I cannot docker:push

[jufis]

Here is my config:

<configuration>
   <dockerHost>tcp://localhost:2375</dockerHost>
   <useColor>true</useColor>
   <verbose>true</verbose>
   <registry>http://localhost:5000</registry>
   <images>
     <image>
     <alias>dockerServer</alias>
    <!-- if there is no . or : before / like here there is no registry  defined, so registry tag in use now -->
        <name>jufis/docker-rest-server:${git.buildnumber}</name>
        ....

I have started a docker registry with:

docker run -p 5000:5000 registry

I can verify that it listens to 5000 with: netstat -an |grep 5000
My docker deamon listens on localhost:2375 and I can list my images without a problem.
My docker daemon can push without a problem to the local registry.

Here is what I get from -X

[....]
[DEBUG] http-outgoing-0 >> POST /v1.15/images/http%3A%2F%2Flocalhost%3A5000%2Fjufis%2Fdocker-rest-server/push?tag=MVN_SRV_HRUSS_DOCKER_PLUGIN_master_b4ea6a1_9 HTTP/1.1
[DEBUG] http-outgoing-0 >> Accept: */*
[DEBUG] http-outgoing-0 >> Content-Type: application/json
[DEBUG] http-outgoing-0 >> Content-Length: 0
[DEBUG] http-outgoing-0 >> Host: localhost:2375
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.3.6 (java 1.5)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> "POST /v1.15/images/http%3A%2F%2Flocalhost%3A5000%2Fjufis%2Fdocker-rest-server/push?tag=MVN_SRV_HRUSS_DOCKER_PLUGIN_master_b4ea6a1_9 HTTP/1.1[\r][\n]"
[DEBUG] http-outgoing-0 >> "Accept: */*[\r][\n]"
[DEBUG] http-outgoing-0 >> "Content-Type: application/json[\r][\n]"
[DEBUG] http-outgoing-0 >> "Content-Length: 0[\r][\n]"
[DEBUG] http-outgoing-0 >> "Host: localhost:2375[\r][\n]"
[DEBUG] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
[DEBUG] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.3.6 (java 1.5)[\r][\n]"
[DEBUG] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
[DEBUG] http-outgoing-0 >> "[\r][\n]"
[DEBUG] http-outgoing-0 << "HTTP/1.1 301 Moved Permanently[\r][\n]"
[DEBUG] http-outgoing-0 << "Location: /v1.15/images/http:/localhost:5000/jufis/docker-rest-server/push?tag=MVN_SRV_HRUSS_DOCKER_PLUGIN_master_b4ea6a1_9[\r][\n]"
[DEBUG] http-outgoing-0 << "Date: Sun, 03 May 2015 11:58:52 GMT[\r][\n]"
[DEBUG] http-outgoing-0 << "Content-Length: 0[\r][\n]"
[DEBUG] http-outgoing-0 << "Content-Type: text/plain; charset=utf-8[\r][\n]"
[DEBUG] http-outgoing-0 << "[\r][\n]"
[DEBUG] http-outgoing-0 << HTTP/1.1 301 Moved Permanently
[DEBUG] http-outgoing-0 << Location: /v1.15/images/http:/localhost:5000/jufis/docker-rest-server/push?tag=MVN_SRV_HRUSS_DOCKER_PLUGIN_master_b4ea6a1_9
[DEBUG] http-outgoing-0 << Date: Sun, 03 May 2015 11:58:52 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << Content-Type: text/plain; charset=utf-8
[DEBUG] Connection can be kept alive indefinitely
[DEBUG] Connection [id: 0][route: {}->http://localhost:2375] can be kept alive indefinitely
[DEBUG] Connection released: [id: 0][route: {}->http://localhost:2375][total kept alive: 1; route allocated: 1 of 10; total allocated: 1 of 20]
[ERROR] DOCKER>  (Moved Permanently: 301)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.578 s
[INFO] Finished at: 2015-05-03T14:58:52+03:00
[INFO] Final Memory: 24M/297M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.jolokia:docker-maven-plugin:0.11.3:push (default-cli) on project docker-rest-server: Unable to push image [jufis/docker-rest-server:MVN_SRV_HRUSS_DOCKER_PLUGIN_master_b4ea6a1_9] to registry [http://localhost:5000] :  (Moved Permanently: 301) -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.jolokia:docker-maven-plugin:0.11.3:push (default-cli) on project docker-rest-server: Unable to push image [jufis/docker-rest-server:MVN_SRV_HRUSS_DOCKER_PLUGIN_master_b4ea6a1_9] to registry [http://localhost:5000] :  (Moved Permanently: 301)

[jufis]

in wireshark seems that your http post request doesn't follow redirects?

GET /v1.15/images/json?filter=http://localhost:5000/jufis/docker-rest-server HTTP/1.1
Accept: */*
Content-Type: application/json
Host: localhost:2375
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.3.6 (java 1.5)
Accept-Encoding: gzip,deflate

HTTP/1.1 200 OK
Content-Type: application/json
Date: Sun, 03 May 2015 12:25:45 GMT
Content-Length: 315

[{"Created":1430655819,"Id":"a21e4d8bbe60f1c0473a1c7fdaf7547e441752f38d8d23a4b6704a27e47e1ea5","ParentId":"e9b6a17d654e80ba4426d8874bef2769a46250fdfb6064be93c20271ff78ba5c","RepoTags":["http://localhost:5000/jufis/docker-rest-server:MVN_SRV_HRUSS_DOCKER_PLUGIN_master_b4ea6a1_9"],"Size":0,"VirtualSize":730082693}
]

POST /v1.15/images/http%3A%2F%2Flocalhost%3A5000%2Fjufis%2Fdocker-rest-server/push?tag=MVN_SRV_HRUSS_DOCKER_PLUGIN_master_b4ea6a1_9 HTTP/1.1
Accept: */*
Content-Type: application/json
Content-Length: 0
Host: localhost:2375
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.3.6 (java 1.5)
Accept-Encoding: gzip,deflate

HTTP/1.1 301 Moved Permanently
Location: /v1.15/images/http:/localhost:5000/jufis/docker-rest-server/push?tag=MVN_SRV_HRUSS_DOCKER_PLUGIN_master_b4ea6a1_9
Date: Sun, 03 May 2015 12:25:45 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8

[jufis]

In your ApacheHttpDelegate.java:87 add this:

builder.setRedirectStrategy(new LaxRedirectStrategy());

and should do the trick :)

[jufis]

Still that doesn't work....

[rhuss]

Sounds a little bit like the issue described here. I will try to apply the solution over there and let's see whether it works (although I really don't understand the purpose of the redirect, especially because the URL used for the registry (http://localhost:5000) has been mangled (to http:/localhost:5000). 'wonder whether it would help to do replace the double slash to a single slash within the plugin before so that a redirect could be avoided alltogether. Might be even a more straight forward solution.

[jufis]

thanks rhuss!

[jufis]

Even using a proper https docker registry I can see that it only talks to the local docker (latest version btw), here are the logs from docker:push goal:

.....
[DEBUG] http-outgoing-1 >> "DELETE /v1.15/images/https://registry.jufis.net/docker-rest-serverrr:MVN_SRV_HRUSS_DOCKER_PLUGIN_master_5ad2f48_10?https://registry.jufis.net/docker-rest-serverrr:MVN_SRV_HRUSS_DOCKER_PLUGIN_master_5ad2f48_10=0 HTTP/1.1[\r][\n]"
.....
[DEBUG] http-outgoing-1 << "HTTP/1.1 301 Moved Permanently[\r][\n]"
[DEBUG] http-outgoing-1 << "Location: /v1.15/images/https:/registry.jufis.net/docker-rest-serverrr:MVN_SRV_HRUSS_DOCKER_PLUGIN_master_5ad2f48_10?https://registry.jufis.net/docker-rest-serverrr:MVN_SRV_HRUSS_DOCKER_PLUGIN_master_5ad2f48_10=0[\r][\n]"
.....
[ERROR] DOCKER>  (Moved Permanently: 301)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

still the https:// gets https:/
...

[jufis]

even if I docker:remove and then docker:push still the same...

[jufis]

for my private https registry the problem was that I was prefixing https:// in the global registry tab of the plugin configl when i removed that https and put only the port it worked !!!

so either using my registry in the name or in the registry global conf with the pattern host:port it works without a problem....

example:

            <plugin>
                <groupId>org.jolokia</groupId>
                <artifactId>docker-maven-plugin</artifactId>
                <version>0.11.3</version>
                <configuration>
                    <dockerHost>tcp://0.0.0.0:2375</dockerHost>
                    <useColor>true</useColor>
                    <verbose>true</verbose>
                    <registry>registry.jufis.net:443</registry>
                    <authConfig>
                        <username></username>
                        <password></password>
                    </authConfig>
                    <images>
                        <image>
                            <alias>dockerServer</alias>
                            <!-- if there is no . or : before / like here there is no registry 
                                defined, so registry tag in use now -->
                            <name>jufis/docker-rest-server:${git.buildnumber}</name>

                            <build>
                                <from>dockerfile/java:oracle-java7</from>
                                <maintainer>jufis@jufis.net</maintainer>
                                <tags>
                                    <tag>${git.buildnumber}</tag>
                                </tags>

[jufis]

well the catch was to have an empty authentication token !!! my https registry is not using any basic auth at all but it seems that i need this !!!

[rhuss]

There are two main points I see here:

• I don't know whether a scheme in the registry/user part of a Docker Repository name is allowed or required for SSL. I have to research this. It is this double slash which results in the redirect. If this is the documented behaviour for the Docker REST API to specify a scheme with a single slash, then I will adapt the plugin to do this sort of preparation before calling out to the server. This should avoid this redirect.
• There was indeed an issue with empty authentication --> empty auth config required for authentication-less private registries #102 This will be fixed in the next release. In the meantime you should use the workaround that you found out ...

BTW, the plugin never talks directly with a registry. It always goes over the Docker host, which in turn will push the image to the registry. So it is naturally that you never will see any communication to the registry in the debug output.

(I cleaned up a bit your debugging output for better readability. 'hope you don't mind ...)

[rhuss]

AFAIS one shouldn't specify the scheme when referring to a registry. The docker host will find out the scheme (http/https) on its own. So I suggest to use registry.jufis.net:443/docker-rest-server:tag as you image name and setup the authentication stuff (remember: there's still this #102 bug) in your ~/.m2/settings.xml as explained here. That way you can omit the top-level registry configuration.

[rhuss]

Please let me know, whether this works for you (if you tried that). If so, I would like to close this issue.

[jufis]

Hello Roland,

Thank you for your great support. Yes I have tried that (without a scheme + empty auth) and it works and I can now push to the private ssl registry without a problem.

Please close the ticket. I appreciate for your valuable support on this matter. I guess you can make a research for the 2 points you mentioned above in another ticket/scope without this being open.

Cheers,
jufis.

[rhuss]

No problem, you are always welcome ;-)