[RTFACT-8446] Docker token HTTP client does not inherit proxy (and other) settings of the remote repo Created: 23/Oct/15  Updated: 14/Nov/17  Resolved: 30/Dec/15

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Docker
Affects Version/s: 4.2.2
Fix Version/s: 4.4.0

Type: Bug Priority: Critical
Reporter: Uriah Levy Assignee: Shay Yaakov (Inactive)
Resolution: Fixed Votes: 3
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Trigger
Support Tickets:

Landmark - Support Case, Smals - Support Case, PSA Peugeot Citroën - Support Case

Product Backlog: 4.4.0
Assigned QA: Daniel Keler
Internal Priority: Critical

 Description   

The HTTP client we initialize for the token requests for a remote docker repo is not bound to any repo context. For situations where a proxy has to be defined for outbound requests, having to check the global proxy setting as system default is an ugly workaround.

Those requests should be bound to the remote repo settings (proxy, timeout settings, etc).



 Comments   
Comment by Olivier Lambert [ 03/Nov/15 ]

I think there is another problem.

By setting the system default proxy, the manifest files are downloaded from duckerhub and are put in the cache.
Unfortunately, the images are not downloaded !!

Is there another configuration used for downloading images ?

Comment by Justin Georgeson [ 03/Nov/15 ]

The images are being cached for me using the system default proxy workaround, but this defect came from a support ticket I submitted.

Comment by Alix Lourme [ 16/Dec/15 ]

Same issue for me, on Artifactory v4.3.2, a docker remote repository (on “Docker Hub”) seems not use the proxy configured in advanced tab for the "sub requests".

Consider a simple docker configuration : docker-local & docker-remote (behing company proxy) & docker-virtual (entry point).

This scenario works and validate the installation (internet proxy configured for docker deamon, for this sample … the objective is to use Artifactory as proxy)

$ docker pull busybox
$ docker tag busybox repository.company.com/test
$ docker push repository.company.com/test
$ docker images -aq | xargs docker rmi –f
$ docker pull repository.company.com/test

But trying using Artifactory as registry proxy for official images:

$ docker pull repository.company.com/ubuntu

Gives :

“FATA[0001] Error: Status 400 trying to pull repository ubuntu: "{\n  \"errors\" : [ {\n    \"status\" : 400,\n    \"message\" : \"Unsupported docker v1 repository request for 'docker'\"\n  } ]\n}"”

In Artifactory log :

2015-12-16 14:42:28,001 [ajp-nio-8019-exec-4] [DEBUG] (o.a.u.PreemptiveAuthInterceptor:59) - Updating credentials for host https://registry-1.docker.io
2015-12-16 14:42:29,173 [ajp-nio-8019-exec-4] [ERROR] (o.a.a.d.r.DockerTokenProvider:183) - Error occurred while retrieving token from 'https://auth.docker.io/token?scope=repository:library/ubuntu:pull&service=registry.docker.io': auth.docker.io: unknown error
2015-12-16 14:42:29,182 [ajp-nio-8019-exec-4] [DEBUG] (o.a.a.d.r.DockerTokenProvider:184) - Error occurred while retrieving token from 'https://auth.docker.io/token?scope=repository:library/ubuntu:pull&service=registry.docker.io'.
java.net.UnknownHostException: auth.docker.io: unknown error
                at java.net.Inet4AddressImpl.lookupAllHostAddr(Native Method) ~[na:1.8.0_60]

=> The internet proxy configured for docker-remote (here: https://registry-1.docker.io/) seems not used for “sub call”, like https://auth.docker.io

Workaround: Configuring the proxy as “System Default” solve the problem, but has some impacts on company domain requests (“no hosts” can’t be configured on the proxy).

Generated at Mon Dec 16 11:49:12 UTC 2019 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.