{"Type":"repository","Name":"library/ubuntu","Action":"pull"}]}]}
; Container destroyed while provisioning images
```
notice I do run all the slaves with:
```
/usr/sbin/mesos-slave
--master=zk://aidrefpc001:2181,aidrefpc002:2181,aidrefpc003:2181/mesos
--log_dir=/var/log/mesos --container_disk_watch_interval=30mins
--containerizers=mesos
--docker_config=file:///etc/mesos-agent-docker_config
--docker_registry=https://registry-1.docker.io
--enforce_container_disk_quota=true --image_providers=DOCKER
--isolation=cgroups/cpu,cgroups/mem,filesystem/linux,docker/runtime,disk/du
--modules=file:///etc/mesos-agent-modules
--qos_controller=org_apache_mesos_LoadQoSController
--resource_estimator=org_apache_mesos_FixedResourceEstimator
--work_dir=/var/lib/mesos
```
and
```
file:///etc/mesos-agent-docker_config
```
is a valid `.dockercfg.json`.
```
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "XXXXXXXXXXXXXXXXXXXXXX",
"email": "alice.builder@cern.ch"
}
}
}
```
If I use:
```
curl -H 'WWW-Authenticate: Basic XXXXXXXXXXXXXXXXXXXXXX'
https://index.docker.io/v1/
```
it does return:
```
Docker Registry API
```
Any idea of what might go wrong?
--
Ciao,
Giulio
Re: Unable to authenticate with docker registry
Posted by Giulio Eulisse <gi...@cern.ch>.
Ciao,
you are right. I did some more investigations and I think the problem
is:
https://issues.apache.org/jira/browse/MESOS-6010
I.e. the HTTP CONNECT reply from the proxy we do have in our setup is
creating problems. Will follow up in the Mesos mailing list.
--
Ciao,
Giulio
On 29 Nov 2016, at 21:53, Zameer Manji wrote:
> Hey,
>
> I don't know the answer sadly, but this problem lies within the Mesos
> agent
> and you can get a better response on the Mesos mailing list.
>
> On Thu, Nov 24, 2016 at 5:27 AM, Giulio Eulisse
> <gi...@cern.ch>
> wrote:
>
>> Hi,
>>
>> I’ve a very simple service which uses the Mesos conteinizer and a
>> docker
>> image:
>>
>> Service(cluster = 'o2',
>> environment = 'devel',
>> role = 'root',
>> name = 'hello_world-docker',
>> task = hello_world_task,
>> container = Mesos(image=DockerImage(name='ubuntu',
>> tag='latest'))
>> )
>>
>> Notice the job runs without the "container" attribute. If I add it, I
>> get:
>>
>> a few seconds ago - FAILED : Failed to launch container: Collect
>> failed: Failed to decode HTTP responses: No response decoded HTTP/1.1
>> 200 Connection established
>>
>> HTTP/1.1 401 Unauthorized
>> Content-Type: application/json; charset=utf-8
>> Docker-Distribution-Api-Version: registry/2.0
>> Www-Authenticate: Bearer
>> realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/ubuntu:pull"
>> Date: Thu, 24 Nov 2016 13:15:36 GMT
>> Content-Length: 146
>> Strict-Transport-Security: max-age=31536000
>>
>> {"errors":[{"code":"UNAUTHORIZED","message":"authentication
>> required","detail":[{"Type":"repository","Name":"library/ubuntu","Action":"pull"}]}]}
>> ; Container destroyed while provisioning images
>>
>> notice I do run all the slaves with:
>>
>> /usr/sbin/mesos-slave
>> --master=zk://aidrefpc001:2181,aidrefpc002:2181,aidrefpc003:2181/mesos
>> --log_dir=/var/log/mesos --container_disk_watch_interval=30mins
>> --containerizers=mesos
>> --docker_config=file:///etc/mesos-agent-docker_config
>> --docker_registry=https://registry-1.docker.io
>> --enforce_container_disk_quota=true --image_providers=DOCKER
>> --isolation=cgroups/cpu,cgroups/mem,filesystem/linux,docker/runtime,disk/du
>> --modules=file:///etc/mesos-agent-modules
>> --qos_controller=org_apache_mesos_LoadQoSController
>> --resource_estimator=org_apache_mesos_FixedResourceEstimator
>> --work_dir=/var/lib/mesos
>>
>> and
>>
>> file:///etc/mesos-agent-docker_config
>>
>> is a valid .dockercfg.json.
