search

jenkinsci / docker-plugin

Jenkins cloud plugin that uses Docker
https://plugins.jenkins.io/docker-plugin/
MIT License
486 stars 322 forks source link

Docker 27.0.1: Failure to login to docker registry with port #1082

Closed linsomniac closed 1 week ago

linsomniac commented 2 weeks ago

Jenkins and plugins versions report

Environment ```text Jenkins: 2.452.2 OS: Linux - 5.15.0-105-generic Java: 17.0.11 - Amazon.com Inc. (OpenJDK 64-Bit Server VM) --- ace-editor:1.1 ansible:403.v8d0ca_dcb_b_502 ansicolor:1.0.4 ant:497.v94e7d9fffa_b_9 antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 apache-httpcomponents-client-5-api:5.3.1-1.0 asm-api:9.7-33.v4d23ef79fcc8 authentication-tokens:1.113.v81215a_241826 bitbucket-oauth:0.13 bootstrap4-api:4.6.0-6 bootstrap5-api:5.3.3-1 bouncycastle-api:2.30.1.78.1-233.vfdcdeb_0a_08a_a_ branch-api:2.1169.va_f810c56e895 build-symlink:1.1 build-timeout:1.33 build-user-vars-plugin:166.v52976843b_435 caffeine-api:3.1.8-133.v17b_1ff2e0599 checks-api:2.2.0 cloud-stats:336.v788e4055508b_ cloudbees-folder:6.928.v7c780211d66e command-launcher:107.v773860566e2e commons-lang3-api:3.14.0-76.vda_5591261cfe commons-text-api:1.12.0-119.v73ef73f2345d convert-to-pipeline:1.0 credentials:1337.v60b_d7b_c7b_c9f credentials-binding:677.vdc9d38cb_254d dashboard-view:2.508.va_74654f026d1 dependency-check-jenkins-plugin:5.5.0 display-url-api:2.204.vf6fddd8a_8b_e9 docker-commons:439.va_3cb_0a_6a_fb_29 docker-java-api:3.3.6-90.ve7c5c7535ddd docker-workflow:580.vc0c340686b_54 durable-task:555.v6802fe0f0b_82 echarts-api:5.5.0-1 eddsa-api:0.3.0-4.v84c6f0f4969e email-ext:1814.v404722f34263 emailext-template:1.5 external-monitor-job:215.v2e88e894db_f8 font-awesome-api:6.5.2-1 git:5.2.2 git-client:5.0.0 git-push:34.vd474e0fe7b_ec git-server:126.v0d945d8d2b_39 gradle:2.12 gson-api:2.11.0-41.v019fcf6125dc instance-identity:185.v303dc7c645f9 ionicons-api:74.v93d5eb_813d5f jackson2-api:2.17.0-379.v02de8ec9f64c jakarta-activation-api:2.1.3-1 jakarta-mail-api:2.1.3-1 javadoc:243.vb_b_503b_b_45537 javax-activation-api:1.2.0-7 javax-mail-api:1.6.2-10 jaxb:2.3.9-1 jdk-tool:73.vddf737284550 jnr-posix-api:3.1.19-2 joda-time-api:2.12.7-29.v5a_b_e3a_82269a_ jquery-detached:1.2.1 jquery3-api:3.7.1-2 jsch:0.2.16-86.v42e010d9484b_ json-api:20240303-41.v94e11e6de726 json-path-api:2.9.0-58.v62e3e85b_a_655 junit:1265.v65b_14fa_f12f0 ldap:725.v3cb_b_711b_1a_ef mailer:472.vf7c289a_4b_420 mapdb-api:1.0.9-40.v58107308b_7a_7 matrix-auth:3.2.2 matrix-project:832.va_66e270d2946 maven-plugin:3.23 mina-sshd-api-common:2.12.1-113.v4d3ea_5eb_7f72 mina-sshd-api-core:2.12.1-113.v4d3ea_5eb_7f72 momentjs:1.1.1 nexus-jenkins-plugin:3.13.20220201-143240.3d657a5 pam-auth:1.11 performance:962.v95a_4913d332e pipeline-build-step:540.vb_e8849e1a_b_d8 pipeline-graph-analysis:216.vfd8b_ece330ca_ pipeline-groovy-lib:727.ve832a_9244dfa_ pipeline-input-step:495.ve9c153f6067b_ pipeline-milestone-step:119.vdfdc43fc3b_9a_ pipeline-model-api:2.2198.v41dd8ef6dd56 pipeline-model-definition:2.2198.v41dd8ef6dd56 pipeline-model-extensions:2.2198.v41dd8ef6dd56 pipeline-rest-api:2.34 pipeline-stage-step:312.v8cd10304c27a_ pipeline-stage-tags-metadata:2.2198.v41dd8ef6dd56 pipeline-stage-view:2.34 plain-credentials:182.v468b_97b_9dcb_8 plugin-util-api:4.1.0 popper-api:1.16.1-3 popper2-api:2.11.6-4 postbuild-task:1.9 preSCMbuildstep:71.v1f2990a_37e27 pwauth:0.4 rake:1.8.0 release:2.19 resource-disposer:0.23 robot:3.5.2 rubyMetrics:1.6.5 scm-api:690.vfc8b_54395023 script-security:1341.va_2819b_414686 snakeyaml-api:2.2-111.vc6598e30cc65 ssh:2.6.1 ssh-agent:367.vf9076cd4ee21 ssh-credentials:337.v395d2403ccd4 ssh-slaves:2.973.v0fa_8c0dea_f9f sshd:3.330.vc866a_8389b_58 structs:337.v1b_04ea_4df7c8 timestamper:1.27 token-macro:400.v35420b_922dcb_ trilead-api:2.147.vb_73cc728a_32e variant:60.v7290fc0eb_b_cd versioncolumn:243.vda_c20eea_a_8a_f windows-slaves:1.8.1 workflow-aggregator:596.v8c21c963d92d workflow-api:1316.v33eb_726c50b_a_ workflow-basic-steps:1058.vcb_fc1e3a_21a_9 workflow-cps:3903.v48a_8836749e9 workflow-cps-global-lib:612.v55f2f80781ef workflow-durable-task-step:1353.v1891a_b_01da_18 workflow-job:1400.v7fd111b_ec82f workflow-multibranch:783.787.v50539468395f workflow-scm-step:427.v4ca_6512e7df1 workflow-step-api:657.v03b_e8115821b_ workflow-support:907.v6713a_ed8a_573 ws-cleanup:0.46 xvfb:1.2 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu 22.04

Reproduction steps

  1. Set up a TLS registry at a non-443 port (like 444).
  2. Configure "Declarative Pipeline (Docker)" in Jenkins settings to be Registry URL of "https://myregistry.example.com:444"
  3. Upgrade from docker-ce 26.1.4 to docker-ce 27.0.1.
  4. Run a build.

Expected Results

Successful build.

Actual Results

In console output received I received the following:

[Pipeline] withDockerRegistry
15:31:38  $ docker login -u dockerupload -p ******** https://myregistry.example.com:444/
15:31:38  WARNING! Using --password via the CLI is insecure. Use --password-stdin.
15:31:38  Error response from daemon: login attempt to https://myregistry.example.com/v2/ failed with status: 404 Not Found
[Pipeline] // withDockerRegistry

NOTE: The "docker login" line has the 444, the "Error" line does not.

I have verified that if I upgrade to docker v27, I my agent will only hit port 443, and if I downgrade to 26.1.4 it only hits 444.

I've verified that if I run, at the CLI on my agent machine: docker login https://myregistry.example.com:444/v2/ I get the 404 error (indicating it is going to the wrong port, also the "Error" line above):

Error response from daemon: login attempt to https://myregistry.example.com/v2/ failed with status: 404 Not Found

If I instead do: docker login myregistry.example.com:444 it reports:

Error response from daemon: login attempt to https://myregistry.example.com:444/v2/ failed with status: 401 Unauthorized

(I entered an invalid username/password for testing).

If I downgrade Docker to v26.1.4, both of the above commands produce the "401 Unauthorized" result.

I cannot change my "Declarative Pipeline (Docker)" settings to remove the https:// because Jenkins will error out with "Unknown protocol myregistry.example.com".

Anything else?

I'm opening a bug with Docker as well, as this seems to be a change that is not documented in their release notes.

Are you interested in contributing a fix?

I'm not able to contribute a fix.

linsomniac commented 2 weeks ago

Bug opened in Docker: https://github.com/docker/cli/issues/5194

linsomniac commented 1 week ago

Docker has determined this is a regression, and has committed a PR to resolve this. Resolution for the moment is to revert to 26.1.4, until 27.0.2+ is available.