You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Jan Schlicht (JIRA)" <ji...@apache.org> on 2017/01/12 13:17:52 UTC

[jira] [Comment Edited] (MESOS-6010) Docker registry puller shows decode error "No response decoded".

    [ https://issues.apache.org/jira/browse/MESOS-6010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15820967#comment-15820967 ] 

Jan Schlicht edited comment on MESOS-6010 at 1/12/17 1:17 PM:
--------------------------------------------------------------

To reproduce what's going on here in detail:
{noformat}
docker run -d -p 3128:3128 minimum2scp/squid
export https_proxy=127.0.0.1:3128
curl -vvv https://user:pass@httpbin.org/basic-auth/user/pass
{noformat}
which will produce this output:
{noformat}
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* Establish HTTP proxy tunnel to httpbin.org:443
* Server auth using Basic with user 'user'
> CONNECT httpbin.org:443 HTTP/1.1
> Host: httpbin.org:443
> User-Agent: curl/7.51.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.httpbin.org
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
* Server auth using Basic with user 'user'
> GET /basic-auth/user/pass HTTP/1.1
> Host: httpbin.org
> Authorization: Basic dXNlcjpwYXNz
> User-Agent: curl/7.51.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Thu, 12 Jan 2017 13:05:00 GMT
< Content-Type: application/json
< Content-Length: 47
< Connection: keep-alive
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
<
{
  "authenticated": true,
  "user": "user"
}
* Curl_http_done: called premature == 0
* Connection #0 to host 127.0.0.1 left intact
{noformat}
To use SSL through a proxy, curl uses [HTTP CONNECT tunnelling|https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling]. This means that 2 HTTP requests are made and we get 2 HTTP responses. The first response is a problem for {{http_parser}} because it doesn't have any headers. We can force {{http_parser}} to parse this anyways but then the body of that message would be the second HTTP response.


was (Author: nfnt):
To reproduce what's going on here in detail:
{noformat}
docker run -d -p 3128:3128 minimum2scp/squid
export https_proxy=127.0.0.1:3128
curl -vvv https://user:pass@httpbin.org/basic-auth/user/pass
{noformat}
To use SSL through a proxy, curl uses [HTTP CONNECT tunnelling|https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling]. This means that 2 HTTP requests are made and we get 2 HTTP responses. The first response is a problem for {{http_parser}} because it doesn't have any headers. We can force {{http_parser}} to parse this anyways but then the body of that message would be the second HTTP response.

> Docker registry puller shows decode error "No response decoded".
> ----------------------------------------------------------------
>
>                 Key: MESOS-6010
>                 URL: https://issues.apache.org/jira/browse/MESOS-6010
>             Project: Mesos
>          Issue Type: Bug
>          Components: containerization, docker
>    Affects Versions: 1.0.0, 1.0.1
>            Reporter: Sunzhe
>            Assignee: Jan Schlicht
>            Priority: Critical
>              Labels: Docker, mesos-containerizer
>
> The {{mesos-agent}} flags:
> {code}
>  GLOG_v=1 ./bin/mesos-agent.sh \
>               --master=zk://${MESOS_MASTER_IP}:2181/mesos  \
>               --ip=10.100.3.3  \
>               --work_dir=${MESOS_WORK_DIR} \
>               --isolation=cgroups/devices,gpu/nvidia,disk/du,docker/runtime,filesystem/linux \
>               --enforce_container_disk_quota \
>               --containerizers=mesos \
>               --image_providers=docker \
>               --executor_environment_variables="{}"
> {code}
> And the {{mesos-execute}} flags:
> {code}
>  ./src/mesos-execute \
>            --master=${MESOS_MASTER_IP}:5050 \
>            --name=${INSTANCE_NAME} \
>            --docker_image=${DOCKER_IMAGE} \
>            --framework_capabilities=GPU_RESOURCES \
>            --shell=false
> {code}
> But when {{./src/mesos-execute}}, the errors like below:
> {code}
> I0809 16:11:46.207875 25583 scheduler.cpp:172] Version: 1.0.0
> I0809 16:11:46.212442 25582 scheduler.cpp:461] New master detected at master@10.103.0.125:5050
> Subscribed with ID '168ab900-ee7e-4829-a59a-d16de956637e-0009'
> Submitted task 'test' to agent '168ab900-ee7e-4829-a59a-d16de956637e-S1'
> Received status update TASK_FAILED for task 'test'
>   message: 'Failed to launch container: Failed to decode HTTP responses: No response decoded
> HTTP/1.1 200 Connection established
> HTTP/1.1 401 Unauthorized
> Content-Type: application/json; charset=utf-8
> Docker-Distribution-Api-Version: registry/2.0
> Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/redis:pull"
> Date: Tue, 09 Aug 2016 08:10:32 GMT
> Content-Length: 145
> Strict-Transport-Security: max-age=31536000
> {"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Name":"library/redis","Action":"pull"}]}]}
> ; Container destroyed while provisioning images'
>   source: SOURCE_AGENT
>   reason: REASON_CONTAINER_LAUNCH_FAILED
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)