[systemd-devel] [PATCH 0/5] systemd-importd - support for pulling from V2 Dkr registries

Vincent Batts vbatts at redhat.com
Mon May 11 07:32:39 PDT 2015

On 09/05/15 00:31 +0200, Pavel Odvody wrote:
>On Fri, 2015-05-08 at 14:33 -0400, Vincent Batts wrote:
>> On 08/05/15 11:31 +1000, Daurnimator wrote:
>> >On 8 May 2015 at 01:46, Pavel Odvody <podvody at redhat.com> wrote:
>> >>  - To access the V2 registry we need to send a special User-Agent
>> >>    docker/1.6.0
>> >
>> >Is this really required?
>> >Can we request they change something server side?
>> I would have to double check the behavior on their docker hub, but for
>> local registries this user agent header is not required. It is the
>> expectation that a docker registry can always be served as a static file
>> tree (pull only).
>> vb
>$ curl -XGET https://registry-1.docker.io/v2/library/node/manifests/latest
><title>404 Not Found</title>
><h1>Not Found</h1>
><p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>
>$ curl -XGET -H"User-Agent: docker/1.6.0" https://registry-1.docker.io/v2/library/node/manifests/latest
>{"errors":[{"code":"UNAUTHORIZED","message":"access to the requested resource is not authorized","detail":[{"Type":"repository","Name":"library/node","Action":"pull"}]}]}
>I actually added a little clarification in my 5th patch:
>"User-Agent: do" /* otherwise we get load-balanced(!) to a V1 registyry */
>(I got this information from Andy G.)
>The second request obviously fails due to the bearer token not being provided,
>but at least we can see that we're hitting the correct endpoint here.
>I think that this is the correct behavior, since the original systemd-pull
>workflow was to check the Hub first and obtain the token, which I'm simply
>following here, however the token is now obtained from a separate endpoint.
>The thing is that the argument is --dkr-index-url, so we're actually specifying
>the Hub URL here and there's no way to specify a registry alone.
>(the "mirror" registry is received in HTTP headers from the Hub)
>Sounds like a topic for another patch?
>I hope that the pull-only policy will be relaxed soon :) A lot of roundtrips ...

I understand they've done this on their hub, to route client versions 
< 1.6.0 which can not do the v2 api. There ought to be a way not no
require UA headers. Will see what I can do.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150511/8f6234c2/attachment.sig>

More information about the systemd-devel mailing list