Nexus3m6 Docker support : can't search nor pull : 404 error

[Anthony Dahanne]

Hello all,

I've just downloaded Nexus 3 m6, and been trying out docker support

I've followed Manfred videos from :

http://www.sonatype.org/nexus/2015/09/22/docker-and-nexus-3-ready-set-action/

Even though some stuff has changed between m5 and m6 (such as some properties that have moved from etc/custom.properties to etc/org.sonatype.nexus.cfg), I think I got the configuration right.

I do :

$ bin/nexus restart

$ tail -f data/log/nexus.log

and I get :

2015-12-28 18:18:35,687-0500 INFO  [jetty-main-1] *SYSTEM org.eclipse.jetty.server.ServerConnector - Started ServerConnector@51c56766{HTTP/1.1,[http/1.1]}{0.0.0.0:8081}

2015-12-28 18:18:35,694-0500 INFO  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory - x509=X509@498bb21(mydomain,h=[],w=[]) for SslContextFactory@7e1c1283(file:///Users/adah/Downloads/nexus-3.0.0-b2015110601/etc/ssl/keystore.jks,file:///Users/adah/Downloads/nexus-3.0.0-b2015110601/etc/ssl/keystore.jks)

2015-12-28 18:18:35,825-0500 INFO  [jetty-main-1] *SYSTEM org.eclipse.jetty.server.ServerConnector - Started ServerConnector@777d0dd6{SSL,[ssl, http/1.1]}{0.0.0.0:8443}

2015-12-28 18:18:35,826-0500 INFO  [jetty-main-1] *SYSTEM org.eclipse.jetty.server.Server - Started @19361ms

2015-12-28 18:18:35,827-0500 INFO  [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer -

-------------------------------------------------

Started Sonatype Nexus OSS 3.0.0-b2015110601

-------------------------------------------------

2015-12-28 18:18:35,836-0500 INFO  [jetty-main-1] *SYSTEM org.eclipse.jetty.server.ServerConnector - Started ServerConnector@9eeba7b{SSL,[ssl, http/1.1]}{0.0.0.0:18444}

2015-12-28 18:18:35,840-0500 INFO  [jetty-main-1] *SYSTEM org.eclipse.jetty.server.ServerConnector - Started ServerConnector@233733b4{SSL,[ssl, http/1.1]}{0.0.0.0:18443}

so far, so good - SSL seems to be setup ok, as well as my 2 Docker specific connectors

Then, I did a : 

$ docker search 192.168.1.15:18443/postgres

but I got :

Error response from daemon: invalid registry endpoint https://192.168.1.15:18443/v0/: unable to ping registry endpoint https://192.168.1.15:18443/v0/

v2 ping attempt failed with error: Get https://192.168.1.15:18443/v2/: x509: cannot validate certificate for 192.168.1.15 because it doesn't contain any IP SANs

 v1 ping attempt failed with error: Get https://192.168.1.15:18443/v1/_ping: x509: cannot validate certificate for 192.168.1.15 because it doesn't contain any IP SANs. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.1.15:18443` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/192.168.1.15:18443/ca.crt

well, ok, so I updated my docker daemon configuration with --insecure-registry 192.168.1.15:18443

and then, I retried :

$ docker search 192.168.1.15:18443/postgres

Error response from daemon: Unexpected status code 404

and the nexus log :

2015-12-28 18:23:48,689-0500 INFO  [qtp972380136-91] *UNKNOWN org.apache.shiro.session.mgt.AbstractValidatingSessionManager - Enabling session validation scheduler...

