[ https://issues.apache.org/jira/browse/MESOS-6010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15820967#comment-15820967 ]
Jan Schlicht edited comment on MESOS-6010 at 1/12/17 1:17 PM: -------------------------------------------------------------- To reproduce what's going on here in detail: {noformat} docker run -d -p 3128:3128 minimum2scp/squid export https_proxy=127.0.0.1:3128 curl -vvv https://user:p...@httpbin.org/basic-auth/user/pass {noformat} which will produce this output: {noformat} * Trying 127.0.0.1... * TCP_NODELAY set * Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0) * Establish HTTP proxy tunnel to httpbin.org:443 * Server auth using Basic with user 'user' > CONNECT httpbin.org:443 HTTP/1.1 > Host: httpbin.org:443 > User-Agent: curl/7.51.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: *.httpbin.org * Server certificate: COMODO RSA Domain Validation Secure Server CA * Server certificate: COMODO RSA Certification Authority * Server auth using Basic with user 'user' > GET /basic-auth/user/pass HTTP/1.1 > Host: httpbin.org > Authorization: Basic dXNlcjpwYXNz > User-Agent: curl/7.51.0 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Thu, 12 Jan 2017 13:05:00 GMT < Content-Type: application/json < Content-Length: 47 < Connection: keep-alive < Access-Control-Allow-Origin: * < Access-Control-Allow-Credentials: true < { "authenticated": true, "user": "user" } * Curl_http_done: called premature == 0 * Connection #0 to host 127.0.0.1 left intact {noformat} To use SSL through a proxy, curl uses [HTTP CONNECT tunnelling|https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling]. This means that 2 HTTP requests are made and we get 2 HTTP responses. The first response is a problem for {{http_parser}} because it doesn't have any headers. We can force {{http_parser}} to parse this anyways but then the body of that message would be the second HTTP response. was (Author: nfnt): To reproduce what's going on here in detail: {noformat} docker run -d -p 3128:3128 minimum2scp/squid export https_proxy=127.0.0.1:3128 curl -vvv https://user:p...@httpbin.org/basic-auth/user/pass {noformat} To use SSL through a proxy, curl uses [HTTP CONNECT tunnelling|https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling]. This means that 2 HTTP requests are made and we get 2 HTTP responses. The first response is a problem for {{http_parser}} because it doesn't have any headers. We can force {{http_parser}} to parse this anyways but then the body of that message would be the second HTTP response. > Docker registry puller shows decode error "No response decoded". > ---------------------------------------------------------------- > > Key: MESOS-6010 > URL: https://issues.apache.org/jira/browse/MESOS-6010 > Project: Mesos > Issue Type: Bug > Components: containerization, docker > Affects Versions: 1.0.0, 1.0.1 > Reporter: Sunzhe > Assignee: Jan Schlicht > Priority: Critical > Labels: Docker, mesos-containerizer > > The {{mesos-agent}} flags: > {code} > GLOG_v=1 ./bin/mesos-agent.sh \ > --master=zk://${MESOS_MASTER_IP}:2181/mesos \ > --ip=10.100.3.3 \ > --work_dir=${MESOS_WORK_DIR} \ > > --isolation=cgroups/devices,gpu/nvidia,disk/du,docker/runtime,filesystem/linux > \ > --enforce_container_disk_quota \ > --containerizers=mesos \ > --image_providers=docker \ > --executor_environment_variables="{}" > {code} > And the {{mesos-execute}} flags: > {code} > ./src/mesos-execute \ > --master=${MESOS_MASTER_IP}:5050 \ > --name=${INSTANCE_NAME} \ > --docker_image=${DOCKER_IMAGE} \ > --framework_capabilities=GPU_RESOURCES \ > --shell=false > {code} > But when {{./src/mesos-execute}}, the errors like below: > {code} > I0809 16:11:46.207875 25583 scheduler.cpp:172] Version: 1.0.0 > I0809 16:11:46.212442 25582 scheduler.cpp:461] New master detected at > master@10.103.0.125:5050 > Subscribed with ID '168ab900-ee7e-4829-a59a-d16de956637e-0009' > Submitted task 'test' to agent '168ab900-ee7e-4829-a59a-d16de956637e-S1' > Received status update TASK_FAILED for task 'test' > message: 'Failed to launch container: Failed to decode HTTP responses: No > response decoded > HTTP/1.1 200 Connection established > HTTP/1.1 401 Unauthorized > Content-Type: application/json; charset=utf-8 > Docker-Distribution-Api-Version: registry/2.0 > Www-Authenticate: Bearer > realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/redis:pull" > Date: Tue, 09 Aug 2016 08:10:32 GMT > Content-Length: 145 > Strict-Transport-Security: max-age=31536000 > {"errors":[{"code":"UNAUTHORIZED","message":"authentication > required","detail":[{"Type":"repository","Name":"library/redis","Action":"pull"}]}]} > ; Container destroyed while provisioning images' > source: SOURCE_AGENT > reason: REASON_CONTAINER_LAUNCH_FAILED > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)