More on this - it looks like the faulty certificate only happens when
you are using custom certificates (specifying the
openshift_master_named_certificate parameter). Without this the
registry.crt has the correct host name.
Presumably this is a bug?
Tim
On 22/08/2017 17:15, Tim Dudgeon wrote:
Actually I should have looked closer.
The error on EC2 was different:
error: build error: Failed to push image: Get
https://docker-registry.default.svc:5000/v1/_ping: x509: certificate
is valid for
docker-registry-default.router.default.svc.cluster.local,
172.30.224.210, not docker-registry.default.svc
So it find the registry but the certificate is not correct.
On 22/08/2017 16:24, Cesar Wong wrote:
I saw the same thing on a new cluster. I resolved it manually by:
1) adding ‘search cluster.local’ to the node’s /etc/resolv.conf
2) adding docker-registry.default.svc and
docker-registry.default.svc.cluster.local to the docker daemon’s
insecure registries
then stopped the node service, restarted docker and started the node
service
Maybe #2 is unnecessary once you add the search directive to
resolv.conf, but didn’t try.
Scott, it seems the default is now to use the registry host name
instead of the numeric service IP. Is there a variable that controls
that?
On Aug 22, 2017, at 7:17 AM, Tim Dudgeon <tdudgeon...@gmail.com> wrote:
Hi All,
I'm having problems with the ansible installer.
I've created a very simple 1 node cluster using an inventory file
like this:
OSEv3:children]
masters
nodes
[OSEv3:vars]
ansible_ssh_user=root
openshift_deployment_type=origin
openshift_disable_check=docker_storage,memory_availability
openshift_hostname=MASTER_PRIVATE_FQDN
openshift_master_cluster_hostname=MASTER_PRIVATE_FQDN
openshift_master_cluster_public_hostname=MASTER_PUBLIC_FQDN
openshift_master_identity_providers=[{'name': 'htpasswd_auth',
'login': 'true', 'challenge': 'true', 'kind':
'HTPasswdPasswordIdentityProvider', 'filename':
'/etc/origin/master/users.htpasswd'}]
[masters]
MASTER_PRIVATE_FQDN ansible_connection=local
[etcd]
MASTER_PRIVATE_FQDN ansible_connection=local
[nodes]
MASTER_PRIVATE_FQDN openshift_node_labels="{'region': 'infra'}"
openshift_schedulable=true ansible_connection=local
The installer seems to run OK and the web console is accessible, but
when I try to do a build it fails as it can't push to the docker
repo. The end of the log file shows this:
Pushing image
docker-registry.default.svc:5000/simple/nodejs-ex:latest ...
Registry server Address:
Registry server User Name: serviceaccount
Registry server Email: serviceacco...@example.org
Registry server Password: <<non-empty>>
error: build error: Failed to push image: Get
https://docker-registry.default.svc:5000/v1/_ping: dial tcp: lookup
docker-registry.default.svc on 10.1.162.87:53: no such host
'oc get all' shows this:
NAME DOCKER
REPO TAGS UPDATED
is/registry-console
docker-registry.default.svc:5000/default/registry-console latest
22 minutes ago
NAME REVISION DESIRED CURRENT TRIGGERED BY
dc/docker-registry 1 1 1 config
dc/registry-console 1 1 1 config
dc/router 1 1 1 config
NAME DESIRED CURRENT READY AGE
rc/docker-registry-1 1 1 1 23m
rc/registry-console-1 1 1 1 22m
rc/router-1 1 1 1 25m
NAME HOST/PORT PATH SERVICES PORT TERMINATION
WILDCARD
routes/docker-registry
docker-registry-default.router.default.svc.cluster.local
docker-registry <all> passthrough None
routes/registry-console
registry-console-default.router.default.svc.cluster.local
registry-console <all> passthrough None
NAME CLUSTER-IP EXTERNAL-IP
PORT(S) AGE
svc/docker-registry 172.30.157.134 <none>
5000/TCP 23m
svc/kubernetes 172.30.0.1 <none>
443/TCP,53/UDP,53/TCP 31m
svc/registry-console 172.30.175.45 <none>
9000/TCP 22m
svc/router 172.30.208.164 <none>
80/TCP,443/TCP,1936/TCP 25m
NAME READY STATUS RESTARTS AGE
po/docker-registry-1-wps11 1/1 Running 0 23m
po/registry-console-1-d8ss8 1/1 Running 0 22m
po/router-1-3p2nn 1/1 Running 0 24m
Any ideas what is wrong?
Tim
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users