Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Docker Repo null userName error



    1. Create a Docker Swarm using the new “Docker Swarm Mode”, built in since Docker 1.12. Swarm should have at least two nodes: 1 manager and one worker.
    2. Upload a Docker image to ProGet.
    3. SSH into the manager node and login to ProGet using:
      docker login <proget host>
    4. SSH into the manager node of the Swarm and try to create a service using the following command, replacing portions that are wrapped in <>:
      docker service create –name <some service name> --replicas 1 --constraint 'node.hostname== <worker host name>' --with-registry-auth <image name>:<version>
    5. Check the status of the service via the command line using:
      docker service ps <service name>
      Services that have failed or been rejected will give an indication as to why. In this case, the message reads: Unable to find image…
    6. Check the ProGet logs, and you will see an error message stating:
      An error occurred in the web application: Value cannot be null. Parameter name: username
    7. Remove the test service using:
      docker service rm <service name>
    8. SSH into the worker node and pull the container image using:
      docker pull <image name>:<version>
    9. SSH into the manager node and try the create again, this time omitting the –with-registry-auth parameter.
    10. The service should be up and running correctly.

    The details of the proget error are:

    URL: https://repoman.kaneva.com/v1/repositories/kava-docker/library/config-service/images
    Referrer: (not set)
    User: (unknown)
    User Agent: docker/1.13.0 go/go1.7.3 git-commit/49bf474 kernel/3.10.0-514.6.1.el7.x86_64 os/linux arch/amd64
    Stack trace: at Inedo.ProGet.Extensibility.UserDirectories.BuiltInDirectory.TryGetAndValidateUser(String userName, String password)
    at Inedo.ProGet.WebApplication.ProGetHttpModule.ValidateUser(HttpApplication app, String userName, String password)
    at Inedo.Web.InedoHttpModule.AuthenticateRequestAsync(HttpApplication app)
    at Inedo.Web.InedoHttpModule.ProcessBegin(Object sender, EventArgs e, AsyncCallback cb, Object extraData)
    at System.Web.HttpApplication.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Product: ProGet
    Version: 4.6.7


  • inedo-engineer

    I can't reproduce the problem you're having. Here's a log of what I tried with ProGet 4.7.4, Docker Machine 0.9.0, and Docker 1.13.1:

