Thank you for the response. We are still having issues with the network settings. Thanks in advance for the help.
Hi, > > I'm doing some integration work with Openshift Origin 1.1.6 and I'm > running across this issue (occurs both with a binary built from source and > using the binary release): > > # oc logs -f dc/docker-registry > > F0509 21:10:07.958966 1 deployer.go:70] couldn't get deployment > default/docker-registry-1: Get > https://172.30.0.1:443/api/v1/namespaces/default/replicationcontrollers/docker-registry-1 > <https://172.30.0.1/api/v1/namespaces/default/replicationcontrollers/docker-registry-1>: > dial tcp172.30.0.1:443: i/o timeout > > Unless I'm misinterpreting something, that's a straight up TCP/IP timeout, > yet when I use curl against this URL I get this: > > #curl > https://172.30.0.1:443/api/v1/namespaces/default/replicationcontrollers/docker-registry-1 > <https://172.30.0.1/api/v1/namespaces/default/replicationcontrollers/docker-registry-1> > { > "kind": "Status", > "apiVersion": "v1", > "metadata": {}, > "status": "Failure", > "message": "User \"system:anonymous\" cannot get replicationcontrollers > in project \"default\"", > "reason": "Forbidden", > "details": { > "name": "docker-registry-1", > "kind": "replicationcontrollers" > }, > "code": 403 > } > > Which I suppose is to be expected since I haven't supplied credentials, > but clearly the service is reachable. > An easy unauth'd health check path is curl REGISTRY:5000/healthz > I've done nothing in this case but set up docker, run the openshift > binary, and attempt to deploy the registry using these commands: > > #oc create serviceaccount registry -n default > #oadm policy add-scc-to-user privileged > system:serviceaccount:default:registry > #oadm registry --service-account=registry \ > --config=openshift.local.config/master/admin.kubeconfig \ > > --credentials=openshift.local.config/master/openshift-registry.kubeconfig \ > --mount-host=/opt/registry > > > The registry command has been simplified so you shouldn't need to create the sa and update policy. You should be able to run oadm registry --mount-host=/opt/registry and be good to go. That will use a service account in the registry pod. You can get logs from the registry pod: oc get pods oc logs <name-of-registry-pod> On Wed, May 11, 2016 at 12:08 PM, Aaron Weitekamp <[email protected]> wrote: > On Wed, May 11, 2016 at 12:39 PM, David Dimas <[email protected]> > wrote: > >> Hi, >> >> I'm doing some integration work with Openshift Origin 1.1.6 and I'm >> running across this issue (occurs both with a binary built from source and >> using the binary release): >> >> # oc logs -f dc/docker-registry >> >> F0509 21:10:07.958966 1 deployer.go:70] couldn't get deployment >> default/docker-registry-1: Get >> https://172.30.0.1:443/api/v1/namespaces/default/replicationcontrollers/docker-registry-1 >> <https://172.30.0.1/api/v1/namespaces/default/replicationcontrollers/docker-registry-1>: >> dial tcp172.30.0.1:443: i/o timeout >> >> Unless I'm misinterpreting something, that's a straight up TCP/IP >> timeout, yet when I use curl against this URL I get this: >> >> #curl >> https://172.30.0.1:443/api/v1/namespaces/default/replicationcontrollers/docker-registry-1 >> <https://172.30.0.1/api/v1/namespaces/default/replicationcontrollers/docker-registry-1> >> { >> "kind": "Status", >> "apiVersion": "v1", >> "metadata": {}, >> "status": "Failure", >> "message": "User \"system:anonymous\" cannot get replicationcontrollers >> in project \"default\"", >> "reason": "Forbidden", >> "details": { >> "name": "docker-registry-1", >> "kind": "replicationcontrollers" >> }, >> "code": 403 >> } >> >> Which I suppose is to be expected since I haven't supplied credentials, >> but clearly the service is reachable. >> > > An easy unauth'd health check path is curl REGISTRY:5000/healthz > Running the above above command: # curl REGISTRY:5000/healthz curl: (7) Failed connect to REGISTRY:5000; Connection refused > > >> I've done nothing in this case but set up docker, run the openshift >> binary, and attempt to deploy the registry using these commands: >> >> #oc create serviceaccount registry -n default >> #oadm policy add-scc-to-user privileged >> system:serviceaccount:default:registry >> #oadm registry --service-account=registry \ >> --config=openshift.local.config/master/admin.kubeconfig \ >> >> --credentials=openshift.local.config/master/openshift-registry.kubeconfig \ >> --mount-host=/opt/registry >> >> >> > The registry command has been simplified so you shouldn't need to create > the sa and update policy. You should be able to run oadm registry > --mount-host=/opt/registry and be good to