Problem:
We created and published a content view containing a synced, remote Docker registry from Docker Hub. When we try to pull from the published URL, we receive “Error response from daemon: Get https://foreman.example.com:5000/v2/: Forbidden”. We have found no reference in ANY log to this event. We have tried this from a remote Docker server and from Docker installed on the Foreman server. Firewalls are open and tested.
Expected outcome:
Expect to pull a tagged image.
Foreman and Proxy versions:
Foreman 1.23.0, Katello 3.13.1
Distribution and version:
Oracle Linux 7.7
Other relevant data:
Could find no log entries.
Just updated to Foreman 1.23.1 and Katello 3.13.2. Same result.
I just tested this and it worked without issue on a fresh 3.13 install:
# docker pull centos7-katello-3-13.windhelm.example.com:5000/default_organization-file_test-docker
Using default tag: latest
Trying to pull repository centos7-katello-3-13.windhelm.example.com:5000/default_organization-file_test-docker ...
sha256:a6ecbb1553353a08936f50c275b010388ed1bd6d9d84743c7e8e7468e2acd82e: Pulling from centos7-katello-3-13.windhelm.example.com:5000/default_organization-file_test-docker
0fc456f626d7: Pull complete
bfb6cf77b122: Pull complete
9504711983ec: Pull complete
Digest: sha256:a6ecbb1553353a08936f50c275b010388ed1bd6d9d84743c7e8e7468e2acd82e
Status: Downloaded newer image for centos7-katello-3-13.windhelm.example.com:5000/default_organization-file_test-docker:latest
Can you tail the apache logs while trying to docker pull?
tail -f -n0 /var/log/httpd/*
Ok, I fixed the problem. The file “http-proxy.conf” existed in /etc/systemd/system/docker.service.d/. I removed it, executed “systemctl daemon-reload” and “systemctl restart docker”, and all was well.