    PS C:\> docker-machine create --driver virtualbox --engine-insecure-registry 192.168.1.100:83 swarm-manager
    Running pre-create checks...
    Creating machine...
    (swarm-manager) Copying C:\Users\Owner\.docker\machine\cache\boot2docker.iso to C:\Users\Owner\.docker\machine\machines\swarm-manager\boot2docker.iso...
    (swarm-manager) Creating VirtualBox VM...
    (swarm-manager) Creating SSH key...
    (swarm-manager) Starting the VM...
    (swarm-manager) Check network to re-create if needed...
    (swarm-manager) Windows might ask for the permission to create a network adapter. Sometimes, such confirmation window is minimized in the taskbar.
    (swarm-manager) Found a new host-only adapter: "VirtualBox Host-Only Ethernet Adapter #2"
    (swarm-manager) Windows might ask for the permission to configure a network adapter. Sometimes, such confirmation window is minimized in the taskbar.
    (swarm-manager) Windows might ask for the permission to configure a dhcp server. Sometimes, such confirmation window is minimized in the taskbar.
    (swarm-manager) Waiting for an IP...
    Waiting for machine to be running, this may take a few minutes...
    Detecting operating system of created instance...
    Waiting for SSH to be available...
    Detecting the provisioner...
    Provisioning with boot2docker...
    Copying certs to the local machine directory...
    Copying certs to the remote machine...
    Setting Docker configuration on the remote daemon...
    Checking connection to Docker...
    Docker is up and running!
    To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: C:\ProgramData\choco
    latey\lib\docker-machine\bin\docker-machine.exe env swarm-manager
    PS C:\> docker-machine create --driver virtualbox --engine-insecure-registry 192.168.1.100:83 swarm-worker
    Running pre-create checks...
    Creating machine...
    (swarm-worker) Copying C:\Users\Owner\.docker\machine\cache\boot2docker.iso to C:\Users\Owner\.docker\machine\machines\swarm-worker\boot2docker.iso...
    (swarm-worker) Creating VirtualBox VM...
    (swarm-worker) Creating SSH key...
    (swarm-worker) Starting the VM...
    (swarm-worker) Check network to re-create if needed...
    (swarm-worker) Waiting for an IP...
    Waiting for machine to be running, this may take a few minutes...
    Detecting operating system of created instance...
    Waiting for SSH to be available...
    Detecting the provisioner...
    Provisioning with boot2docker...
    Copying certs to the local machine directory...
    Copying certs to the remote machine...
    Setting Docker configuration on the remote daemon...
    Checking connection to Docker...
    Docker is up and running!
    To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: C:\ProgramData\chocolatey\lib\docker-machine\bin\docker-machine.exe env swarm-worker
    PS C:\> docker-machine env swarm-manager | iex
    PS C:\> docker swarm init --advertise-addr 192.168.99.100
    time="2017-03-03T11:28:40-06:00" level=info msg="Unable to use system certificate pool: crypto/x509: system root pool is not available on Windows"
    Swarm initialized: current node (kb681q841gbm18jno2ktf157u) is now a manager.
    .
    To add a worker to this swarm, run the following command:
    .
        docker swarm join \
        --token SWMTKN-1-2q02a4egqsnybt7mjb7108zipjwvony48c8iad2kk6dobzt4k8-6ozavuh9gr7vpk1brracn5h6o \
        192.168.99.100:2377
    .
    To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
    .
    PS C:\> docker-machine env swarm-worker | iex
    PS C:\> docker swarm join --token SWMTKN-1-2q02a4egqsnybt7mjb7108zipjwvony48c8iad2kk6dobzt4k8-6ozavuh9gr7vpk1brracn5h6o 192.168.99.100:2377
    time="2017-03-03T11:29:38-06:00" level=info msg="Unable to use system certificate pool: crypto/x509: system root pool is not available on Windows"
    This node joined a swarm as a worker.
    PS C:\> docker-machine env swarm-manager | iex
    PS C:\> docker pull nginx
    time="2017-03-03T11:31:42-06:00" level=info msg="Unable to use system certificate pool: crypto/x509: system root pool is not available on Windows"
    Using default tag: latest
    latest: Pulling from library/nginx
    693502eb7dfb: Pull complete
    6decb850d2bc: Pull complete
    c3e19f087ed6: Pull complete
    Digest: sha256:52a189e49c0c797cfc5cbfe578c68c225d160fb13a42954144b29af3fe4fe335
    Status: Downloaded newer image for nginx:latest
    PS C:\> docker tag nginx 192.168.1.100:83/dockertest/nginx
    time="2017-03-03T11:33:11-06:00" level=info msg="Unable to use system certificate pool: crypto/x509: system root pool is not available on Windows"
    PS C:\> docker login 192.168.1.100:83
    time="2017-03-03T11:33:20-06:00" level=info msg="Unable to use system certificate pool: crypto/x509: system root pool is not available on Windows"
    Username: Admin
    Password:
    Login Succeeded
    PS C:\> docker push 192.168.1.100:83/dockertest/nginx
    time="2017-03-03T11:33:40-06:00" level=info msg="Unable to use system certificate pool: crypto/x509: system root pool is not available on Windows"
    The push refers to a repository [192.168.1.100:83/dockertest/nginx]
    e3a86ffb1c45: Pushed
    cf0d2468e726: Pushed
    d17d48b2382a: Pushed
    latest: digest: sha256:32e3cf2703f4e8f99426884247f9e0d4d5acdde4914fe7df70f74c76ba6216fe size: 6300
    PS C:\> docker service create --name q-6011 --replicas 1 --constraint 'node.hostname==swarm-worker' --with-registry-auth 192.168.1.100:83/dockertest/nginx:latest
    time="2017-03-03T11:35:29-06:00" level=info msg="Unable to use system certificate pool: crypto/x509: system root pool is not available on Windows"
    unable to pin image 192.168.1.100:83/dockertest/nginx:latest to digest: missing or empty Content-Length header
    5x9ctqpt9d2duv8gblzpws4ed
    PS C:\> docker service ps q-6011
    time="2017-03-03T11:36:19-06:00" level=info msg="Unable to use system certificate pool: crypto/x509: system root pool is not available on Windows"
    ID            NAME      IMAGE                                     NODE          DESIRED STATE  CURRENT STATE           ERROR  PORTS
    lcsz1x2ndgda  q-6011.1  192.168.1.100:83/dockertest/nginx:latest  swarm-worker  Running        Running 58 seconds ago
    


  • Hey Ben,

    Looking at your response to Ryan's question, it appears that you actually built the image on the worker node. When you did the "docker service create", it might have worked because the image was already present on the worker node. I'm seeing the same issue as Ryan, and that's the only way we've been able to work around it so far, by manually pulling the image on the worker before we do the call to create or update the service.

    Looking deeper into the error messages, it appears that the Docker image digest on ProGet doesn't match what you get when you either push or pull the image. For example:

    1. On Product: ProGet Version: 4.6.7
    2. Running Docker 1.13.1
    3. Run "docker pull node:alpine"
    4. Run "docker tag node:alpine my-proget-repo:443/node-test"
    5. Run "docker push my-proget-repo:443/node-test"
    6. Take note of the SHA256 digest for the image.
    7. On ProGet, examine the SHA256 digest of the image by clicking on the "latest" tag in the repo. Note that it doesn't match the digest from the previous step.
    8. Delete your local copy of the image "docker rmi node:alpine && docker rmi my-proget-repo:443/node-test"
    9. Try to pull the image from ProGet using the digest specified in ProGet: "docker pull my-proget-repo:443/node-test:latest@sha256....". This should fail.
    10. Pull the image without specifying the digest. Note that the digest does not match what's specified in ProGet.

    That's what we're actually seeing when we do a "docker service create". The manager node sends along the image digest from ProGet, and the worker node isn't able to verify it.

    Any idea what could be causing this difference?


  • inedo-engineer

    Ok, I've found the problem: Docker image manifests have a really complicated way to compute their digest:

    1. Parse the manifest as JSON, keeping key order.
    2. Remove the "signatures" key of the root object.
    3. Re-encode the new root object as JSON, with 3(!) space indents, LF newlines, and no newline at the end.
    4. Compute a SHA256 hashsum.

    The problem was that on Windows, ProGet re-encoded the new root object with CRLF newlines.

    This is fixed for the next version. (4.7.7)


Log in to reply
 

Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation