ls -laZ /opt/ose-registry Most likely you need to do: sudo chcon -t svirt_sandbox_file_t /opt/ose-registry
Andy On Fri, Jan 29, 2016 at 9:01 AM, Jason DeTiberus <[email protected]> wrote: > > On Jan 29, 2016 8:43 AM, "Florian Daniel Otel" <[email protected]> > wrote: > > > > > > No worries ;) -- part since it's my turn to apologise, since I missed > adding the "admin" role to the "oepnshift" project. > > > > Done that now, and now I get a HTTP 500: > > > > [root@osev31-node1 src]# docker push > 172.30.38.99:5000/openshift/busybox > > The push refers to a repository [172.30.38.99:5000/openshift/busybox] > (len: 1) > > 964092b7f3e5: Preparing > > Received unexpected HTTP status: 500 Internal Server Error > > [root@osev31-node1 src]# > > > > Attached are the "oc logs" for the docker registry pods. > > > > The weird thing there (at least to me) is: > > > > level=error msg="response completed with error" err.code=UNKNOWN > err.detail="filesystem: mkdir /registry/docker: permission denied" > > > > Can this have smth to do with the way I deployed the registry (with the > "-mount-host=/opt/ose-registry" ) -- see below ? That directory exists, > but is empty.... > > It sounds like a permissions issue on /opt/ose-registry. Unfortunately I > do not know what the permissions and/or the SELinux context should be. > > > > > Thanks, > > > > Florian > > > > On Fri, Jan 29, 2016 at 2:30 PM, Jason DeTiberus <[email protected]> > wrote: > >> > >> > >> On Jan 29, 2016 8:05 AM, "Florian Daniel Otel" <[email protected]> > wrote: > >> > > >> > I should have mentioned that in my original email, but that's exactly > the steps I followed. > >> > >> My apologies, missed the auth parts mentioned the first read through. > >> > >> Just to verify, did you grant reguser admin rights on the openshift > project? > >> oadm policy add-role-to-user admin <user_name> -n openshift > >> > >> As for not seeing any subdirectories under /registry, I believe that is > to be expected until a Docker push has been done (either by a builder pod > or by a manual push). > >> > >> > > >> > IOW: In addition to the stuff below (and prior to all that) I have > done, as "system:admin" , for user "reguser" > >> > > >> > oadm policy add-role-to-user system:registry reguser > >> > oadm policy add-role-to-user system:image-builder reguser > >> > > >> > Again, following the instructions in the docs all works fine, until I > try a "docker push" > >> > > >> > The only thing that doesn't seem quite right is that listing the > content of the Docker registry only lists the top directory "/registry", > but nothing underneath it: > >> > > >> > root@osev31-node1 src]# docker ps > >> > CONTAINER ID IMAGE > COMMAND CREATED STATUS > PORTS NAMES > >> > ea83db288da1 > registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6 > "/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours > > > k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0 > >> > f383ae8db39f openshift3/ose-pod:latest > "/pod" 2 hours ago Up 2 hours > > > k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c > >> > > >> > > >> > > >> > [root@osev31-node1 src]# docker ps > >> > CONTAINER ID IMAGE > COMMAND CREATED STATUS > PORTS NAMES > >> > ea83db288da1 > registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6 > "/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours > > > k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0 > >> > f383ae8db39f openshift3/ose-pod:latest > "/pod" 2 hours ago Up 2 hours > > > k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c > >> > [root@osev31-node1 src]# > >> > > >> > > >> > #### (????) Nothing listed under "/registry" ?? > >> > > >> > > >> > [root@osev31-node1 src]# docker exec -it ea83db288da1 find /registry > >> > /registry > >> > [root@osev31-node1 src]# > >> > > >> > > >> > > >> > On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus <[email protected]> > wrote: > >> >> > >> >> > >> >> On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" < > [email protected]> wrote: > >> >> > > >> >> > Hello all, > >> >> > > >> >> > I'm pretty sure it's mostly related to my ignorance, but for some > reason I'm not able to push to the built-in docker registry after deploying > it. > >> >> > > >> >> > > >> >> > Deplyoment: > >> >> > > >> >> > oadm registry --service-account=registry > --config=/etc/origin/master/admin.kubeconfig > --credentials=/etc/origin/master/openshift-registry.kubeconfig > --images=' > registry.access.redhat.com/openshift3/ose-${component}:${version} > <http://registry.access.redhat.com/openshift3/ose-$%7Bcomponent%7D:$%7Bversion%7D>' > --mount-host=/opt/ose-registr > >> >> > > >> >> > ### Everything looks ok > >> >> > > >> >> > oc describe service docker-registry > >> >> > Name: docker-registry > >> >> > Namespace: default > >> >> > Labels: docker-registry=default > >> >> > Selector: docker-registry=default > >> >> > Type: ClusterIP > >> >> > IP: 172.30.38.99 > >> >> > Port: 5000-tcp 5000/TCP > >> >> > Endpoints: 10.1.0.138:5000 > >> >> > Session Affinity: ClientIP > >> >> > No events. > >> >> > > >> >> > > >> >> > #### Adding the right roles to "reguser" > >> >> > > >> >> > oadm policy add-role-to-user system:registry reguser > >> >> > > >> >> > #### Logging in as "reguser" into the registry: > >> >> > > >> >> > [root@osev31-node1 src]# oc whoami > >> >> > reguser > >> >> > > >> >> > [root@osev31-node1 src]# oc whoami -t > >> >> > GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs > >> >> > > >> >> > [root@osev31-node1 src]# docker login -u reguser -e > [email protected] -p GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs > 172.30.38.99:5000 > >> >> > WARNING: login credentials saved in /root/.docker/config.json > >> >> > Login Succeeded > >> >> > > >> >> > #### Pulling "busybox" & tagging it: > >> >> > > >> >> > [root@osev31-node1 src]# docker pull docker.io/busybox > >> >> > Using default tag: latest > >> >> > Trying to pull repository docker.io/library/busybox ... latest: > Pulling from library/busybox > >> >> > 9e77fef7a1c9: Pull complete > >> >> > 964092b7f3e5: Pull complete > >> >> > library/busybox:latest: The image you are pulling has been > verified. Important: image verification is a tech preview feature and > should not be relied on to provide security. > >> >> > Digest: > sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0 > >> >> > Status: Downloaded newer image for docker.io/busybox:latest > >> >> > > >> >> > [root@osev31-node1 src]# docker tag docker.io/busybox > 172.30.38.99:5000/openshift/busybox > >> >> > > >> >> > > >> >> > #### Pushing fails due to "authentication required" > >> >> > > >> >> > [root@osev31-node1 src]# docker push > 172.30.38.99:5000/openshift/busybox > >> >> > The push refers to a repository [ > 172.30.38.99:5000/openshift/busybox] (len: 1) > >> >> > 964092b7f3e5: Preparing > >> >> > unauthorized: authentication required > >> >> > > >> >> > > >> >> > Any advice on what I'm missing ? > >> >> > >> >> This should be what you are looking for: > https://docs.openshift.com/enterprise/latest/install_config/install/docker_registry.html#access > >> > > >> > > > > > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
