app
app copied to clipboard
Published
20 hours ago •
docker
docker
Cannot deploy from registry with TLS client auth
Description
Trying to pull from a registry with TLS client auth results in this error:
Error: cannot locate application "my.registry.com/some/app.dockerapp:1.1" in filesystem or registry: error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>400 No required SSL certificate was sent</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>No required SSL certificate was sent</center>\r\n<hr><center>nginx/1.14.0</center>\r\n</body>\r\n</html>\r\n"
Passing --with-registry-auth does not help either.
So all in all this command fails with the above error:
./docker-app-linux deploy my.registry.com/some/app.dockerapp:1.1
while
docker pull my.registry.com/some/app.dockerapp:1.1
works just fine and uses the credentials from /etc/docker/certs.d.
Output of docker version:
Client:
Version: 18.09.0
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:48:22 2018
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.0
API version: 1.39 (minimum version 1.12)
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:19:08 2018
OS/Arch: linux/amd64
Experimental: false
Output of docker-app version:
Version: v0.6.0
Git commit: 9f9c6680
Built: Thu Oct 4 13:30:33 2018
OS/Arch: linux/amd64
Experimental: off
Renderers: none
Output of docker info:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 18.09.0
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: active
NodeID: 2gd3txv3t5ihqdtbkttxmwejp
Is Manager: true
ClusterID: 36hfq4v27lfin9qvtzgobmm5h
Managers: 1
Nodes: 1
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 127.0.0.1
Manager Addresses:
127.0.0.1:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: N/A
init version: fec3683
Security Options:
seccomp
Profile: default
selinux
Kernel Version: 3.10.0-862.14.4.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.43GiB
Name: mymachine
ID: D5UV:D3QD:7FYG:E3KB:K3T2:WWFI:OQZP:3LKH:PQDX:CBXR:ACTQ:ERM5
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
This did work with the following docker app version:
Version: v0.4.1
Git commit: 48c0769c
Built: Wed Aug 22 12:01:46 2018
OS/Arch: linux/amd64
Experimental: off
Renderers: none
0.5 was the first release that broke it.
The push/pull story is being reworked as part as moving to the CNAB runtime. I have no idea if/when it will fix the issue, but that is the reason we did not report back sooner on this. Sorry!
