Ok, thanks for the explanation. I'd just stick with what you have for now. We'll transition origin containerized users to either a fedora or centos etcd image in the near future though.
-- Scott On Mon, Nov 6, 2017 at 9:38 PM, Joel Pearson <[email protected]> wrote: > Hi Scott, > > The problem is the CA file didn't exist, so it would refuse to pull, it > seems a gap in the docker rpm. It blindly creates symlinks to the redhat > ca, but doesn't make sure that file actually exists: > > See here: > https://git.centos.org/blob/rpms!docker.git/0ed995e7fde2a28653cee391a37233 > e0323e8b61/SPECS!docker.spec#L449 > > To get around this problem I just created an empty file, because I figured > the redhat registry would use a valid certificate, which was a correct > assumption it seems. > > This was my solution in ansible: > > - name: create redhat rhsm directory > file: > path: /etc/rhsm/ca > mode: 0755 > state: directory > recurse: yes > > - name: Create an empty redhat ca file > command: touch /etc/rhsm/ca/redhat-uep.pem > args: > creates: /etc/rhsm/ca/redhat-uep.pem > > So, do you think it is better to pull from the fedora registry? Or it > doesn't matter. I can pull from the redhat registry fine now. > > Thanks, > > Joel > > On Tue, Nov 7, 2017 at 1:25 PM Scott Dodson <[email protected]> wrote: > >> Joel, >> >> Can you clarify, you're saying even with the CA you referenced you cannot >> pull the etcd image? I think we've got a gap in that our containerized CI >> tests happen on a RHEL host which may have additional certificates deployed >> which allows for pulling that image whereas centos hosts may not be able >> to. For now you can set osm_etcd_image=registry. >> fedoraproject.org/f26/etcd to pull from fedora rather than rhel repos. >> We're going to work on making that the default for origin installs. >> >> Also, the origin 3.6.1 RPMs were tagged into the release repos today so >> those should soon be available if you prefer RPM based installs. >> >> >> On Mon, Nov 6, 2017 at 7:14 PM, Joel Pearson < >> [email protected]> wrote: >> >>> It looks like the docker package was the one to install redhat registry, >>> so I guess the problem lies in there. I guess I'll just make that >>> certificate exist. >>> >>> [root@ip-10-2-7-120 ~]# rpm -qf /etc/docker/certs.d/registry. >>> access.redhat.com/redhat-ca.crt >>> docker-1.12.6-61.git85d7426.el7.centos.x86_64 >>> >>> >>> On Tue, Nov 7, 2017 at 11:01 AM Joel Pearson < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I'm trying to install Origin 3.6.1 in AWS, and the containerized >>>> version isn't working because the redhat registry isn't setup correctly via >>>> the ansible scripts. >>>> >>>> I'm using the release-3.6 branch: https://github.com/ >>>> openshift/openshift-ansible/tree/release-3.6 >>>> >>>> And latest master of https://github.com/openshift/openshift-ansible- >>>> contrib/tree/master/reference-architecture/aws-ansible >>>> >>>> And latest Centos 7 (1708_01), which is 7.4. >>>> >>>> I've noticed it's partially configured the redhat registry, but that >>>> certificate is missing, so the etc image doesn't pull down correctly. >>>> >>>> What did you have to do to enable the redhat registry? >>>> >>>> I thought openshift-ansible scripts would add the registry >>>> automatically, but it's not quite working, there is a bad symlink it seems: >>>> >>>> [ec2-user@ip-10-2-8-9 ~]$ sudo docker pull registry.access.redhat. >>>> com/rhel7/etcd >>>> Using default tag: latest >>>> Trying to pull repository registry.access.redhat.com/rhel7/etcd ... >>>> open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no >>>> such file or directory >>>> [ec2-user@ip-10-2-8-9 ~]$ ls -la /etc/docker/certs.d/registry. >>>> access.redhat.com/redhat-ca.crt >>>> lrwxrwxrwx. 1 root root 27 Nov 3 04:43 /etc/docker/certs.d/registry. >>>> access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem >>>> [ec2-user@ip-10-2-8-9 ~]$ >>>> >>>> Ideas? >>>> >>>> Strangely the rpm version is failing now when it was working last week >>>> too, it fails starting the master apis, I'm thinking maybe Centos 7.4 is >>>> not supported or the release-3.6 branch is no longer stable. But I want >>>> the containerized version now, so that I can get 3.6.1, as it looks like >>>> there are no rpms for 3.6.1 yet. >>>> >>>> Thanks, >>>> >>>> -Joel >>>> -- >>>> Kind Regards, >>>> >>>> Joel Pearson >>>> Agile Digital | Senior Software Consultant >>>> >>>> Love Your Software™ | ABN 98 106 361 273 >>>> p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au >>>> >>> -- >>> Kind Regards, >>> >>> Joel Pearson >>> Agile Digital | Senior Software Consultant >>> >>> Love Your Software™ | ABN 98 106 361 273 >>> p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >>
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
