From Todd.Morgan at cgu.com.au Tue Dec 22 19:18:05 2015 From: Todd.Morgan at cgu.com.au (Todd Morgan) Date: Wed, 23 Dec 2015 02:18:05 +0000 Subject: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP Message-ID: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> Hi, I'm attempting to setup a play Portus instance using pure Docker. I followed the instructions here https://github.com/SUSE/Portus/wiki/Docker-Compose-Environment and have been able to get the instance running against my LDAP container and authenticating my initial (admin) user using an appropriate config-local.yml. My problem is that I am not able to perform the "docker login" in order to use the system. I have verified several different LDAP based accounts are able to login to the portus web ui successfully. Could someone please advise where exactly that I could find the appropriate log file (and within which container) in order to try and diagnose the docker login failure. I have tried to docker login both with an LDAP user which yields Error response from daemon: Wrong login/password, please try again And a local user (just created within Portus i.e. no LDAP). Error response from daemon: Wrong login/password, please try again I have also tried logging in from the actual host running the portus application. Which makes no difference. Thanks for your consideration. Todd _____________________________________________________________________ The information transmitted in this message and its attachments (if any) is intended only for the person or entity to which it is addressed. The message may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by persons or entities other than the intended recipient is prohibited. If you have received this in error, please contact the sender and delete this e-mail and associated material from any computer. The intended recipient of this e-mail may only use, reproduce, disclose or distribute the information contained in this e-mail and any attached files, with the permission of the sender. This message has been scanned for viruses. _____________________________________________________________________ From asarai at suse.de Tue Dec 22 19:29:12 2015 From: asarai at suse.de (Aleksa Sarai) Date: Wed, 23 Dec 2015 13:29:12 +1100 Subject: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP In-Reply-To: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> References: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> Message-ID: <567A06F8.9040108@suse.de> Hi Todd, > I'm attempting to setup a play Portus instance using pure Docker. I followed the instructions here https://github.com/SUSE/Portus/wiki/Docker-Compose-Environment and have been able to get the instance running against my LDAP container and authenticating my initial (admin) user using an appropriate config-local.yml. What docker-compose version are you using? There are upstream bugs in compose 1.5.1 that make the configuration setup used in Portus not function properly, the containers will start but you won't be able to authenticate. We're working on updating the docker compose repository provided by SUSE. These issues are mentioned here[1]. > My problem is that I am not able to perform the "docker login" in order to use the system. I have verified several different LDAP based accounts are able to login to the portus web ui successfully. > > Could someone please advise where exactly that I could find the appropriate log file (and within which container) in order to try and diagnose the docker login failure. If you're running the development version, there's Portus log files in portus_web_1 under `log/*.log`. The name of the log file indicates what environment you're running under (development, production, etc). [1]: https://github.com/SUSE/Portus/wiki/Docker-Compose-Environment#known-issues -- Aleksa Sarai Docker Core Specialist SUSE Australia https://www.cyphar.com/ From Todd.Morgan at cgu.com.au Tue Dec 22 20:47:42 2015 From: Todd.Morgan at cgu.com.au (Todd Morgan) Date: Wed, 23 Dec 2015 03:47:42 +0000 Subject: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP In-Reply-To: <567A06F8.9040108@suse.de> References: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> <567A06F8.9040108@suse.de> Message-ID: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE524@SDC1MX051.auiag.corp> Hi Aleksa, These are the Docker details for the host [nobody at portustest portus]# docker version Client: Version: 1.9.1 API version: 1.21 Go version: go1.4.2 Git commit: a34a1d5 Built: Fri Nov 20 13:25:01 UTC 2015 OS/Arch: linux/amd64 Server: Version: 1.9.1 API version: 1.21 Go version: go1.4.2 Git commit: a34a1d5 Built: Fri Nov 20 13:25:01 UTC 2015 OS/Arch: linux/amd64 [nobody at portustest portus]# docker-compose --version docker-compose version 1.5.2, build 7240ff3 ciao Todd -----Original Message----- From: containers-bounces at lists.suse.com [mailto:containers-bounces at lists.suse.com] On Behalf Of Aleksa Sarai Sent: Wednesday, 23 December 2015 1:29 PM To: containers at lists.suse.com Subject: Re: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP Hi Todd, > I'm attempting to setup a play Portus instance using pure Docker. I followed the instructions here https://github.com/SUSE/Portus/wiki/Docker-Compose-Environment and have been able to get the instance running against my LDAP container and authenticating my initial (admin) user using an appropriate config-local.yml. What docker-compose version are you using? There are upstream bugs in compose 1.5.1 that make the configuration setup used in Portus not function properly, the containers will start but you won't be able to authenticate. We're working on updating the docker compose repository provided by SUSE. These issues are mentioned here[1]. > My problem is that I am not able to perform the "docker login" in order to use the system. I have verified several different LDAP based accounts are able to login to the portus web ui successfully. > > Could someone please advise where exactly that I could find the appropriate log file (and within which container) in order to try and diagnose the docker login failure. If you're running the development version, there's Portus log files in portus_web_1 under `log/*.log`. The name of the log file indicates what environment you're running under (development, production, etc). [1]: https://github.com/SUSE/Portus/wiki/Docker-Compose-Environment#known-issues -- Aleksa Sarai Docker Core Specialist SUSE Australia https://www.cyphar.com/ _______________________________________________ Containers mailing list Containers at lists.suse.com http://lists.suse.com/mailman/listinfo/containers _____________________________________________________________________ The information transmitted in this message and its attachments (if any) is intended only for the person or entity to which it is addressed. The message may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by persons or entities other than the intended recipient is prohibited. If you have received this in error, please contact the sender and delete this e-mail and associated material from any computer. The intended recipient of this e-mail may only use, reproduce, disclose or distribute the information contained in this e-mail and any attached files, with the permission of the sender. This message has been scanned for viruses. _____________________________________________________________________ From fcastelli at suse.com Wed Dec 23 03:29:52 2015 From: fcastelli at suse.com (Flavio Castelli) Date: Wed, 23 Dec 2015 11:29:52 +0100 Subject: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP In-Reply-To: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> References: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> Message-ID: <567A77A0.8020302@suse.com> On 12/23/2015 03:18 AM, Todd Morgan wrote: > I have tried to docker login both with an LDAP user which yields > > Error response from daemon: Wrong login/password, please try again I guess you have the wrong registry host configured inside of Portus. Please take a look at the log files as hinted to Aleksa, you should find a warning message in there. Cheers Flavio From Todd.Morgan at cgu.com.au Wed Dec 23 05:33:30 2015 From: Todd.Morgan at cgu.com.au (Todd Morgan) Date: Wed, 23 Dec 2015 12:33:30 +0000 Subject: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP In-Reply-To: <567A77A0.8020302@suse.com> References: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> <567A77A0.8020302@suse.com> Message-ID: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE5E0@SDC1MX051.auiag.corp> Hi everyone, The logs didn't show up as I just went straight from the .compose-setup docker-compose logs helped with the requested output. The appropriate error message log is detailed below ... I believe the interesting section is level=warning msg="error authorizing context: authorization token required" http.request.host="ignobilia-bibliotheca:5000" http.request.id=45f63877-95a7-4680-b6c5-fa55ae550749 http.request.method=GET http.request.remoteaddr="10.134.135.56:47616" http.request.uri="/v2/" http.request.useragent="docker/1.9.1 go/go1.4.2 git-commit/a34a1d5 kernel/3.10.0-229.20.1.el7.x86_64 os/linux arch/amd64" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a version=v2.1.1 registry_1 | time="2015-12-23T11:57:39Z" level=warning msg="error authorizing context: authorization token required" http.request.host="ignobilia-bibliotheca:5000" http.request.id=45f63877-95a7-4680-b6c5-fa55ae550749 http.request.method=GET http.request.remoteaddr="10.134.135.56:47616" http.request.uri="/v2/" http.request.useragent="docker/1.9.1 go/go1.4.2 git-commit/a34a1d5 kernel/3.10.0-229.20.1.el7.x86_64 os/linux arch/amd64" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a version=v2.1.1 registry_1 | 10.134.135.56 - - [23/Dec/2015:11:57:39 +0000] "GET /v2/ HTTP/1.1" 401 114 "" "docker/1.9.1 go/go1.4.2 git-commit/a34a1d5 kernel/3.10.0-229.20.1.el7.x86_64 os/linux arch/amd64" registry_1 | time="2015-12-23T11:57:44Z" level=debug msg="filesystem.List(\"/\")" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a trace.duration=74.195?s trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=2ff3e414-e1ff-4364-a02d-efb013753e72 trace.line=123 version=v2.1.1 registry_1 | time="2015-12-23T11:57:54Z" level=debug msg="filesystem.List(\"/\")" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a trace.duration=75.912?s trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=0f017474-58ad-4923-a62d-7d90a9ec4d15 trace.line=123 version=v2.1.1 registry_1 | time="2015-12-23T11:58:04Z" level=debug msg="filesystem.List(\"/\")" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a trace.duration=635.239?s trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=16680cd2-19a1-4069-aa8f-6a4365e10668 trace.line=123 version=v2.1.1 registry_1 | time="2015-12-23T11:58:14Z" level=debug msg="filesystem.List(\"/\")" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a trace.duration=104.702?s trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=4f65b0d9-4fe5-4599-9704-0efa29e19b43 trace.line=123 version=v2.1.1 registry_1 | time="2015-12-23T11:58:24Z" level=debug msg="filesystem.List(\"/\")" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a trace.duration=74.179?s trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=b878b270-bd9e-4347-b7a6-ea84149aadfd trace.line=123 version=v2.1.1 registry_1 | time="2015-12-23T11:58:34Z" level=debug msg="filesystem.List(\"/\")" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a trace.duration=69.04?s trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=61a50728-4097-45e6-baff-9ef512cd7e72 trace.line=123 version=v2.1.1 registry_1 | time="2015-12-23T11:58:44Z" level=debug msg="filesystem.List(\"/\")" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a trace.duration=63.157?s The command I invoked to yield that result was docker login ignobilia-bibliotheca:5000 Username: toddmorgan Password: Email: todd.morgan at cgu.com.au Error response from daemon: no successful auth challenge for http://ignobilia-bibliotheca:5000/v2/ - errors: [token auth attempt for registry http://ignobilia-bibliotheca:5000/v2/: http://172.17.0.1:3000/v2/token?account=toddmorgan&service=172.17.0.1%3A5000 request failed with status: 502 Bad Gateway] The docker host for portus has a DNS binding "ignobilia-bibliotheca" The hosts real IP details are ens192: mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:50:56:b9:14:e9 brd ff:ff:ff:ff:ff:ff inet 10.139.147.70/22 brd 10.139.147.255 scope global ens192 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:feb9:14e9/64 scope link valid_lft forever preferred_lft forever 3: docker0: mtu 1500 qdisc noqueue state UP link/ether 02:42:7d:9b:4d:81 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:7dff:fe9b:4d81/64 scope link Docker inspecting the container for IP details yields docker inspect 03f989bdb204 | grep 172 "Gateway": "172.17.0.1", "IPAddress": "172.17.0.5", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.5", And docker inspect 2294aeb593b1 | grep 172 "DOCKER_HOST=172.17.0.1", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.4", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.4", Container details docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 03f989bdb204 portus_web "/usr/bin/supervisord" 34 minutes ago Up 32 minutes 3000/tcp portus_crono_1 2294aeb593b1 library/registry:2.1.1 "/registry/entry.sh" 34 minutes ago Up 32 minutes 0.0.0.0:5000-5001->5000-5001/tcp portus_registry_1 21157dda2d52 portus_web "puma -b tcp://0.0.0." 34 minutes ago Up 32 minutes 0.0.0.0:3000->3000/tcp portus_web_1 8038611ff0cb library/mariadb "/docker-entrypoint.s" 34 minutes ago Up 32 minutes 3306/tcp portus_db_1 6b8dcadfdc67 hello-world "/hello" 6 days ago Exited (0) 6 days ago silly_leakey The only other interesting information was that the first attempt to create the initial registry indicated that there was an error creating it .. so I tried again (clicked the button again) ... I did Not click the ignore errors ... and it worked. I'm also behind a corporate proxy which may cause issues. Thanks Todd _____________________________________________________________________ The information transmitted in this message and its attachments (if any) is intended only for the person or entity to which it is addressed. The message may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by persons or entities other than the intended recipient is prohibited. If you have received this in error, please contact the sender and delete this e-mail and associated material from any computer. The intended recipient of this e-mail may only use, reproduce, disclose or distribute the information contained in this e-mail and any attached files, with the permission of the sender. This message has been scanned for viruses. _____________________________________________________________________ From fcastelli at suse.com Wed Dec 23 06:17:01 2015 From: fcastelli at suse.com (Flavio Castelli) Date: Wed, 23 Dec 2015 14:17:01 +0100 Subject: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP In-Reply-To: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE5E0@SDC1MX051.auiag.corp> References: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> <567A77A0.8020302@suse.com> <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE5E0@SDC1MX051.auiag.corp> Message-ID: <567A9ECD.50803@suse.com> On 12/23/2015 01:33 PM, Todd Morgan wrote: > The only other interesting information was that the first attempt to create the initial registry indicated that there was an error creating it .. so I tried again (clicked the button again) ... I did Not click the ignore errors ... and it worked. > > I'm also behind a corporate proxy which may cause issues. That's not causing the issue. You didn't attach portus' logs. They are inside of log/development.log or log/production.log. Cheers Flavio From asarai at suse.com Wed Dec 23 06:18:43 2015 From: asarai at suse.com (Aleksa Sarai) Date: Thu, 24 Dec 2015 00:18:43 +1100 Subject: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP In-Reply-To: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE5E0@SDC1MX051.auiag.corp> References: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> <567A77A0.8020302@suse.com> <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE5E0@SDC1MX051.auiag.corp> Message-ID: <567A9F33.6080800@suse.com> On 12/23/2015 11:33 PM, Todd Morgan wrote: > Hi everyone, > > The logs didn't show up as I just went straight from the .compose-setup > > docker-compose logs > > helped with the requested output. $ docker cp portus_web_1:logs/development.log . Should give you the logs, as the compose setup should still produce logs. The logs may be stored under logs/production.log. > > The appropriate error message log is detailed below ... I believe the interesting section is > > level=warning msg="error authorizing context: authorization token required" http.request.host="ignobilia-bibliotheca:5000" http.request.id=45f63877-95a7-4680-b6c5-fa55ae550749 http.request.method=GET http.request.remoteaddr="10.134.135.56:47616" http.request.uri="/v2/" http.request.useragent="docker/1.9.1 go/go1.4.2 git-commit/a34a1d5 kernel/3.10.0-229.20.1.el7.x86_64 os/linux arch/amd64" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a version=v2.1.1 > This is the log from the registry. Can you please give the log from Portus? The issue is probably related to Portus not being aware of the host "172.17.0.1:5000". > > docker login ignobilia-bibliotheca:5000 > Username: