Automatically renew JWT token after expiration time #510
Comments
|
Can you provide more context? This should be an error of the registry, not of Portus. |
|
Portus sets the length of time that the token is considered valid. Maybe the push is going past that point? |
|
@GrantStreetGroup is right. The period of time in which the authentication token is valid spans for 5 minutes. @mad0house is the upload taking that long ? |
|
Yes push can take that long as some times we have people pushing over WiFi Not had any pulls timeout yet but I assume that can happen as well
|
|
@mad0house so, just for testing purposes, could you try to raise this timeout to something like 30 minutes and see whether that works for you ? You can do that by changing this line from |
|
Will test it for you tomorrow morning(GMT), If this does work can we make it a configuration item?
|
|
@mad0house yes, sounds reasonable. |
|
change has been made will get back to you later on today to give it time to test. |
|
I have the same issue, testing now. Here's what I get from the registry logs for layers ~ 1GB: 172.17.46.121 - - [29/Oct/2015:13:35:53 +0000] "GET /v2/_catalog HTTP/1.0" 200 20 "" "Ruby" |
|
Not had any problems so far after the change. |
|
This sounds like an bug with 'docker push' If a layer is taking longer then the token timeout to upload then the command should re-authorise and get a new token. |
|
@GrantStreetGroup agreed. I'm going to take a deeper look into this as soon as possible. For now, we can just provide a configurable option so we can work around this problem. |
…token See the isse SUSE#510 Signed-off-by: Miquel Sabaté Solà <msabate@suse.com>
|
Increasing the token delay worked, but it's more of a workaround on the Portus side for the fact that the docker client isn't retrying the token request when it finishes the upload as @GrantStreetGroup mentioned. Either way, better to have a config option for it than to wait for a docker client update. |
|
@kidhasmoxy yes, I totally agree. That's why in my PR, you can see the note on the configuration option saying that it will be deprecated in the future once this is fixed upstream ;) |
…token See the isse SUSE#510 Signed-off-by: Miquel Sabaté Solà <msabate@suse.com>
mssola
changed the title
|
I've changed the title so it's more obvious to tell what's this issue about when planning. |
|
@mssola, is it possible to set |
|
@dtitov it should be
|
|
@Vad1mo, oh, my bad. I'll try, thanks :) |
|
@Vad1mo, should it be "10" or "10.minutes"? Here I can see the ".minutes" postfix: mssola@6fdeaa5 But I don't see it in the real config file... |
|
just the number 10 |
|
@Vad1mo, does not seem to work either :( I've set up Log: Variable is properly set within the container: My Portus version is: 2.3.0@6bf45381824ef4edf2dc572374e9b13080817a9a |
|
Well, it worked with |
@dtitov it looks like I'm a bit late... I'm glad you found a solution meanwhile. As explained on this section of the documentation, this option is a workaround for this issue (Portus should be able to renew the token automatically). I know it's not ideal, but we have other issues with higher priority unfortunately... The naming of these environment variables is explained at the beginning of this page, which is quite important (and it's also referenced in the containerized deployment of the documentation). The thing is that this option, as it is found in the registry:
jwt_expiration_time:
value: 5So, the environment variable has to start with the As for the specific value, the documentation page says: Hope this clarifies things |
|
Yes, it does. Thank you :) |
When pushing big layers timeout of the authentication happens. eg layers over 1GB insize
The text was updated successfully, but these errors were encountered: