Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

try http for docker manifest --insecure #2376

Merged
merged 1 commit into from
May 4, 2020
Merged

try http for docker manifest --insecure #2376

merged 1 commit into from
May 4, 2020

Conversation

davidwtf
Copy link

@davidwtf davidwtf commented Mar 4, 2020

- What I did
fixes #1631

- How I did it
Add retry for http when https not work

- How to verify it
docker manifest push --insecure 127.0.0.1:5000/test:v1

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

thaJeztah
thaJeztah requested changes Mar 12, 2020
View reviewed changes
cli/registry/client/client.go Outdated

} else {
return nil, ErrHTTPProto{OrigErr: err.Error()}
}
}
}
repoName, err := reference.WithName(repoEndpoint.Name())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this check could be done even before we connect to the registry

cli/registry/client/client.go Outdated
@@ -141,7 +141,22 @@ func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Na
httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
if err != nil {
if strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like there's a small bug here, and we ignore any other error?

cli/registry/client/client.go Outdated
@@ -141,7 +141,22 @@ func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Na
httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
if err != nil {
if strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
return nil, ErrHTTPProto{OrigErr: err.Error()}
if repoEndpoint.endpoint.TLSConfig.InsecureSkipVerify {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps reverse the logic, and do an early return; with my other suggestions;

func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Named, repoEndpoint repositoryEndpoint) (distribution.Repository, error) {
	repoName, err := reference.WithName(repoEndpoint.Name())
	if err != nil {
		return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref)
	}
	httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
	if err != nil {
		if !strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
			return nil, err
		}
		if !repoEndpoint.endpoint.TLSConfig.InsecureSkipVerify {
			return nil, ErrHTTPProto{OrigErr: err.Error()}
		}
		// --insecure was set; fall back to plain HTTP
		if url := repoEndpoint.endpoint.URL; url != nil && url.Scheme == "https" {
			url.Scheme = "http"
			httpTransport, err = c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
			if err != nil {
				return nil, err
			}
		}
	}
	return distributionclient.NewRepository(repoName, repoEndpoint.BaseURL(), httpTransport)
}

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Modified according to your suggestion.
Thanks.

@davidwtf davidwtf requested a review from thaJeztah March 23, 2020 10:16
@thaJeztah thaJeztah changed the title try http for inescure endpoint try http for docker manifest --insecure Mar 24, 2020
thaJeztah
thaJeztah requested changes Mar 24, 2020
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks! the changes look ok, but could you:

  • squash the commits (so that there's a single commit in this PR)
  • update the commit message (there's a typo, and it may be good to describe this is for the manifest commands)

let me know if you need help doing so 👍

@davidwtf
try http for docker manifest --insecure
83478fe 
Signed-off-by: Tengfei Wang <tfwang@alauda.io>
@davidwtf
Copy link
Author

Hi @thaJeztah,
please check again. I've squashed the commits.
Thanks.

@davidwtf davidwtf requested a review from thaJeztah March 24, 2020 16:00
thaJeztah
thaJeztah approved these changes Apr 28, 2020
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoops, thought I left my review already, but looks like I didn't submit it

LGTM

@thaJeztah
Copy link
Member

@silvin-lubecki PTAL

@altishchenko
Copy link

Guys! Merge this Please!

silvin-lubecki
silvin-lubecki approved these changes May 4, 2020
View reviewed changes
Copy link
Contributor

@silvin-lubecki silvin-lubecki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@silvin-lubecki silvin-lubecki merged commit 9387b99 into docker:master May 4, 2020
@thaJeztah thaJeztah added this to the 20.03.0 milestone May 4, 2020
@earthdiaosi earthdiaosi mentioned this pull request May 5, 2020
Open
@thaJeztah thaJeztah mentioned this pull request May 6, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@silvin-lubecki silvin-lubecki silvin-lubecki approved these changes

Assignees
No one assigned
Labels
kind/experimental status/2-code-review
Projects
None yet
Milestone
20.10.0
Development

Successfully merging this pull request may close these issues.

Docker manifest push ignoring --insecure
4 participants
@davidwtf @thaJeztah @altishchenko @silvin-lubecki