toddmorgan > Password: > Email: todd.morgan at cgu.com.au > Error response from daemon: no successful auth challenge for http://ignobilia-bibliotheca:5000/v2/ - errors: [token auth attempt for registry http://ignobilia-bibliotheca:5000/v2/: http://172.17.0.1:3000/v2/token?account=toddmorgan&service=172.17.0.1%3A5000 request failed with status: 502 Bad Gateway] > Have you tried setting DOCKER_HOST=ignobilia-bibliotheca? Make sure your remove docker/environment and docker/registry/config.yml before running ./compose-setup.sh again. > > I'm also behind a corporate proxy which may cause issues. > I doubt that this is the issue, as you can reach Portus. -- Aleksa Sarai Docker Core Specialist SUSE Australia https://www.cyphar.com/ From asarai at suse.com Wed Dec 23 06:19:02 2015 From: asarai at suse.com (Aleksa Sarai) Date: Thu, 24 Dec 2015 00:19:02 +1100 Subject: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP In-Reply-To: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE5E0@SDC1MX051.auiag.corp> References: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> <567A77A0.8020302@suse.com> <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE5E0@SDC1MX051.auiag.corp> Message-ID: <567A9F46.80207@suse.com> On 12/23/2015 11:33 PM, Todd Morgan wrote: > Hi everyone, > > The logs didn't show up as I just went straight from the .compose-setup > > docker-compose logs > > helped with the requested output. $ docker cp portus_web_1:log/development.log . Should give you the logs, as the compose setup should still produce logs. The log may be stored under log/production.log. > > The appropriate error message log is detailed below ... I believe the interesting section is > > level=warning msg="error authorizing context: authorization token required" http.request.host="ignobilia-bibliotheca:5000" http.request.id=45f63877-95a7-4680-b6c5-fa55ae550749 http.request.method=GET http.request.remoteaddr="10.134.135.56:47616" http.request.uri="/v2/" http.request.useragent="docker/1.9.1 go/go1.4.2 git-commit/a34a1d5 kernel/3.10.0-229.20.1.el7.x86_64 os/linux arch/amd64" instance.id=6dd344ac-0c8b-44c3-86e5-a8d7e690030a version=v2.1.1 > This is the log from the registry. Can you please give the log from Portus? The issue is probably related to Portus not being aware of the host "172.17.0.1:5000". > > docker login ignobilia-bibliotheca:5000 > Username: toddmorgan > Password: > Email: todd.morgan at cgu.com.au > Error response from daemon: no successful auth challenge for http://ignobilia-bibliotheca:5000/v2/ - errors: [token auth attempt for registry http://ignobilia-bibliotheca:5000/v2/: http://172.17.0.1:3000/v2/token?account=toddmorgan&service=172.17.0.1%3A5000 request failed with status: 502 Bad Gateway] > Have you tried setting DOCKER_HOST=ignobilia-bibliotheca? Make sure your remove docker/environment and docker/registry/config.yml before running ./compose-setup.sh again. > > I'm also behind a corporate proxy which may cause issues. > I doubt that this is the issue, as you can reach Portus. -- Aleksa Sarai Docker Core Specialist SUSE Australia https://www.cyphar.com/ From fcastelli at suse.com Thu Dec 24 01:32:15 2015 From: fcastelli at suse.com (Flavio Castelli) Date: Thu, 24 Dec 2015 09:32:15 +0100 Subject: [Containers] Unable to "docker login" to Portus when using the docker-compose development setup and LDAP In-Reply-To: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE898@SDC1MX051.auiag.corp> References: <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE4C0@SDC1MX051.auiag.corp> <567A77A0.8020302@suse.com> <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE5E0@SDC1MX051.auiag.corp> <567A9F33.6080800@suse.com> <1F5F4158DCE8BE41B93FB8F95E98B2CF696FE898@SDC1MX051.auiag.corp> Message-ID: <567BAD8F.8050807@suse.com> On 12/24/2015 12:21 AM, Todd Morgan wrote: > Hi everyone please find attached the requested log This is the culprit: Denied access on these grounds: Cannot find registry 172.17.0.1:5000 Completed 401 Unauthorized in 49ms (ActiveRecord: 3.0ms) This happens because registry presents itself to portus as 172.17.0.1:5000 while it's known with a different name inside of Portus. Quoting what Aleksa said in a previous mail: > Have you tried setting DOCKER_HOST=ignobilia-bibliotheca? Make sure your > remove docker/environment and docker/registry/config.yml before running > ./compose-setup.sh again. Cheers Flavio