subject:"Issues with the built\-in registry"

Re: Issues with the built-in registry

2016-01-29 Thread Andy Goldstein

ls -laZ /opt/ose-registry

Most likely you need to do: sudo chcon -t svirt_sandbox_file_t
/opt/ose-registry

Andy

On Fri, Jan 29, 2016 at 9:01 AM, Jason DeTiberus 
wrote:

>
> On Jan 29, 2016 8:43 AM, "Florian Daniel Otel" 
> wrote:
> >
> >
> > No worries ;) -- part since  it's my turn to apologise, since I missed
> adding the  "admin" role to the "oepnshift" project.
> >
> > Done that now, and now I get a HTTP 500:
> >
> > [root@osev31-node1 src]#  docker push
> 172.30.38.99:5000/openshift/busybox
> > The push refers to a repository [172.30.38.99:5000/openshift/busybox]
> (len: 1)
> > 964092b7f3e5: Preparing
> > Received unexpected HTTP status: 500 Internal Server Error
> > [root@osev31-node1 src]#
> >
> > Attached are the "oc logs" for the docker registry pods.
> >
> > The weird thing there (at least to me) is:
> >
> > level=error msg="response completed with error" err.code=UNKNOWN
> err.detail="filesystem: mkdir /registry/docker: permission denied"
> >
> > Can this have smth to do with the way I deployed the registry (with the
> "-mount-host=/opt/ose-registry" )  -- see below ? That directory exists,
> but is empty
>
> It sounds like a permissions issue on /opt/ose-registry. Unfortunately I
> do not know what the permissions and/or the SELinux context should be.
>
> >
> > Thanks,
> >
> > Florian
> >
> > On Fri, Jan 29, 2016 at 2:30 PM, Jason DeTiberus 
> wrote:
> >>
> >>
> >> On Jan 29, 2016 8:05 AM, "Florian Daniel Otel" 
> wrote:
> >> >
> >> > I should have mentioned that in my original email, but that's exactly
> the steps I followed.
> >>
> >> My apologies, missed the auth parts mentioned the first read through.
> >>
> >> Just to verify, did you grant reguser admin rights on the openshift
> project?
> >> oadm policy add-role-to-user admin  -n openshift
> >>
> >> As for not seeing any subdirectories under /registry, I believe that is
> to be expected until a Docker push has been done (either by a builder pod
> or by a manual push).
> >>
> >> >
> >> > IOW:  In addition to the stuff below (and prior to all that) I have
> done, as "system:admin" , for user "reguser"
> >> >
> >> > oadm policy add-role-to-user system:registry reguser
> >> > oadm policy add-role-to-user  system:image-builder reguser
> >> >
> >> > Again, following the instructions in the docs all works fine, until I
> try a "docker push"
> >> >
> >> > The only thing that doesn't seem quite right is that listing the
> content of the Docker registry only lists the top directory "/registry",
> but nothing underneath it:
> >> >
> >> > root@osev31-node1 src]# docker ps
> >> > CONTAINER IDIMAGE
>COMMAND  CREATED STATUS
>  PORTS   NAMES
> >> > ea83db288da1
> registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
> "/bin/sh -c 'DOCKER_R"   2 hours ago Up 2 hours
>
>  
> k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
> >> > f383ae8db39fopenshift3/ose-pod:latest
>"/pod"   2 hours ago Up 2 hours
>
>  
> k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
> >> >
> >> >
> >> >
> >> > [root@osev31-node1 src]# docker ps
> >> > CONTAINER IDIMAGE
>COMMAND  CREATED STATUS
>  PORTS   NAMES
> >> > ea83db288da1
> registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
> "/bin/sh -c 'DOCKER_R"   2 hours ago Up 2 hours
>
>  
> k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
> >> > f383ae8db39fopenshift3/ose-pod:latest
>"/pod"   2 hours ago Up 2 hours
>
>  
> k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
> >> > [root@osev31-node1 src]#
> >> >
> >> >
> >> >  () Nothing listed under "/registry" ??
> >> >
> >> >
> >> > [root@osev31-node1 src]# docker exec -it ea83db288da1 find /registry
> >> > /registry
> >> > [root@osev31-node1 src]#
> >> >
> >> >
> >> >
> >> > On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus 
> wrote:
> >> >>
> >> >>
> >> >> On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" <
> florian.o...@gmail.com> wrote:
> >> >> >
> >> >> > Hello all,
> >> >> >
> >> >> > I'm pretty sure it's mostly related to my ignorance, but for some
> reason I'm not able to push to the built-in docker registry after deploying
> it.
> >> >> >
> >> >> >
> >> >> > Deplyoment:
> >> >> >
> >> >> > oadm registry --service-account=registry
> --config=/etc/origin/master/admin.kubeconfig
> --credentials=/etc/origin/master/openshift-registry.kubeconfig
> --images='
> registry.access.redhat.com/openshift3/ose-${component}:${version}
>

