Skip to content
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.

设置代理后从harbor pull镜像返回403错误 #289

Closed
lggeor opened this issue Jan 2, 2019 · 4 comments
Closed

设置代理后从harbor pull镜像返回403错误 #289

lggeor opened this issue Jan 2, 2019 · 4 comments
Labels
kind/bug This is bug report for project

Comments

@lggeor
Copy link

lggeor commented Jan 2, 2019
edited by allencloud
Loading

name: 设置代理后从harbor pull镜像返回403错误
about: 如何解决403错误

已设置代理并删除mirror:

\#systemctl show   --property=Environment docker
Environment=GOTRACEBACK=crash   DOCKER_HTTP_HOST_COMPAT=1 PATH=/usr/libexec/docker:/usr/bin:/usr/sbin   HTTP_PROXY=http://127.0.0.1:65001

10.16.33.4是自建harbor仓库,这时pull始终返回403错误,监控65001端口有交互说明代理已起作用,但不知道这个403错误是dfdaemon还是supernode返回的,以及如何解决?

\# docker pull 10.16.33.4/library/copy-test:v1
Trying to pull repository 10.16.33.4/library/copy-test ... 
Pulling repository 10.16.33.4/library/copy-test
Error: Status 403 trying to pull repository library/copy-test: ""

我看这个时候的dock日志,发现这时pull会去访问harbor的v2/v1,是dfdaemon还是supernode需要访问harbor的接口吗?

Jan  2 04:18:31 k8s-master01 dockerd-current: time="2019-01-02T04:18:31.111047917-05:00" level=warning msg="Error getting v2 registry: Get https://10.16.33.4/v2/: Not Found"
Jan  2 04:18:31 k8s-master01 dockerd-current: time="2019-01-02T04:18:31.116495794-05:00" level=error msg="Attempting next endpoint for pull after error: Get https://10.16.33.4/v1/_ping: Not Found"

此时,直接登录harbor也登录不上:

\# docker login 10.16.33.4
Username (admin): admin
Password: 
Error response from daemon: Login: Account is not active. Please see the documentation of the registry http://10.16.33.4/v1/ for instructions how to activate it.

删除代理配置后上面的pull和login都是没有问题的。

\# docker pull 10.16.33.4/library/copy-test:v1
Trying to pull repository 10.16.33.4/library/copy-test ... 
v1: Pulling from 10.16.33.4/library/copy-test
07a152489297: Pull complete 
5bf938393556: Pull complete 
Digest: ... ...
Status: Downloaded newer image for 10.16.33.4/library/copy-test:v1
@allencloud
Copy link
Contributor

Any update on this? @lggeor
Please tell us more progress of this issue so that we could decide whether to invest more resources on this issue. Thanks a lot.

@allencloud allencloud added the kind/bug This is bug report for project label Jan 7, 2019
@lggeor
Copy link
Author

lggeor commented Jan 7, 2019
edited
Loading

已改为设置registry-mirror而非proxy形式回避此问题,设置registry-mirror代理到65001端口可以实现下载。
用proxy形式我这里确实会报403,感觉docker pull在设置proxy时会有额外动作,瞄了一下pull源码有代理时会进入某个逻辑,不知是否是那个逻辑有强校验的原因,目前不会go看不明白。@allencloud

@allencloud
Copy link
Contributor

OK, thanks for your report. Closing it now. Please feel free to contact us if you have any question. @lggeor

@allencloud
Copy link
Contributor

allencloud commented Jan 7, 2019
edited
Loading

First of all, thanks sincerely for constantly using and supporting Dragonfly. We will try our best to keep Dragonfly better, and keep community and eco-system growing.

To get more feedback of Dragonfly's adoption in industry, would you mind helping comment in issue #219 to give more information about your enterprise's Dragonfly usage. Thanks a lot in advance. @lggeor

@godliness godliness mentioned this issue Feb 12, 2019
Closed
sungjunyoung pushed a commit to sungjunyoung/Dragonfly that referenced this issue May 8, 2022
@244372610
Refactor the storage function module (dragonflyoss#289)
2566c1a 
* feat: refactor cdn storage module

Signed-off-by: santong <weipeng.swp@alibaba-inc.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug This is bug report for project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lggeor @allencloud