docker-pkg checks whether images are published by issuing a HEAD request to docker-registry.wikimedia.org. However I often get a HTTP Error: 405 Method not allowed.
The relevant python code (with some debug statements):
class ImageFSM(object): def _is_published(self): """Check the registry for the image""" proxies = { 'https': self.config.get('http_proxy', None) } if self.config.get('registry', False): url = 'https://{registry}/v2'.format(registry=self.config['registry']) else: # TODO: support dockerhub somehow! # Probably will need a different strategy there. return False if self.config.get('namespace', False): url += '/{}'.format(self.config['namespace']) url += '/{}'.format(self.image.short_name) manifest_url = '{url}/manifests/{tag}'.format( url=url, tag=self.image.tag, ) resp = requests.head(manifest_url, proxies=proxies) isPublished = (resp.status_code == requests.codes.ok) log.error("%s: %s.\nCode: %s\nHeaders: %s\nContent: %s" % (isPublished, manifest_url, resp.status_code, resp.headers, resp.content)) if not isPublished: raise Exception("total failure") return isPublished
And I have:
registry: docker-registry.wikimedia.org namespace: releng
When running docker-pkg against the 96 images in integration/config.git I soon get the error:
False: https://docker-registry.wikimedia.org/v2/releng/composer-php73/manifests/0.1.4. Code: 405 Headers: { 'Age': '0', 'Allow': 'DELETE, GET, PUT', 'Cache-Control': 'no-cache, must-revalidate', 'Connection': 'keep-alive', 'Content-Length': '19', 'Content-Type': 'text/plain; charset=utf-8', 'Date': 'Tue, 22 Jan 2019 21:44:33 GMT', 'Docker-Distribution-Api-Version': 'registry/2.0, registry/2.0', 'Server': 'nginx/1.13.6', 'Server-Timing': 'cache;desc="pass"', 'Set-Cookie': 'WMF-Last-Access=22-Jan-2019;Path=/;HttpOnly;secure;Expires=Sat 23 Feb 2019 12:00:00 GMT', 'Strict-Transport-Security': 'max-age=106384710; includeSubDomains; preload', 'Via': '1.1 varnish (Varnish/5.1), 1.1 varnish (Varnish/5.1), 1.1 varnish (Varnish/5.1)', 'X-Analytics': 'https=1;nocookies=1', 'X-Cache': 'cp1087 pass, cp3030 pass, cp3032 pass', 'X-Cache-Status': 'pass', 'X-Client-IP': 'XXXX', 'X-Content-Type-Options': 'nosniff', 'X-Varnish': '873514290, 828282958, 927435803', } Content: b'' (builder.py:75)
For reference a good one is:
True: https://docker-registry.wikimedia.org/v2/releng/npm-test-3d2png/manifests/0.2.1. Code: 200 Headers: { 'Accept-Ranges': 'bytes', 'Age': '0', 'Cache-Control': 'no-cache, must-revalidate', 'Connection': 'keep-alive', 'Content-Encoding': 'gzip', 'Content-Type': 'application/json; charset=utf-8', 'Date': 'Tue, 22 Jan 2019 21:44:33 GMT', 'Docker-Content-Digest': 'sha256:7c583098906ed63242705e9c9054260a4a61ee85f9e0d53fb02d1dc99cd3b754', 'Docker-Distribution-Api-Version': 'registry/2.0, registry/2.0', 'ETag': 'W/"sha256:7c583098906ed63242705e9c9054260a4a61ee85f9e0d53fb02d1dc99cd3b754"', 'Server': 'nginx/1.13.6', 'Server-Timing': 'cache;desc="pass"', 'Set-Cookie': 'WMF-Last-Access=22-Jan-2019;Path=/;HttpOnly;secure;Expires=Sat, 23 Feb 2019 12:00:00 GMT', 'Strict-Transport-Security': 'max-age=106384710; includeSubDomains; preload', 'Vary': 'Accept-Encoding', 'Via': '1.1 varnish (Varnish/5.1), 1.1 varnish (Varnish/5.1), 1.1 varnish (Varnish/5.1)', 'X-Analytics': 'https=1;nocookies=1', 'X-Cache': 'cp1075 pass, cp3040 pass, cp3032 pass', 'X-Cache-Status': 'pass', 'X-Client-IP': 'XXXX', 'X-Varnish': '544805201, 289695908, 920990020', } Content: b'' (builder.py:75)
And an unified diff:
--- GOOD 2019-01-22 22:57:41.423556629 +0100 +++ BAD 2019-01-22 22:49:44.032360393 +0100 @@ -1,26 +1,24 @@ -True: https://docker-registry.wikimedia.org/v2/releng/npm-test-3d2png/manifests/0.2.1. -Code: 200 +False: https://docker-registry.wikimedia.org/v2/releng/composer-php73/manifests/0.1.4. +Code: 405 Headers: { - 'Accept-Ranges': 'bytes', 'Age': '0', + 'Allow': 'DELETE, GET, PUT', 'Cache-Control': 'no-cache, must-revalidate', 'Connection': 'keep-alive', - 'Content-Encoding': 'gzip', - 'Content-Type': 'application/json; charset=utf-8', + 'Content-Length': '19', + 'Content-Type': 'text/plain; charset=utf-8', 'Date': 'Tue, 22 Jan 2019 21:44:33 GMT', - 'Docker-Content-Digest': 'sha256:7c583098906ed63242705e9c9054260a4a61ee85f9e0d53fb02d1dc99cd3b754', 'Docker-Distribution-Api-Version': 'registry/2.0, registry/2.0', - 'ETag': 'W/"sha256:7c583098906ed63242705e9c9054260a4a61ee85f9e0d53fb02d1dc99cd3b754"', 'Server': 'nginx/1.13.6', 'Server-Timing': 'cache;desc="pass"', - 'Set-Cookie': 'WMF-Last-Access=22-Jan-2019;Path=/;HttpOnly;secure;Expires=Sat, 23 Feb 2019 12:00:00 GMT', + 'Set-Cookie': 'WMF-Last-Access=22-Jan-2019;Path=/;HttpOnly;secure;Expires=Sat 23 Feb 2019 12:00:00 GMT', 'Strict-Transport-Security': 'max-age=106384710; includeSubDomains; preload', - 'Vary': 'Accept-Encoding', 'Via': '1.1 varnish (Varnish/5.1), 1.1 varnish (Varnish/5.1), 1.1 varnish (Varnish/5.1)', 'X-Analytics': 'https=1;nocookies=1', - 'X-Cache': 'cp1075 pass, cp3040 pass, cp3032 pass', + 'X-Cache': 'cp1087 pass, cp3030 pass, cp3032 pass', 'X-Cache-Status': 'pass', 'X-Client-IP': 'XXXX', - 'X-Varnish': '544805201, 289695908, 920990020', + 'X-Content-Type-Options': 'nosniff', + 'X-Varnish': '873514290, 828282958, 927435803', } Content: b'' (builder.py:75)
The bad response has Allow: DELETE, GET, PUT, while docker-pkg does a HEAD and there is X-Content-Type-Options: nosniff.