Re: Issues with the built-in registry

2016-01-29 Thread Jason DeTiberus

On Jan 29, 2016 8:05 AM, "Florian Daniel Otel" 
wrote:
>
> I should have mentioned that in my original email, but that's exactly the
steps I followed.

My apologies, missed the auth parts mentioned the first read through.

Just to verify, did you grant reguser admin rights on the openshift
project?
oadm policy add-role-to-user admin  -n openshift

As for not seeing any subdirectories under /registry, I believe that is to
be expected until a Docker push has been done (either by a builder pod or
by a manual push).

>
> IOW:  In addition to the stuff below (and prior to all that) I have done,
as "system:admin" , for user "reguser"
>
> oadm policy add-role-to-user system:registry reguser
> oadm policy add-role-to-user  system:image-builder reguser
>
> Again, following the instructions in the docs all works fine, until I try
a "docker push"
>
> The only thing that doesn't seem quite right is that listing the content
of the Docker registry only lists the top directory "/registry", but
nothing underneath it:
>
> root@osev31-node1 src]# docker ps
> CONTAINER IDIMAGE
   COMMAND  CREATED STATUS
 PORTS   NAMES
> ea83db288da1
registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
"/bin/sh -c 'DOCKER_R"   2 hours ago Up 2 hours

 
k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
> f383ae8db39fopenshift3/ose-pod:latest
   "/pod"   2 hours ago Up 2 hours

 
k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
>
>
>
> [root@osev31-node1 src]# docker ps
> CONTAINER IDIMAGE
   COMMAND  CREATED STATUS
 PORTS   NAMES
> ea83db288da1
registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
"/bin/sh -c 'DOCKER_R"   2 hours ago Up 2 hours

 
k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
> f383ae8db39fopenshift3/ose-pod:latest
   "/pod"   2 hours ago Up 2 hours

