Hi Scott, The problem is the CA file didn't exist, so it would refuse to pull, it seems a gap in the docker rpm. It blindly creates symlinks to the redhat ca, but doesn't make sure that file actually exists:
See here: https://git.centos.org/blob/rpms!docker.git/0ed995e7fde2a28653cee391a37233e0323e8b61/SPECS!docker.spec#L449 To get around this problem I just created an empty file, because I figured the redhat registry would use a valid certificate, which was a correct assumption it seems. This was my solution in ansible: - name: create redhat rhsm directory file: path: /etc/rhsm/ca mode: 0755 state: directory recurse: yes - name: Create an empty redhat ca file command: touch /etc/rhsm/ca/redhat-uep.pem args: creates: /etc/rhsm/ca/redhat-uep.pem So, do you think it is better to pull from the fedora registry? Or it doesn't matter. I can pull from the redhat registry fine now. Thanks, Joel On Tue, Nov 7, 2017 at 1:25 PM Scott Dodson <[email protected]> wrote: > Joel, > > Can you clarify, you're saying even with the CA you referenced you cannot > pull the etcd image? I think we've got a gap in that our containerized CI > tests happen on a RHEL host which may have additional certificates deployed > which allows for pulling that image whereas centos hosts may not be able > to. For now you can set osm_etcd_image=registry.fedoraproject.org/f26/etcd > to pull from fedora rather than rhel repos. We're going to work on making > that the default for origin installs. > > Also, the origin 3.6.1 RPMs were tagged into the release repos today so > those should soon be available if you prefer RPM based installs. > > > On Mon, Nov 6, 2017 at 7:14 PM, Joel Pearson < > [email protected]> wrote: > >> It looks like the docker package was the one to install redhat registry, >> so I guess the problem lies in there. I guess I'll just make that >> certificate exist. >> >> [root@ip-10-2-7-120 ~]# rpm -qf /etc/docker/certs.d/ >> registry.access.redhat.com/redhat-ca.crt >> docker-1.12.6-61.git85d7426.el7.centos.x86_64 >> >> >> On Tue, Nov 7, 2017 at 11:01 AM Joel Pearson < >> [email protected]> wrote: >> >>> Hi, >>> >>> I'm trying to install Origin 3.6.1 in AWS, and the containerized version >>> isn't working because the redhat registry isn't setup correctly via the >>> ansible scripts. >>> >>> I'm using the release-3.6 branch: >>> https://github.com/openshift/openshift-ansible/tree/release-3.6 >>> >>> And latest master of >>> https://github.com/openshift/openshift-ansible-contrib/tree/master/reference-architecture/aws-ansible >>> >>> And latest Centos 7 (1708_01), which is 7.4. >>> >>> I've noticed it's partially configured the redhat registry, but that >>> certificate is missing, so the etc image doesn't pull down correctly. >>> >>> What did you have to do to enable the redhat registry? >>> >>> I thought openshift-ansible scripts would add the registry >>> automatically, but it's not quite working, there is a bad symlink it seems: >>> >>> [ec2-user@ip-10-2-8-9 ~]$ sudo docker pull >>> registry.access.redhat.com/rhel7/etcd >>> Using default tag: latest >>> Trying to pull repository registry.access.redhat.com/rhel7/etcd ... >>> open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no >>> such file or directory >>> [ec2-user@ip-10-2-8-9 ~]$ ls -la /etc/docker/certs.d/ >>> registry.access.redhat.com/redhat-ca.crt >>> lrwxrwxrwx. 1 root root 27 Nov 3 04:43 /etc/docker/certs.d/ >>> registry.access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem >>> [ec2-user@ip-10-2-8-9 ~]$ >>> >>> Ideas? >>> >>> Strangely the rpm version is failing now when it was working last week >>> too, it fails starting the master apis, I'm thinking maybe Centos 7.4 is >>> not supported or the release-3.6 branch is no longer stable. But I want >>> the containerized version now, so that I can get 3.6.1, as it looks like >>> there are no rpms for 3.6.1 yet. >>> >>> Thanks, >>> >>> -Joel >>> -- >>> Kind Regards, >>> >>> Joel Pearson >>> Agile Digital | Senior Software Consultant >>> >>> Love Your Software™ | ABN 98 106 361 273 >>> p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au >>> >> -- >> Kind Regards, >> >> Joel Pearson >> Agile Digital | Senior Software Consultant >> >> Love Your Software™ | ABN 98 106 361 273 >> p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