>>
>> {
>> "auths": {
>> "https://index.docker.io/v1/": {
>> "auth": "XXXXXXXXXXXXXXXXXXXXXX",
>> "email": "alice.builder@cern.ch"
>> }
>> }
>> }
>>
>> If I use:
>>
>> curl -H 'WWW-Authenticate: Basic XXXXXXXXXXXXXXXXXXXXXX'
>> https://index.docker.io/v1/
>>
>> it does return:
>>
>> Docker Registry API
>>
>> Any idea of what might go wrong?
>>
>> --
>> Ciao,
>> Giulio
>>
>> --
>> Zameer Manji
>>
Re: Unable to authenticate with docker registry
Posted by Zameer Manji <zm...@apache.org>.
Hey,
I don't know the answer sadly, but this problem lies within the Mesos agent
and you can get a better response on the Mesos mailing list.
On Thu, Nov 24, 2016 at 5:27 AM, Giulio Eulisse <gi...@cern.ch>
wrote:
> Hi,
>
> I’ve a very simple service which uses the Mesos conteinizer and a docker
> image:
>
> Service(cluster = 'o2',
> environment = 'devel',
> role = 'root',
> name = 'hello_world-docker',
> task = hello_world_task,
> container = Mesos(image=DockerImage(name='ubuntu', tag='latest'))
> )
>
> Notice the job runs without the "container" attribute. If I add it, I get:
>
> a few seconds ago - FAILED : Failed to launch container: Collect failed: Failed to decode HTTP responses: No response decoded HTTP/1.1 200 Connection established
>
> HTTP/1.1 401 Unauthorized
> Content-Type: application/json; charset=utf-8
> Docker-Distribution-Api-Version: registry/2.0
> Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/ubuntu:pull"
> Date: Thu, 24 Nov 2016 13:15:36 GMT
> Content-Length: 146
> Strict-Transport-Security: max-age=31536000
>
> {"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Name":"library/ubuntu","Action":"pull"}]}]} ; Container destroyed while provisioning images
>
> notice I do run all the slaves with:
>
> /usr/sbin/mesos-slave --master=zk://aidrefpc001:2181,aidrefpc002:2181,aidrefpc003:2181/mesos --log_dir=/var/log/mesos --container_disk_watch_interval=30mins --containerizers=mesos --docker_config=file:///etc/mesos-agent-docker_config --docker_registry=https://registry-1.docker.io --enforce_container_disk_quota=true --image_providers=DOCKER --isolation=cgroups/cpu,cgroups/mem,filesystem/linux,docker/runtime,disk/du --modules=file:///etc/mesos-agent-modules --qos_controller=org_apache_mesos_LoadQoSController --resource_estimator=org_apache_mesos_FixedResourceEstimator --work_dir=/var/lib/mesos
>
> and
>
> file:///etc/mesos-agent-docker_config
>
> is a valid .dockercfg.json.
>
> {
> "auths": {
> "https://index.docker.io/v1/": {
> "auth": "XXXXXXXXXXXXXXXXXXXXXX",
> "email": "alice.builder@cern.ch"
> }
> }
> }
>
> If I use:
>
> curl -H 'WWW-Authenticate: Basic XXXXXXXXXXXXXXXXXXXXXX' https://index.docker.io/v1/
>
> it does return:
>
> Docker Registry API
>
> Any idea of what might go wrong?
>
> --
> Ciao,
> Giulio
>
> --
> Zameer Manji
>