On Jan 29, 2016 8:43 AM, "Florian Daniel Otel" <[email protected]> wrote: > > > No worries ;) -- part since it's my turn to apologise, since I missed adding the "admin" role to the "oepnshift" project. > > Done that now, and now I get a HTTP 500: > > [root@osev31-node1 src]# docker push 172.30.38.99:5000/openshift/busybox > The push refers to a repository [172.30.38.99:5000/openshift/busybox] (len: 1) > 964092b7f3e5: Preparing > Received unexpected HTTP status: 500 Internal Server Error > [root@osev31-node1 src]# > > Attached are the "oc logs" for the docker registry pods. > > The weird thing there (at least to me) is: > > level=error msg="response completed with error" err.code=UNKNOWN err.detail="filesystem: mkdir /registry/docker: permission denied" > > Can this have smth to do with the way I deployed the registry (with the "-mount-host=/opt/ose-registry" ) -- see below ? That directory exists, but is empty....
It sounds like a permissions issue on /opt/ose-registry. Unfortunately I do not know what the permissions and/or the SELinux context should be. > > Thanks, > > Florian > > On Fri, Jan 29, 2016 at 2:30 PM, Jason DeTiberus <[email protected]> wrote: >> >> >> On Jan 29, 2016 8:05 AM, "Florian Daniel Otel" <[email protected]> wrote: >> > >> > I should have mentioned that in my original email, but that's exactly the steps I followed. >> >> My apologies, missed the auth parts mentioned the first read through. >> >> Just to verify, did you grant reguser admin rights on the openshift project? >> oadm policy add-role-to-user admin <user_name> -n openshift >> >> As for not seeing any subdirectories under /registry, I believe that is to be expected until a Docker push has been done (either by a builder pod or by a manual push). >> >> > >> > IOW: In addition to the stuff below (and prior to all that) I have done, as "system:admin" , for user "reguser" >> > >> > oadm policy add-role-to-user system:registry reguser >> > oadm policy add-role-to-user system:image-builder reguser >> > >> > Again, following the instructions in the docs all works fine, until I try a "docker push" >> > >> > The only thing that doesn't seem quite right is that listing the content of the Docker registry only lists the top directory "/registry", but nothing underneath it: >> > >> > root@osev31-node1 src]# docker ps >> > CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES >> > ea83db288da1 registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6 "/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0 >> > f383ae8db39f openshift3/ose-pod:latest "/pod" 2 hours ago Up 2 hours k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c >> > >> > >> > >> > [root@osev31-node1 src]# docker ps >> > CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES >> > ea83db288da1 registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6 "/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0 >> > f383ae8db39f openshift3/ose-pod:latest "/pod" 2 hours ago Up 2 hours k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c >> > [root@osev31-node1 src]# >> > >> > >> > #### (????) Nothing listed under "/registry" ?? >> > >> > >> > [root@osev31-node1 src]# docker exec -it ea83db288da1 find /registry >> > /registry >> > [root@osev31-node1 src]# >> > >> > >> > >> > On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus <[email protected]> wrote: >> >> >> >> >> >> On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" <[email protected]> wrote: >> >> > >> >> > Hello all, >> >> > >> >> > I'm pretty sure it's mostly related to my ignorance, but for some reason I'm not able to push to the built-in docker registry after deploying it. >> >> > >> >> > >> >> > Deplyoment: >> >> > >> >> > oadm registry --service-account=registry --config=/etc/origin/master/admin.kubeconfig --credentials=/etc/origin/master/openshift-registry.kubeconfig --images='registry.access.redhat.com/openshift3/ose-${component}:${version}' --mount-host=/opt/ose-registr >> >> > >> >> > ### Everything looks ok >> >> > >> >> > oc describe service docker-registry >> >> > Name: docker-registry >> >> > Namespace: default >> >> > Labels: docker-registry=default >> >> > Selector: docker-registry=default >> >> > Type: ClusterIP >> >> > IP: 172.30.38.99 >> >> > Port: 5000-tcp 5000/TCP >> >> > Endpoints: 10.1.0.138:5000 >> >> > Session Affinity: ClientIP >> >> > No events. >> >> > >> >> > >> >> > #### Adding the right roles to "reguser" >> >> > >> >> > oadm policy add-role-to-user system:registry reguser >> >> > >> >> > #### Logging in as "reguser" into the registry: >> >> > >> >> > [root@osev31-node1 src]# oc whoami >> >> > reguser >> >> > >> >> > [root@osev31-node1 src]# oc whoami -t >> >> > GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs >> >> > >> >> > [root@osev31-node1 src]# docker login -u reguser -e [email protected] -p GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs 172.30.38.99:5000 >> >> > WARNING: login credentials saved in /root/.docker/config.json >> >> > Login Succeeded >> >> > >> >> > #### Pulling "busybox" & tagging it: >> >> > >> >> > [root@osev31-node1 src]# docker pull docker.io/busybox >> >> > Using default tag: latest >> >> > Trying to pull repository docker.io/library/busybox ... latest: Pulling from library/busybox >> >> > 9e77fef7a1c9: Pull complete >> >> > 964092b7f3e5: Pull complete >> >> > library/busybox:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security. >> >> > Digest: sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0 >> >> > Status: Downloaded newer image for docker.io/busybox:latest >> >> > >> >> > [root@osev31-node1 src]# docker tag docker.io/busybox 172.30.38.99:5000/openshift/busybox >> >> > >> >> > >> >> > #### Pushing fails due to "authentication required" >> >> > >> >> > [root@osev31-node1 src]# docker push 172.30.38.99:5000/openshift/busybox >> >> > The push refers to a repository [172.30.38.99:5000/openshift/busybox] (len: 1) >> >> > 964092b7f3e5: Preparing >> >> > unauthorized: authentication required >> >> > >> >> > >> >> > Any advice on what I'm missing ? >> >> >> >> This should be what you are looking for: https://docs.openshift.com/enterprise/latest/install_config/install/docker_registry.html#access >> > >> > > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
