As it turns out, it was a permissions issues on that directory. A shotgun "chmod a+rwx /opt/ose-registry" did the trick
This for the record / whoever runs into this. Thanks Andy, Jason for the help. On Fri, Jan 29, 2016 at 3:17 PM, Andy Goldstein <[email protected]> wrote: > ls -laZ /opt/ose-registry > > Most likely you need to do: sudo chcon -t svirt_sandbox_file_t > /opt/ose-registry > > Andy > > On Fri, Jan 29, 2016 at 9:01 AM, Jason DeTiberus <[email protected]> > wrote: > >> >> On Jan 29, 2016 8:43 AM, "Florian Daniel Otel" <[email protected]> >> wrote: >> > >> > >> > No worries ;) -- part since it's my turn to apologise, since I missed >> adding the "admin" role to the "oepnshift" project. >> > >> > Done that now, and now I get a HTTP 500: >> > >> > [root@osev31-node1 src]# docker push >> 172.30.38.99:5000/openshift/busybox >> > The push refers to a repository [172.30.38.99:5000/openshift/busybox] >> (len: 1) >> > 964092b7f3e5: Preparing >> > Received unexpected HTTP status: 500 Internal Server Error >> > [root@osev31-node1 src]# >> > >> > Attached are the "oc logs" for the docker registry pods. >> > >> > The weird thing there (at least to me) is: >> > >> > level=error msg="response completed with error" err.code=UNKNOWN >> err.detail="filesystem: mkdir /registry/docker: permission denied" >> > >> > Can this have smth to do with the way I deployed the registry (with the >> "-mount-host=/opt/ose-registry" ) -- see below ? That directory exists, >> but is empty.... >> >> It sounds like a permissions issue on /opt/ose-registry. Unfortunately I >> do not know what the permissions and/or the SELinux context should be. >> >> > >> > Thanks, >> > >> > Florian >> > >> > On Fri, Jan 29, 2016 at 2:30 PM, Jason DeTiberus <[email protected]> >> wrote: >> >> >> >> >> >> On Jan 29, 2016 8:05 AM, "Florian Daniel Otel" <[email protected]> >> wrote: >> >> > >> >> > I should have mentioned that in my original email, but that's >> exactly the steps I followed. >> >> >> >> My apologies, missed the auth parts mentioned the first read through. >> >> >> >> Just to verify, did you grant reguser admin rights on the openshift >> project? >> >> oadm policy add-role-to-user admin <user_name> -n openshift >> >> >> >> As for not seeing any subdirectories under /registry, I believe that >> is to be expected until a Docker push has been done (either by a builder >> pod or by a manual push). >> >> >> >> > >> >> > IOW: In addition to the stuff below (and prior to all that) I have >> done, as "system:admin" , for user "reguser" >> >> > >> >> > oadm policy add-role-to-user system:registry reguser >> >> > oadm policy add-role-to-user system:image-builder reguser >> >> > >> >> > Again, following the instructions in the docs all works fine, until >> I try a "docker push" >> >> > >> >> > The only thing that doesn't seem quite right is that listing the >> content of the Docker registry only lists the top directory "/registry", >> but nothing underneath it: >> >> > >> >> > root@osev31-node1 src]# docker ps >> >> > CONTAINER ID IMAGE >> COMMAND CREATED STATUS >> PORTS NAMES >> >> > ea83db288da1 >> registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6 >> "/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours >> >> >> k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0 >> >> > f383ae8db39f openshift3/ose-pod:latest >> "/pod" 2 hours ago Up 2 >> hours >> >> k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c >> >> > >> >> > >> >> > >> >> > [root@osev31-node1 src]# docker ps >> >> > CONTAINER ID IMAGE >> COMMAND CREATED STATUS >> PORTS NAMES >> >> > ea83db288da1 >> registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6 >> "/bin/sh -c 'DOCKER_R" 2 hours ago Up 2 hours >> >> >> k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0 >> >> > f383ae8db39f openshift3/ose-pod:latest >> "/pod" 2 hours ago Up 2 >> hours >> >> k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c >> >> > [root@osev31-node1 src]# >> >> > >> >> > >> >> > #### (????) Nothing listed under "/registry" ?? >> >> > >> >> > >> >> > [root@osev31-node1 src]# docker exec -it ea83db288da1 find /registry >> >> > /registry >> >> > [root@osev31-node1 src]# >> >> > >> >> > >> >> > >> >> > On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus < >> [email protected]> wrote: >> >> >> >> >> >> >> >> >> On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" < >> [email protected]> wrote: >> >> >> > >> >> >> > Hello all, >> >> >> > >> >> >> > I'm pretty sure it's mostly related to my ignorance, but for some >> reason I'm not able to push to the built-in docker registry after deploying >> it. >> >> >> > >> >> >> > >> >> >> > Deplyoment: >> >> >> > >> >> >> > oadm registry --service-account=registry >> --config=/etc/origin/master/admin.kubeconfig >> --credentials=/etc/origin/master/openshift-registry.kubeconfig >> --images=' >> registry.access.redhat.com/openshift3/ose-${component}:${version} >> <http://registry.access.redhat.com/openshift3/ose-$%7Bcomponent%7D:$%7Bversion%7D>' >> --mount-host=/opt/ose-registr >> >> >> > >> >> >> > ### Everything looks ok >> >> >> > >> >> >> > oc describe service docker-registry >> >> >> > Name: docker-registry >> >> >> > Namespace: default >> >> >> > Labels: docker-registry=default >> >> >> > Selector: docker-registry=default >> >> >> > Type: ClusterIP >> >> >> > IP: 172.30.38.99 >> >> >> > Port: 5000-tcp 5000/TCP >> >> >> > Endpoints: 10.1.0.138:5000 >> >> >> > Session Affinity: ClientIP >> >> >> > No events. >> >> >> > >> >> >> > >> >> >> > #### Adding the right roles to "reguser" >> >> >> > >> >> >> > oadm policy add-role-to-user system:registry reguser >> >> >> > >> >> >> > #### Logging in as "reguser" into the registry: >> >> >> > >> >> >> > [root@osev31-node1 src]# oc whoami >> >> >> > reguser >> >> >> > >> >> >> > [root@osev31-node1 src]# oc whoami -t >> >> >> > GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs >> >> >> > >> >> >> > [root@osev31-node1 src]# docker login -u reguser -e >> [email protected] -p GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs >> 172.30.38.99:5000 >> >> >> > WARNING: login credentials saved in /root/.docker/config.json >> >> >> > Login Succeeded >> >> >> > >> >> >> > #### Pulling "busybox" & tagging it: >> >> >> > >> >> >> > [root@osev31-node1 src]# docker pull docker.io/busybox >> >> >> > Using default tag: latest >> >> >> > Trying to pull repository docker.io/library/busybox ... latest: >> Pulling from library/busybox >> >> >> > 9e77fef7a1c9: Pull complete >> >> >> > 964092b7f3e5: Pull complete >> >> >> > library/busybox:latest: The image you are pulling has been >> verified. Important: image verification is a tech preview feature and >> should not be relied on to provide security. >> >> >> > Digest: >> sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0 >> >> >> > Status: Downloaded newer image for docker.io/busybox:latest >> >> >> > >> >> >> > [root@osev31-node1 src]# docker tag docker.io/busybox >> 172.30.38.99:5000/openshift/busybox >> >> >> > >> >> >> > >> >> >> > #### Pushing fails due to "authentication required" >> >> >> > >> >> >> > [root@osev31-node1 src]# docker push >> 172.30.38.99:5000/openshift/busybox >> >> >> > The push refers to a repository [ >> 172.30.38.99:5000/openshift/busybox] (len: 1) >> >> >> > 964092b7f3e5: Preparing >> >> >> > unauthorized: authentication required >> >> >> > >> >> >> > >> >> >> > Any advice on what I'm missing ? >> >> >> >> >> >> This should be what you are looking for: >> https://docs.openshift.com/enterprise/latest/install_config/install/docker_registry.html#access >> >> > >> >> > >> > >> > >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
