No worries ;) -- part since it's my turn to apologise, since I missed adding the "admin" role to the "oepnshift" project.
Done that now, and now I get a HTTP 500: [root@osev31-node1 src]# docker push 172.30.38.99:5000/openshift/busybox The push refers to a repository [172.30.38.99:5000/openshift/busybox] (len: 1) 964092b7f3e5: Preparing Received unexpected HTTP status: 500 Internal Server Error [root@osev31-node1 src]# Attached are the "oc logs" for the docker registry pods. The weird thing there (at least to me) is: level=error msg="response completed with error" err.code=UNKNOWN err.detail="filesystem: mkdir /registry/docker: permission denied" Can this have smth to do with the way I deployed the registry (with the "-mount-host=/opt/ose-registry" ) -- see below ? That directory exists, but is empty.... Thanks, Florian On Fri, Jan 29, 2016 at 2:30 PM, Jason DeTiberus <[email protected]> wrote: > > On Jan 29, 2016 8:05 AM, "Florian Daniel Otel" <[email protected]> > wrote: > > > > I should have mentioned that in my original email, but that's exactly > the steps I followed. > > My apologies, missed the auth parts mentioned the first read through. > > Just to verify, did you grant reguser admin rights on the openshift > project? > oadm policy add-role-to-user admin <user_name> -n openshift > > As for not seeing any subdirectories under /registry, I believe that is to > be expected until a Docker push has been done (either by a builder pod or > by a manual push). > > > > > IOW: In addition to the stuff below (and prior to all that) I have > done, as "system:admin" , for user "reguser" > > > > oadm policy add-role-to-user system:registry reguser > > oadm policy add-role-to-user system:image-builder reguser > > > > Again, following the instructions in the docs all works fine, until I > try a "docker push" > > > > The only thing that doesn't seem quite right is that listing the content > of the Docker registry only lists the top directory "/registry", but > nothing underneath it: > > > > root@osev31-node1 src]# docker ps > > CONTAINER ID IMAGE > COMMAND CREATED STATUS > PORTS NAMES > > ea83db288da1 > registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6 > "/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours > > > k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0 > > f383ae8db39f openshift3/ose-pod:latest > "/pod" 2 hours ago Up 2 hours > > > k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c > > > > > > > > [root@osev31-node1 src]# docker ps > > CONTAINER ID IMAGE > COMMAND CREATED STATUS > PORTS NAMES > > ea83db288da1 > registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6 > "/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours > > > k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0 > > f383ae8db39f openshift3/ose-pod:latest > "/pod" 2 hours ago Up 2 hours > > > k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c > > [root@osev31-node1 src]# > > > > > > #### (????) Nothing listed under "/registry" ?? > > > > > > [root@osev31-node1 src]# docker exec -it ea83db288da1 find /registry > > /registry > > [root@osev31-node1 src]# > > > > > > > > On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus <[email protected]> > wrote: > >> > >> > >> On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" <[email protected]> > wrote: > >> > > >> > Hello all, > >> > > >> > I'm pretty sure it's mostly related to my ignorance, but for some > reason I'm not able to push to the built-in docker registry after deploying > it. > >> > > >> > > >> > Deplyoment: > >> > > >> > oadm registry --service-account=registry > --config=/etc/origin/master/admin.kubeconfig > --credentials=/etc/origin/master/openshift-registry.kubeconfig > --images=' > registry.access.redhat.com/openshift3/ose-${component}:${version} > <http://registry.access.redhat.com/openshift3/ose-$%7Bcomponent%7D:$%7Bversion%7D>' > --mount-host=/opt/ose-registr > >> > > >> > ### Everything looks ok > >> > > >> > oc describe service docker-registry > >> > Name: docker-registry > >> > Namespace: default > >> > Labels: docker-registry=default > >> > Selector: docker-registry=default > >> > Type: ClusterIP > >> > IP: 172.30.38.99 > >> > Port: 5000-tcp 5000/TCP > >> > Endpoints: 10.1.0.138:5000 > >> > Session Affinity: ClientIP > >> > No events. > >> > > >> > > >> > #### Adding the right roles to "reguser" > >> > > >> > oadm policy add-role-to-user system:registry reguser > >> > > >> > #### Logging in as "reguser" into the registry: > >> > > >> > [root@osev31-node1 src]# oc whoami > >> > reguser > >> > > >> > [root@osev31-node1 src]# oc whoami -t > >> > GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs > >> > > >> > [root@osev31-node1 src]# docker login -u reguser -e [email protected] > -p GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs 172.30.38.99:5000 > >> > WARNING: login credentials saved in /root/.docker/config.json > >> > Login Succeeded > >> > > >> > #### Pulling "busybox" & tagging it: > >> > > >> > [root@osev31-node1 src]# docker pull docker.io/busybox > >> > Using default tag: latest > >> > Trying to pull repository docker.io/library/busybox ... latest: > Pulling from library/busybox > >> > 9e77fef7a1c9: Pull complete > >> > 964092b7f3e5: Pull complete > >> > library/busybox:latest: The image you are pulling has been verified. > Important: image verification is a tech preview feature and should not be > relied on to provide security. > >> > Digest: > sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0 > >> > Status: Downloaded newer image for docker.io/busybox:latest > >> > > >> > [root@osev31-node1 src]# docker tag docker.io/busybox > 172.30.38.99:5000/openshift/busybox > >> > > >> > > >> > #### Pushing fails due to "authentication required" > >> > > >> > [root@osev31-node1 src]# docker push > 172.30.38.99:5000/openshift/busybox > >> > The push refers to a repository [172.30.38.99:5000/openshift/busybox] > (len: 1) > >> > 964092b7f3e5: Preparing > >> > unauthorized: authentication required > >> > > >> > > >> > Any advice on what I'm missing ? > >> > >> This should be what you are looking for: > https://docs.openshift.com/enterprise/latest/install_config/install/docker_registry.html#access > > > > >
docker-registry-error--HTTP-500.log
Description: Binary data
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