2015-12-28 18:23:48,701-0500 INFO  [qtp972380136-91] *UNKNOWN org.sonatype.nexus.security.internal.AnonymousManagerImpl - Using default configuration: AnonymousConfiguration{enabled=true, userId='anonymous', realmName='NexusAuthorizingRealm'}

hmmm... not sure how to interpret those logs...

so I tried logging in :

$ docker login 192.168.1.15:18443

Username: admin

Password:

Email: ad...@sonatype.org

WARNING: login credentials saved in /Users/adah/.docker/config.json

Login Succeeded

and then I retried :

$ docker search 192.168.1.15:18443/postgres

Error response from daemon: Unexpected status code 404

and no additional logs from nexus.log - so apparently I needed to login

Maybe search is not working (even though I ticked the box for v1 api), so I tried with pull :

$ docker pull 192.168.1.15:18443/postgres

Using default tag: latest

Pulling repository 192.168.1.15:18443/postgres

Error: image postgres:latest not found

and I got in the logs :

2015-12-28 18:27:21,790-0500 WARN  [qtp972380136-104] admin org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: GET /v2/postgres/manifests/latest: 401 - org.sonatype.nexus.repository.docker.internal.V2Exception: access to the requested resource is not authorized

2015-12-28 18:27:21,821-0500 WARN  [qtp972380136-104] admin org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: GET /v2/postgres/manifests/latest: 404 - org.sonatype.nexus.repository.docker.internal.V2Exception$ManifestUnknownByTag: manifest unknown

2015-12-28 18:27:21,822-0500 WARN  [qtp972380136-104] admin org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: GET /v2/postgres/manifests/latest: 404 - org.sonatype.nexus.repository.docker.internal.V2Exception$ManifestUnknownByTag: manifest unknown

well, now I'm stuck, I don't know what to do next to make docker support work in nexus3...

Nexus gurus, I'm asking for your help, please help me !

Thanks in advance,

Anthony

[Manfred Moser]

You have to activate support for the v1 protocol for the repository
you want to access for search. This is due to some oddities in the
Docker protocol handling where some parts are just not yet available
in v2 (e.g. search). This is documented in

> --
> You received this message because you are subscribed to the Google Groups
> "Nexus Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to nexus-users...@glists.sonatype.com.
> To post to this group, send email to nexus...@glists.sonatype.com.
> To view this discussion on the web visit
> https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/993c8230-7c27-4041-a1d1-d7685405371c%40glists.sonatype.com.
> For more options, visit
> https://groups.google.com/a/glists.sonatype.com/d/optout.

[Manfred Moser]

Missed the link...
http://books.sonatype.com/nexus-book/3.0/reference/docker.html#docker-registry-api

It was implemented as part of the v2 support after I created the initial video.

Apart from everything seems to be okay from what you sent. We are also
finding some odd behaviour of certain Docker versions so let us know
more detail if you dont get it going.

Manfred

[Anthony Dahanne]

ha !

thanks Manfred ! I thought I already did that (enable v1 protocol) but I did not...

Actually, I enabled it for the docker-hub repo, and not docker-all ... (or vice versa)

Anyway, that works now !

$ docker pull 192.168.1.15:18443/postgres

Using default tag: latest

Pulling repository 192.168.1.15:18443/postgres

6d6a71f8528e: Download complete

6d1ae97ee388: Download complete

8b9a99209d5c: Download complete

aca0de2e88e4: Download complete

4e18688e5401: Download complete

f5ce04cbd1f2: Download complete

05d67fbe1cfc: Download complete

8590335bd321: Download complete

ae2022ebde2b: Download complete

c6165a5792f2: Download complete

0464b8c4c17d: Download complete

65a3e4220a98: Download complete

44f068a27deb: Download complete

713e14682e0e: Download complete

fdaf3cda7ea6: Download complete

4b7fd1d5cf8f: Download complete

896bb6bb0836: Download complete

d40ce87c0748: Download complete

db1f8f1cb828: Download complete

9332724dfc55: Download complete

7044b3a6cd78: Download complete

Status: Downloaded newer image for 192.168.1.15:18443/postgres:latest

thanks for your help Manfred !

Happy holidays

Anthony

PS : maybe you could add in the nexus.log a hint such as "image postgres was not found in docker-internal, and v1 protocol not activated for docker-hub"

[Manfred Moser]

I am glad its working for you now and happy holidays to you all on the
list as well.

Btw. we are looking forward to more feedback like this and encourage
you all to chime in here.

manfred

> https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/6005ea31-a89f-4cc7-8cf5-e300a5294932%40glists.sonatype.com.