Problem authenticating to private docker registry

Tony Saxon Tue, 09 Aug 2016 07:05:14 -0700

I'm not sure what I'm missing here. I have a private docker registry that
is set up securely and uses authentication. I followed the docs at
https://docs.openshift.org/latest/dev_guide/managing_images.html#using-image-pull-secrets
to create the secret with the username and password to authenticate with
the docker registry. I verified that I can manually login to the docker
registry from the master and the nodes. However, when I go to deploy a new
app based on an image from the docker registry it seem to be failing to
authenticate. The command that I'm running to create the new app:


oc new-app docker-lab.example.net:5000/testwebapp:latest

It creates the imagestream and attempts to deploy the pod. I get the
following in the logs on the pod:

# oc logs testwebapp-1-us1wu
Error from server: container "testwebapp" in pod "testwebapp-1-us1wu" is
waiting to start: image can't be pulled

The logs on the docker registry show:

time="2016-08-09T13:54:45Z" level=warning msg="error authorizing context:
basic authentication challenge for realm \"Registry Realm\": invalid
authorization credential" go.version=go1.6.3 http.request.host="
docker-lab.example.net:5000"
http.request.id=f5aeb8b9-ce4e-41b7-86a8-76e8c520bd22
http.request.method=GET http.request.remoteaddr="192.168.122.158:54436"
http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.4.2
git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux
arch/amd64" instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 version=v2.5.0
192.168.122.158 - - [09/Aug/2016:13:54:45 +0000] "GET /v2/ HTTP/1.1" 401 87
"" "docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported
kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64"
time="2016-08-09T13:54:45Z" level=error msg="response completed with error"
auth.user.name=tsaxon err.code="manifest unknown" err.detail="unknown
manifest name=testwebapp
revision=sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3"
err.message="manifest unknown" go.version=go1.6.3 http.request.host="
docker-lab.example.net:5000"
http.request.id=130a9014-7c19-48f7-bef3-2b8cfe0470a0
http.request.method=GET http.request.remoteaddr="192.168.122.158:54438"
http.request.uri="/v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3"
http.request.useragent="docker/1.10.3 go/go1.4.2
git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux
arch/amd64" http.response.contenttype="application/json; charset=utf-8"
http.response.duration=6.174905ms http.response.status=404
http.response.written=186 instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6
vars.name=testwebapp
vars.reference="sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3"
version=v2.5.0
192.168.122.158 - - [09/Aug/2016:13:54:45 +0000] "GET
/v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3
HTTP/1.1" 404 186 "" "docker/1.10.3 go/go1.4.2
git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux
arch/amd64"
time="2016-08-09T13:54:45Z" level=warning msg="error authorizing context:
basic authentication challenge for realm \"Registry Realm\": invalid
authorization credential" go.version=go1.6.3 http.request.host="
docker-lab.example.net:5000"
http.request.id=0185e07b-f1c1-48e6-91ea-dede2339f087
http.request.method=GET http.request.remoteaddr="192.168.122.158:54440"
http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.4.2
git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux
arch/amd64" instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 version=v2.5.0
192.168.122.158 - - [09/Aug/2016:13:54:45 +0000] "GET /v2/ HTTP/1.1" 401 87
"" "docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported
kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64"
time="2016-08-09T13:54:46Z" level=error msg="response completed with error"
auth.user.name=tsaxon err.code="manifest unknown" err.detail="unknown
manifest name=testwebapp
revision=sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3"
err.message="manifest unknown" go.version=go1.6.3 http.request.host="
docker-lab.example.net:5000"
http.request.id=c1ab0cd7-42ac-4fef-b2c4-0f451976e302
http.request.method=GET http.request.remoteaddr="192.168.122.158:54442"
http.request.uri="/v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3"
http.request.useragent="docker/1.10.3 go/go1.4.2
git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux
arch/amd64" http.response.contenttype="application/json; charset=utf-8"
http.response.duration=6.28913ms http.response.status=404
http.response.written=186 instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6
vars.name=testwebapp
vars.reference="sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3"
version=v2.5.0
192.168.122.158 - - [09/Aug/2016:13:54:46 +0000] "GET
/v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3
HTTP/1.1" 404 186 "" "docker/1.10.3 go/go1.4.2
git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux
arch/amd64"

Here are the service accounts showing that they have the image pull secret
added (docker-lab):

[root@os-master ~]# oc get serviceaccounts
NAME       SECRETS   AGE
builder    3         21h
default    2         21h
deployer   3         21h
[root@os-master ~]# oc describe serviceaccounts default
Name:           default
Namespace:      testwebapp
Labels:         <none>

Image pull secrets:     default-dockercfg-pfota
                        eip-docker
                        docker-lab

Mountable secrets:      default-token-xffu5
                        default-dockercfg-pfota

Tokens:                 default-token-vbcmc
                        default-token-xffu5



[root@os-master ~]# oc describe serviceaccounts builder
Name:           builder
Namespace:      testwebapp
Labels:         <none>

Image pull secrets:     builder-dockercfg-7bjoo
                        docker-lab

Mountable secrets:      builder-token-wf31u
                        builder-dockercfg-7bjoo
                        eip-docker

Tokens:                 builder-token-gi9o9
                        builder-token-wf31u



[root@os-master ~]# oc describe serviceaccounts deployer
Name:           deployer
Namespace:      testwebapp
Labels:         <none>

Image pull secrets:     deployer-dockercfg-lfiuw
                        docker-lab

Mountable secrets:      deployer-token-9euo2
                        deployer-dockercfg-lfiuw
                        eip-docker

Tokens:                 deployer-token-9euo2
                        deployer-token-mq6vw


Not sure what I could be missing.

_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Problem authenticating to private docker registry

Reply via email to