 
k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
> [root@osev31-node1 src]#
>
>
>  () Nothing listed under "/registry" ??
>
>
> [root@osev31-node1 src]# docker exec -it ea83db288da1 find /registry
> /registry
> [root@osev31-node1 src]#
>
>
>
> On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus 
wrote:
>>
>>
>> On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" 
wrote:
>> >
>> > Hello all,
>> >
>> > I'm pretty sure it's mostly related to my ignorance, but for some
reason I'm not able to push to the built-in docker registry after deploying
it.
>> >
>> >
>> > Deplyoment:
>> >
>> > oadm registry --service-account=registry
--config=/etc/origin/master/admin.kubeconfig
--credentials=/etc/origin/master/openshift-registry.kubeconfig
--images='registry.access.redhat.com/openshift3/ose-${component}:${version}'
--mount-host=/opt/ose-registr
>> >
>> > ### Everything looks ok
>> >
>> > oc describe service docker-registry
>> > Name:   docker-registry
>> > Namespace:  default
>> > Labels: docker-registry=default
>> > Selector:   docker-registry=default
>> > Type:   ClusterIP
>> > IP: 172.30.38.99
>> > Port:   5000-tcp5000/TCP
>> > Endpoints:  10.1.0.138:5000
>> > Session Affinity:   ClientIP
>> > No events.
>> >
>> >
>> >  Adding the right roles to "reguser"
>> >
>> > oadm policy add-role-to-user system:registry reguser
>> >
>> >  Logging in as "reguser" into the registry:
>> >
>> > [root@osev31-node1 src]# oc whoami
>> > reguser
>> >
>> > [root@osev31-node1 src]# oc whoami -t
>> > GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs
>> >
>> > [root@osev31-node1 src]#  docker login -u reguser -e n...@nospam.org
-p GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs 172.30.38.99:5000
>> > WARNING: login credentials saved in /root/.docker/config.json
>> > Login Succeeded
>> >
>> >  Pulling "busybox" & tagging it:
>> >
>> > [root@osev31-node1 src]# docker pull docker.io/busybox
>> > Using default tag: latest
>> > Trying to pull repository docker.io/library/busybox ... latest:
Pulling from library/busybox
>> > 9e77fef7a1c9: Pull complete
>> > 964092b7f3e5: Pull complete
>> > library/busybox:latest: The image you are pulling has been verified.
Important: image verification is a tech preview feature and should not be
relied on to provide security.
>> > Digest:
sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0
>> > Status: Downloaded newer image for docker.io/busybox:latest
>> >
>> > [root@osev31-node1 src]#  docker tag docker.io/busybox
172.30.38.99:5000/openshift/busybox
>> >
>> >
>> >  Pushing fails due to "authentication

Re: Issues with the built-in registry

2016-01-29 Thread Jason DeTiberus

On Jan 29, 2016 8:43 AM, "Florian Daniel Otel" 
wrote:
>
>
> No worries ;) -- part since  it's my turn to apologise, since I missed
adding the  "admin" role to the "oepnshift" project.
>
> Done that now, and now I get a HTTP 500:
>
> [root@osev31-node1 src]#  docker push  172.30.38.99:5000/openshift/busybox
> The push refers to a repository [172.30.38.99:5000/openshift/busybox]
(len: 1)
> 964092b7f3e5: Preparing
> Received unexpected HTTP status: 500 Internal Server Error
> [root@osev31-node1 src]#
>
> Attached are the "oc logs" for the docker registry pods.
>
> The weird thing there (at least to me) is:
>
> level=error msg="response completed with error" err.code=UNKNOWN
err.detail="filesystem: mkdir /registry/docker: permission denied"
>
> Can this have smth to do with the way I deployed the registry (with the
"-mount-host=/opt/ose-registry" )  -- see below ? That directory exists,
but is empty

It sounds like a permissions issue on /opt/ose-registry. Unfortunately I do
not know what the permissions and/or the SELinux context should be.

>
> Thanks,
>
> Florian
>
> On Fri, Jan 29, 2016 at 2:30 PM, Jason DeTiberus 
wrote:
>>
>>
>> On Jan 29, 2016 8:05 AM, "Florian Daniel Otel" 
wrote:
>> >
>> > I should have mentioned that in my original email, but that's exactly
the steps I followed.
>>
>> My apologies, missed the auth parts mentioned the first read through.
>>
>> Just to verify, did you grant reguser admin rights on the openshift
project?
>> oadm policy add-role-to-user admin  -n openshift
>>
>> As for not seeing any subdirectories under /registry, I believe that is
to be expected until a Docker push has been done (either by a builder pod
or by a manual push).
>>
>> >
>> > IOW:  In addition to the stuff below (and prior to all that) I have
done, as "system:admin" , for user "reguser"
>> >
>> > oadm policy add-role-to-user system:registry reguser
>> > oadm policy add-role-to-user  system:image-builder reguser
>> >
>> > Again, following the instructions in the docs all works fine, until I
try a "docker push"
>> >
>> > The only thing that doesn't seem quite right is that listing the
content of the Docker registry only lists the top directory "/registry",
but nothing underneath it:
>> >
>> > root@osev31-node1 src]# docker ps
>> > CONTAINER IDIMAGE
   COMMAND  CREATED STATUS
 PORTS   NAMES
>> > ea83db288da1
registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
"/bin/sh -c 'DOCKER_R"   2 hours ago Up 2 hours

 
k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
>> > f383ae8db39fopenshift3/ose-pod:latest
   "/pod"   2 hours ago Up 2 hours

 
k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
>> >
>> >
>> >
>> > [root@osev31-node1 src]# docker ps
>> > CONTAINER IDIMAGE
   COMMAND  CREATED STATUS
 PORTS   NAMES
>> > ea83db288da1
registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
"/bin/sh -c 'DOCKER_R"   2 hours ago Up 2 hours

 
k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
>> > f383ae8db39fopenshift3/ose-pod:latest
   "/pod"   2 hours ago Up 2 hours

 
k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
>> > [root@osev31-node1 src]#
>> >
>> >
>> >  () Nothing listed under "/registry" ??
>> >
>> >
>> > [root@osev31-node1 src]# docker exec -it ea83db288da1 find /registry
>> > /registry
>> > [root@osev31-node1 src]#
>> >
>> >
>> >
>> > On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus 
wrote:
>> >>
>> >>
>> >> On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" 
wrote:
>> >> >
>> >> > Hello all,
>> >> >
>> >> > I'm pretty sure it's mostly related to my ignorance, but for some
reason I'm not able to push to the built-in docker registry after deploying
it.
>> >> >
>> >> >
>> >> > Deplyoment:
>> >> >
>> >> > oadm registry --service-account=registry
--config=/etc/origin/master/admin.kubeconfig
--credentials=/etc/origin/master/openshift-registry.kubeconfig
--images='registry.access.redhat.com/openshift3/ose-${component}:${version}'
--mount-host=/opt/ose-registr
>> >> >
>> >> > ### Everything looks ok
>> >> >
>> >> > oc describe service docker-registry
>> >> > Name:   docker-registry
>> >> > Namespace:  default
>> >> > Labels: docker-registry=default
>> >> > Selector:   docker-registry=default
>> >> > Type:   ClusterIP
>> >> > IP: 172.30.38.99
>> >> > Port:   5000-tcp5000/TCP
>> >> > Endpoints:

Re: Issues with the built-in registry

2016-01-29 Thread Florian Daniel Otel

I should have mentioned that in my original email, but that's exactly the
steps I followed.

IOW:  In addition to the stuff below (and prior to all that) I have done,
as "system:admin" , for user "reguser"

oadm policy add-role-to-user system:registry reguser
oadm policy add-role-to-user  system:image-builder reguser

Again, following the instructions in the docs all works fine, until I try a
"docker push"

The only thing that doesn't seem quite right is that listing the content of
the Docker registry only lists the top directory "/registry", but nothing
underneath it:

root@osev31-node1 src]# docker ps
CONTAINER IDIMAGE
 COMMAND  CREATED STATUS
   PORTS   NAMES
ea83db288da1
registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
"/bin/sh -c 'DOCKER_R"   2 hours ago Up 2 hours

 
k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
f383ae8db39fopenshift3/ose-pod:latest
 "/pod"   2 hours ago Up 2 hours

 
k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c



[root@osev31-node1 src]# docker ps
CONTAINER IDIMAGE
 COMMAND  CREATED STATUS
   PORTS   NAMES
ea83db288da1
registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
"/bin/sh -c 'DOCKER_R"   2 hours ago Up 2 hours

 
k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
f383ae8db39fopenshift3/ose-pod:latest
 "/pod"   2 hours ago Up 2 hours

 
k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
[root@osev31-node1 src]#


 () Nothing listed under "/registry" ??


[root@osev31-node1 src]# docker exec -it ea83db288da1 find /registry
/registry
[root@osev31-node1 src]#



On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus 
wrote:

>
> On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" 
> wrote:
> >
> > Hello all,
> >
> > I'm pretty sure it's mostly related to my ignorance, but for some reason
> I'm not able to push to the built-in docker registry after deploying it.
> >
> >
> > Deplyoment:
> >
> > oadm registry --service-account=registry
> --config=/etc/origin/master/admin.kubeconfig
> --credentials=/etc/origin/master/openshift-registry.kubeconfig
> --images='
> registry.access.redhat.com/openshift3/ose-${component}:${version}
> '
> --mount-host=/opt/ose-registr
> >
> > ### Everything looks ok
> >
> > oc describe service docker-registry
> > Name:   docker-registry
> > Namespace:  default
> > Labels: docker-registry=default
> > Selector:   docker-registry=default
> > Type:   ClusterIP
> > IP: 172.30.38.99
> > Port:   5000-tcp5000/TCP
> > Endpoints:  10.1.0.138:5000
> > Session Affinity:   ClientIP
> > No events.
> >
> >
> >  Adding the right roles to "reguser"
> >
> > oadm policy add-role-to-user system:registry reguser
> >
> >  Logging in as "reguser" into the registry:
> >
> > [root@osev31-node1 src]# oc whoami
> > reguser
> >
> > [root@osev31-node1 src]# oc whoami -t
> > GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs
> >
> > [root@osev31-node1 src]#  docker login -u reguser -e n...@nospam.org -p
> GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs 172.30.38.99:5000
> > WARNING: login credentials saved in /root/.docker/config.json
> > Login Succeeded
> >
> >  Pulling "busybox" & tagging it:
> >
> > [root@osev31-node1 src]# docker pull docker.io/busybox
> > Using default tag: latest
> > Trying to pull repository docker.io/library/busybox ... latest: Pulling
> from library/busybox
> > 9e77fef7a1c9: Pull complete
> > 964092b7f3e5: Pull complete
> > library/busybox:latest: The image you are pulling has been verified.
> Important: image verification is a tech preview feature and should not be
> relied on to provide security.
> > Digest:
> sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0
> > Status: Downloaded newer image for docker.io/busybox:latest
> >
> > [root@osev31-node1 src]#  docker tag docker.io/busybox
> 172.30.38.99:5000/openshift/busybox
> >
> >
> >  Pushing fails due to "authentication required"
> >
> > [root@osev31-node1 src]#  docker push
> 172.30.38.99:5000/openshift/busybox
> > The push refers to a repository [172.30.38.99:5000/openshift/busybox]
> (len: 1)
> > 964092b7f3e5: Preparing
> > unauthorized: authentication required
> >
> >
> > Any advice on what I'm missing ?
>
> This should be what you are looking for:
> https://docs.openshift.com/enterprise/latest/install_config/install/docker_registry.html#access
>

Re: Issues with the built-in registry

2016-01-29 Thread Jason DeTiberus

On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" 
wrote:
>
> Hello all,
>
> I'm pretty sure it's mostly related to my ignorance, but for some reason
I'm not able to push to the built-in docker registry after deploying it.
>
>
> Deplyoment:
>
> oadm registry --service-account=registry
--config=/etc/origin/master/admin.kubeconfig
--credentials=/etc/origin/master/openshift-registry.kubeconfig
--images='registry.access.redhat.com/openshift3/ose-${component}:${version}'
--mount-host=/opt/ose-registr
>
> ### Everything looks ok
>
> oc describe service docker-registry
> Name:   docker-registry
> Namespace:  default
> Labels: docker-registry=default
> Selector:   docker-registry=default
> Type:   ClusterIP
> IP: 172.30.38.99
> Port:   5000-tcp5000/TCP
> Endpoints:  10.1.0.138:5000
> Session Affinity:   ClientIP
> No events.
>
>
>  Adding the right roles to "reguser"
>
> oadm policy add-role-to-user system:registry reguser
>
>  Logging in as "reguser" into the registry:
>
> [root@osev31-node1 src]# oc whoami
> reguser
>
> [root@osev31-node1 src]# oc whoami -t
> GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs
>
> [root@osev31-node1 src]#  docker login -u reguser -e n...@nospam.org -p
GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs 172.30.38.99:5000
> WARNING: login credentials saved in /root/.docker/config.json
> Login Succeeded
>
>  Pulling "busybox" & tagging it:
>
> [root@osev31-node1 src]# docker pull docker.io/busybox
> Using default tag: latest
> Trying to pull repository docker.io/library/busybox ... latest: Pulling
from library/busybox
> 9e77fef7a1c9: Pull complete
> 964092b7f3e5: Pull complete
> library/busybox:latest: The image you are pulling has been verified.
Important: image verification is a tech preview feature and should not be
relied on to provide security.
> Digest:
sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0
> Status: Downloaded newer image for docker.io/busybox:latest
>
> [root@osev31-node1 src]#  docker tag docker.io/busybox
172.30.38.99:5000/openshift/busybox
>
>
>  Pushing fails due to "authentication required"
>
> [root@osev31-node1 src]#  docker push  172.30.38.99:5000/openshift/busybox
> The push refers to a repository [172.30.38.99:5000/openshift/busybox]
(len: 1)
> 964092b7f3e5: Preparing
> unauthorized: authentication required
>
>
> Any advice on what I'm missing ?

This should be what you are looking for:
https://docs.openshift.com/enterprise/latest/install_config/install/docker_registry.html#access
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Issues with the built-in registry

2016-01-29 Thread Florian Daniel Otel

Hello all,

I'm pretty sure it's mostly related to my ignorance, but for some reason
I'm not able to push to the built-in docker registry after deploying it.


Deplyoment:

oadm registry --service-account=registry
--config=/etc/origin/master/admin.kubeconfig
--credentials=/etc/origin/master/openshift-registry.kubeconfig
--images='registry.access.redhat.com/openshift3/ose-${component}:${version}'
--mount-host=/opt/ose-registr

### Everything looks ok

oc describe service docker-registry
Name:   docker-registry
Namespace:  default
Labels: docker-registry=default
Selector:   docker-registry=default
Type:   ClusterIP
IP: 172.30.38.99
Port:   5000-tcp5000/TCP
Endpoints:  10.1.0.138:5000
Session Affinity:   ClientIP
No events.


 Adding the right roles to "reguser"

oadm policy add-role-to-user system:registry reguser

 Logging in as "reguser" into the registry:

[root@osev31-node1 src]# oc whoami
reguser

[root@osev31-node1 src]# oc whoami -t
GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs

[root@osev31-node1 src]#  docker login -u reguser -e n...@nospam.org -p
GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs 172.30.38.99:5000
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded

 Pulling "busybox" & tagging it:

[root@osev31-node1 src]# docker pull docker.io/busybox
Using default tag: latest
Trying to pull repository docker.io/library/busybox ... latest: Pulling
from library/busybox
9e77fef7a1c9: Pull complete
964092b7f3e5: Pull complete
library/busybox:latest: The image you are pulling has been verified.
Important: image verification is a tech preview feature and should not be
relied on to provide security.
Digest:
sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0
Status: Downloaded newer image for docker.io/busybox:latest

[root@osev31-node1 src]#  docker tag docker.io/busybox
172.30.38.99:5000/openshift/busybox


 Pushing fails due to "authentication required"

[root@osev31-node1 src]#  docker push  172.30.38.99:5000/openshift/busybox
The push refers to a repository [172.30.38.99:5000/openshift/busybox] (len:
1)
964092b7f3e5: Preparing
unauthorized: authentication required


Any advice on what I'm missing ?

Thanks,

/Florian
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Issues with the built-in registry

Re: Issues with the built-in registry

Re: Issues with the built-in registry

Re: Issues with the built-in registry

Re: Issues with the built-in registry

Issues with the built-in registry

6 matches

Site Navigation

Mail list logo

Footer information