Cannot use private registry with https url if get is restricted

[mochrul]

In our corporate private registry the GET requests also need authentication, not just the POST requests.

This cause, that in the auth.py (expand_registry_url) will not recognise that the registry can speak https and therefore will not work with it.

The full trace is something similar to this:
I call the pull function of the Client class.
It will call the auth.resolve_repository_name(repository, insecure=insecure_registry) function.
This will call the expand_registry_url(parts[0], insecure), parts[1]

And in this function it will call the utils.ping('https://' + hostname + '/v1/_ping') function.
But this function knows nothing about the authentication. Therefore the server will return a 401 Authentication required. So this function will raise the following exception:
raise errors.DockerException(
"HTTPS endpoint unresponsive and insecure mode isn't enabled."
)

Traceback (most recent call last):
  File "/home/sasa/zwa/projects/support/source/misc-tools/docker/bin/createdebug.py", line 431, in <module>
    main()
  File "/home/sasa/zwa/projects/support/source/misc-tools/docker/bin/createdebug.py", line 425, in main
    run_create(args)
  File "/home/sasa/zwa/projects/support/source/misc-tools/docker/bin/createdebug.py", line 404, in run_create
    if docker.create_ticket_image(arguments, ticket_id):
  File "/home/sasa/zwa/projects/support/source/misc-tools/docker/bin/createdebug.py", line 227, in create_ticket_image
    self._check_and_create_template_image(base_image_name)
  File "/home/sasa/zwa/projects/support/source/misc-tools/docker/bin/createdebug.py", line 285, in _check_and_create_template_image
    self._download_image(base_image_name)
  File "/home/sasa/zwa/projects/support/source/misc-tools/docker/bin/createdebug.py", line 374, in _download_image
    for line in self.docker.pull(repository="{0}/{1}".format(self.registry, image_name), stream=True):
  File "/usr/local/lib/python3.4/dist-packages/docker/client.py", line 814, in pull
    repository, insecure=insecure_registry
  File "/usr/local/lib/python3.4/dist-packages/docker/auth/auth.py", line 67, in resolve_repository_name
    return expand_registry_url(parts[0], insecure), parts[1]
  File "/usr/local/lib/python3.4/dist-packages/docker/auth/auth.py", line 46, in expand_registry_url
    "HTTPS endpoint unresponsive and insecure mode isn't enabled."
docker.errors.DockerException: HTTPS endpoint unresponsive and insecure mode isn't enabled.

[akadan47]

This occurs because ENV variable REQUESTS_CA_BUNDLE is not declared.
https://github.com/kennethreitz/requests/blob/master/requests/sessions.py#L621

export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt  # for Debian-based Linux

Be reasonable to declare it in the ~/.profile.

[shin-]

GET /v1/_ping needs to be unprotected on your registry. As far as I know, this is also how the official docker client behaves.

[pmoosh]

I had an issue with private registry auth and ansible, here:
#577