go. That will use a service > account in the registry pod. You can get logs from the registry pod: > oc get pods > oc logs <name-of-registry-pod> > Retried with simplified command but still getting the same error. # oc get pods NAME READY STATUS RESTARTS AGE docker-registry-1-deploy 0/1 Error 0 19h # oc logs docker-registry-1-deploy F0519 19:04:07.442052 1 deployer.go:70] couldn't get deployment default/docker-registry-1: Get https://172.30.0.1:443/api/v1/namespaces/default/replicationcontrollers/docker-registry-1: dial tcp 172.30.0.1:443: i/o timeout Here is the master-config.yaml # cat /opt/openshift/openshift.local.config/master/master-config.yaml admissionConfig: pluginConfig: null apiLevels: - v1 apiVersion: v1 assetConfig: extensionDevelopment: false extensionScripts: null extensionStylesheets: null extensions: null loggingPublicURL: "" logoutURL: "" masterPublicURL: https://104.36.17.74:8443 metricsPublicURL: "" publicURL: https://104.36.17.74:8443/console/ servingInfo: bindAddress: 0.0.0.0:8443 bindNetwork: tcp4 certFile: master.server.crt clientCA: "" keyFile: master.server.key maxRequestsInFlight: 0 namedCertificates: null requestTimeoutSeconds: 0 controllerLeaseTTL: 0 controllers: '*' corsAllowedOrigins: - 104.36.17.74:8443 - 127.0.0.1 - localhost disabledFeatures: null dnsConfig: allowRecursiveQueries: false bindAddress: 0.0.0.0:53 bindNetwork: tcp4 etcdClientInfo: ca: ca.crt certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: - https://104.36.17.74:4001 etcdConfig: address: 104.36.17.74:4001 peerAddress: 104.36.17.74:7001 peerServingInfo: bindAddress: 0.0.0.0:7001 bindNetwork: tcp4 certFile: etcd.server.crt clientCA: ca.crt keyFile: etcd.server.key namedCertificates: null servingInfo: bindAddress: 0.0.0.0:4001 bindNetwork: tcp4 certFile: etcd.server.crt clientCA: ca.crt keyFile: etcd.server.key namedCertificates: null storageDirectory: /opt/openshift/openshift.local.etcd etcdStorageConfig: kubernetesStoragePrefix: kubernetes.io kubernetesStorageVersion: v1 openShiftStoragePrefix: openshift.io openShiftStorageVersion: v1 imageConfig: format: openshift/origin-${component}:${version} latest: false imagePolicyConfig: disableScheduledImport: false maxImagesBulkImportedPerRepository: 5 maxScheduledImageImportsPerMinute: 60 scheduledImageImportMinimumIntervalSeconds: 900 kind: MasterConfig kubeletClientInfo: ca: ca.crt certFile: master.kubelet-client.crt keyFile: master.kubelet-client.key port: 10250 kubernetesMasterConfig: admissionConfig: pluginConfig: null apiLevels: null apiServerArguments: null controllerArguments: null disabledAPIGroupVersions: {} masterCount: 1 masterIP: 104.36.17.74 podEvictionTimeout: 5m proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key schedulerConfigFile: "" servicesNodePortRange: 30000-32767 servicesSubnet: 172.30.0.0/16 staticNodeNames: null masterClients: externalKubernetesKubeConfig: "" openshiftLoopbackKubeConfig: openshift-master.kubeconfig masterPublicURL: https://104.36.17.74:8443 networkConfig: clusterNetworkCIDR: 10.128.0.0/14 externalIPNetworkCIDRs: null hostSubnetLength: 9 networkPluginName: "" serviceNetworkCIDR: 172.30.0.0/16 oauthConfig: alwaysShowProviderSelection: false assetPublicURL: https://104.36.17.74:8443/console/ grantConfig: method: auto identityProviders: - challenge: true login: true mappingMethod: claim name: anypassword provider: apiVersion: v1 kind: AllowAllPasswordIdentityProvider masterCA: ca-bundle.crt masterPublicURL: https://104.36.17.74:8443 masterURL: https://104.36.17.74:8443 sessionConfig: sessionMaxAgeSeconds: 300 sessionName: ssn sessionSecretsFile: "" templates: null tokenConfig: accessTokenMaxAgeSeconds: 86400 authorizeTokenMaxAgeSeconds: 300 pauseControllers: false policyConfig: bootstrapPolicyFile: policy.json openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift userAgentMatchingConfig: defaultRejectionMessage: "" deniedClients: null requiredClients: null projectConfig: defaultNodeSelector: "" projectRequestMessage: "" projectRequestTemplate: "" securityAllocator: mcsAllocatorRange: s0:/2 mcsLabelsPerProject: 5 uidAllocatorRange: 1000000000-1999999999/10000 routingConfig: subdomain: router.default.svc.cluster.local serviceAccountConfig: limitSecretReferences: false managedNames: - default - builder - deployer masterCA: ca-bundle.crt privateKeyFile: serviceaccounts.private.key publicKeyFiles: - serviceaccounts.public.key servingInfo: bindAddress: 0.0.0.0:8443 bindNetwork: tcp4 certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key maxRequestsInFlight: 500 namedCertificates: null requestTimeoutSeconds: 3600 > > > > >> >> -- John
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
