-
Notifications
You must be signed in to change notification settings - Fork 813
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log "Spam": "Could not do a head request #715
Comments
Hi there! 👋🏼 As you're new to this repo, we'd like to suggest that you read our code of conduct as well as our contribution guidelines. Thanks a bunch for opening your first issue! 🙏 |
i can confirm this, upgraded few hours back and getting spammed |
Yeah, this is because Github Packages (not Github Container Registry) uses non-standard URLs for their images so it's not possible to normalize the names. Edit: Saw that this was about GitLab and not Github. But the same thing applies. They also use a three-part URL, but it seems like you could omit the image name? |
I have the issue on dockerhub, not github or gitlab. Or am I missing something? I have no limits since I have a pro account on dockerhub, so I am good either way. |
I'm not sure I understand this last comment. Watchtower upgraded itself on me today and ever since then I've been getting this log spam (to teams notification in my case). What am I supposed to be doing differently? |
@piksel Yeah my problem is less rate limiting (as you are correct at least so far they did not introduce anything like docker) as the amount of noice this (by the sounds of it expected) behaviour brings. |
The reason for it being displayed is that it's warning that the check will count towards the rate limit (that it failed to do a rate-limit friendly check). @eilandert That's odd, could you open a ticket with debug logs? That should not be happening for dockerhub. Just moving it to debug is not ideal as for those that need the HEAD-based checking it's relevant if it stops working as it may lead to them getting rate limited. But it shouldn't be too difficult to just add some way to turn it off if it's not relevant. |
Maybe this can be ether an opt-in feature (e.g. specifying for which registry we want it). Or at least an opt-out feature (again should be configurable on a per registry level). |
I see I got a authentication failed, thats strange. I replaced my full credentials with a token last week, ran it with debug and everything was fine. Output of one docker (i removed the credentials)
|
@eilandert does it fail the head request for all containers/images or just some? any difference depending on whether it's a public or private image, for instance? would you mind showing us your |
@simskij it fails for every image Here is a part of my docker-compose, the container I pasted before and watchtowerversion: '2.4'
services:
nginx:
container_name: nginx
image: index.docker.io/eilandert/nginx-modsecurity3-pagespeed:latest
stop_grace_period: 3s
depends_on:
-removed-
ports:
- 80:80
- 443:443
restart: always
volumes:
-removed-
environment:
- TZ=Europe/Amsterdam
networks:
-removed-
labels:
- "com.centurylinklabs.watchtower.scope=myguard"
watchtower:
image: containrrr/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./watchtower/config.json:/config.json
networks:
-removed-
environment:
- TZ=Europe/Amsterdam
- WATCHTOWER_DEBUG=true
- WATCHTOWER_TRACE=true
command: --interval 300 --scope myguard |
Sorry to bother you with a lot of questions, @eilandert, but it really sounds like you've still got some issues with your credentials. 🤔 Would you mind diffing your docker config to the one you use for watchtower? Something along the lines of |
Also @fkrauthan you have masked out a key part to this issue, the image URL. If you don't want to post it here and it's more acceptable to do so, would you mind sending it to info at containrrr dot dev? |
@simskij I linked back to ~/.docker/config.json (with the full credentials) but the issue remains the same. I can push builds to dockerhub so the credentials must be working. |
@simskij same issue when I run watchtower anonymous |
Not sure is it related but I got same errors but with reason:
It seems request URL is not correct according to the reference it should be: Edit 1: We're using self-hosted docker registry based on https://docs.docker.com/registry/ |
@deividaspetraitis what type of container registry is it you use? |
@piksel sorry for not providing this information in my original comment. We're using self-hosted docker registry based on https://docs.docker.com/registry/ |
@deividaspetraitis is "library" part of your image ref? |
@piksel not really, I'm capable to pull image manually by issuing following query: |
You're totally correct in that observation! It does this for all images not stored under an org or user, as this is how "official images" are resolved. We could probably hotfix this so it only does this for dockerhub images. In the meantime, if you push the image as And yes, as someone said previously, being able to opt out of head requests should likely be an option. Initially globally, but down the line even per repo or registry. |
Okay, yeah it's the opposite problem. Because you only have a single segment it adds the |
My credentials are correct (token based) and I'd rather bump into rate limits than get an alert every time this runs and gets a HEAD error. |
@jpayne-procella: I get your point, but at the same time, we want watchtower to always use head requests for DockerHub, both for rate limit and for alleviating their servers from some unnecessary requests. |
Sure... but there's a difference between always trying HEAD on dockerhub and spamming notifications every time it fails. Which is every time in my case. |
What about splitting the difference? Keep the HEAD check for all containers/registries but selectively |
Hey @simskij I can confirm that I'm still seeing the non-actionable-because-HEAD-unsupported notification for Here's the lightly-redacted loglines I'm seeing:
|
Alright! Lets proceed with your suggestion then. 👍🏻 I'll have a look tomorrow. Thanks for letting me know! |
yes - the noise has completely disappeared from my notifications. Thanks! |
Looks good now. Thank you very much for the fast fix. |
I still get this message with the latest (10h old - 0ecb05bef26f) watchtower image. I'm using a private GitHub registry. |
Are you using GitHub Packages or ghcr.io? |
@simskij sorry, I wanted to write GitLab registry. Nowadays all services have a registry so I got confused. Let me know if I can post any log output that might help you. |
Hello, I got the same problem, until yesterday i was running on 1.0.3, after upgrading to 1.1.3, i got the same log |
@yonisolo, I assume you're also on either GitHub Packages or GitLab? 😅 |
My bad, sorry, i'm pulling from a private repository, same than @deividaspetraitis thank you for your reply |
I just noticed that since today I am getting the log messages emailed again. Was there another release that reverted the fix? |
Hey @fkrauthan!
@yonisolo and @deividaspetraitis, this should improve things for you as well, given that the GitLab Registry hasn't implemented the HEAD option. |
Ok so it looks like that version |
To avoid important communication to get lost in a closed issues no one monitors, I'll go ahead and lock this issue. If you want to continue the discussion, please open a new issue. Thank you! 🙏🏼 |
let's keep this open for a while longer 😅 |
|
I did many tests, it seems that latest tag doesn't work but specifying 1.1.4, the HEAD request works... |
Worst case, running Thanks for letting us know! 🙏🏼 |
I don't know if this is related to the latest changes or just a server problem - It's talking about
|
Yeah. This is not the same from what I can tell. Based in the log entry, its the get request that fails for you. I'd make sure it works outside watchtower and if it does, raise a separate ticket as nothing has changed in the regular pull flow. I'd also investigate if its the same for all containers or just some. |
Well done, thank you very much, no longer receiving |
@simskij works via |
I can confirm it works for me without an issue with version |
Yay! Let's close this. In case you have any lingering problems, feel free to open a new issue. Thanks all for assisting in getting this shipped! ❤️ |
Describe the bug
I recently updated to the latest watchtower version. But now I seem to get spammed with the error message:
which gets logged as well as creates an email notification every time.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Ether a way to disable email notifications in case of this error. Or a fix for why the HEAD request is failing.
Environment
Logs from running watchtower with the
--debug
optionAdditional context
The issue seem to happen only for the gitlab registry. Maybe that helps fixing it.
The text was updated successfully, but these errors were encountered: