On Jan 29, 2016 8:05 AM, "Florian Daniel Otel" <[email protected]>
wrote:
>
> I should have mentioned that in my original email, but that's exactly the
steps I followed.
My apologies, missed the auth parts mentioned the first read through.
Just to verify, did you grant reguser admin rights on the openshift
project?
oadm policy add-role-to-user admin <user_name> -n openshift
As for not seeing any subdirectories under /registry, I believe that is to
be expected until a Docker push has been done (either by a builder pod or
by a manual push).
>
> IOW: In addition to the stuff below (and prior to all that) I have done,
as "system:admin" , for user "reguser"
>
> oadm policy add-role-to-user system:registry reguser
> oadm policy add-role-to-user system:image-builder reguser
>
> Again, following the instructions in the docs all works fine, until I try
a "docker push"
>
> The only thing that doesn't seem quite right is that listing the content
of the Docker registry only lists the top directory "/registry", but
nothing underneath it:
>
> root@osev31-node1 src]# docker ps
> CONTAINER ID IMAGE
COMMAND CREATED STATUS
PORTS NAMES
> ea83db288da1
registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
"/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours
k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
> f383ae8db39f openshift3/ose-pod:latest
"/pod" 2 hours ago Up 2 hours
k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
>
>
>
> [root@osev31-node1 src]# docker ps
> CONTAINER ID IMAGE
COMMAND CREATED STATUS
PORTS NAMES
> ea83db288da1
registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6
"/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours
k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
> f383ae8db39f openshift3/ose-pod:latest
"/pod" 2 hours ago Up 2 hours
k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
> [root@osev31-node1 src]#
>
>
> #### (????) Nothing listed under "/registry" ??
>
>
> [root@osev31-node1 src]# docker exec -it ea83db288da1 find /registry
> /registry
> [root@osev31-node1 src]#
>
>
>
> On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus <[email protected]>
wrote:
>>
>>
>> On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" <[email protected]>
wrote:
>> >
>> > Hello all,
>> >
>> > I'm pretty sure it's mostly related to my ignorance, but for some
reason I'm not able to push to the built-in docker registry after deploying
it.
>> >
>> >
>> > Deplyoment:
>> >
>> > oadm registry --service-account=registry
--config=/etc/origin/master/admin.kubeconfig
--credentials=/etc/origin/master/openshift-registry.kubeconfig
--images='registry.access.redhat.com/openshift3/ose-${component}:${version}'
--mount-host=/opt/ose-registr
>> >
>> > ### Everything looks ok
>> >
>> > oc describe service docker-registry
>> > Name: docker-registry
>> > Namespace: default
>> > Labels: docker-registry=default
>> > Selector: docker-registry=default
>> > Type: ClusterIP
>> > IP: 172.30.38.99
>> > Port: 5000-tcp 5000/TCP
>> > Endpoints: 10.1.0.138:5000
>> > Session Affinity: ClientIP
>> > No events.
>> >
>> >
>> > #### Adding the right roles to "reguser"
>> >
>> > oadm policy add-role-to-user system:registry reguser
>> >
>> > #### Logging in as "reguser" into the registry:
>> >
>> > [root@osev31-node1 src]# oc whoami
>> > reguser
>> >
>> > [root@osev31-node1 src]# oc whoami -t
>> > GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs
>> >
>> > [root@osev31-node1 src]# docker login -u reguser -e [email protected]
-p GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs 172.30.38.99:5000
>> > WARNING: login credentials saved in /root/.docker/config.json
>> > Login Succeeded
>> >
>> > #### Pulling "busybox" & tagging it:
>> >
>> > [root@osev31-node1 src]# docker pull docker.io/busybox
>> > Using default tag: latest
>> > Trying to pull repository docker.io/library/busybox ... latest:
Pulling from library/busybox
>> > 9e77fef7a1c9: Pull complete
>> > 964092b7f3e5: Pull complete
>> > library/busybox:latest: The image you are pulling has been verified.
Important: image verification is a tech preview feature and should not be
relied on to provide security.
>> > Digest:
sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0
>> > Status: Downloaded newer image for docker.io/busybox:latest
>> >
>> > [root@osev31-node1 src]# docker tag docker.io/busybox
172.30.38.99:5000/openshift/busybox
>> >
>> >
>> > #### Pushing fails due to "authentication required"
>> >
>> > [root@osev31-node1 src]# docker push
172.30.38.99:5000/openshift/busybox
>> > The push refers to a repository [172.30.38.99:5000/openshift/busybox]
(len: 1)
>> > 964092b7f3e5: Preparing
>> > unauthorized: authentication required
>> >
>> >
>> > Any advice on what I'm missing ?
>>
>> This should be what you are looking for:
https://docs.openshift.com/enterprise/latest/install_config/install/docker_registry.html#access
>
>
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
