Something interesting. The buildconfig tries to pull from (…/openshift/nodejs)
nexus.bisinfo.org:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c
This does not exist in nexus
# docker pull nexus.bisinfo.org:8500/openshift/nodejs:latest
Trying to pull repository nexus.bisinfo.org:8500/openshift/nodejs ...
Pulling repository nexus.bisinfo.org:8500/openshift/nodejs
Error: image openshift/nodejs:latest not found
But nexus has the images in /rhcsl/nodejs. This is a snipped from the image
stream nodejs.
8 (latest)
tagged from nexus.bisinfo.org:8500/rhscl/nodejs-8-rhel7:latest
prefer registry pullthrough when referencing this tag
Build and run Node.js 8 applications on RHEL 7. For more information about
using this builder image, including OpenShift considerations, see
https://github.com/sclorg/s2i-nodejs-container.
Tags: builder, nodejs
Example Repo: https://github.com/openshift/nodejs-ex.git
*
nexus.bisinfo.org:8500/rhscl/nodejs-8-rhel7@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c
3 days ago
Best
Chris
From: Ben Parees [mailto:[email protected]]
Sent: 13 August 2018 15:44
To: Sandrini, Christian <[email protected]>
Cc: Adam Kaplan <[email protected]>; [email protected]
Subject: Re: Using an external registry for the cluster
On Mon, Aug 13, 2018 at 9:32 AM, Sandrini, Christian
<[email protected]<mailto:[email protected]>> wrote:
Hi Adam
Yes. I can actually manually pull it from nexus on any openshift node. Because
we use an internally signed certificate I was wondering if it might have
something to do it with?
you'd see an error related to that if that where the issue.
The node is able to pull because I put the certificates into /etc/pki. Not sure
the builder image has that information.
the builds use the host's docker socket to pull images, so if the host can pull
it, the build should be able to.
However the builds use their own credential mechanism for authenticating to do
the pull. Are credentials required to pull the image in question?
# crictl pull
nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c>
W0808 08:53:09.780779 31667 util_unix.go:75] Using "/var/run/crio/crio.sock"
as endpoint is deprecated, please consider using full url format
"unix:///var/run/crio/crio.sock".
Image is update to date for
nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c>
Best
Chris
From: Adam Kaplan [mailto:[email protected]<mailto:[email protected]>]
Sent: 13 August 2018 15:29
To: Sandrini, Christian
<[email protected]<mailto:[email protected]>>
Cc: [email protected]<mailto:[email protected]>
Subject: Re: Using an external registry for the cluster
Have you pushed the nodejs s2i image to your nexus registry? The ansible
playbook does not do this for you.
If you haven't done so, you can manually pull the nodejs s2i image from
registry.access.redhat.com<http://registry.access.redhat.com>, then push it to
the nexus registry.
On Mon, Aug 13, 2018 at 9:16 AM Sandrini, Christian
<[email protected]<mailto:[email protected]>> wrote:
Hi Adam
This is the buildconfig
# oc get buildconfig test -o yaml
apiVersion: build.openshift.io/v1<http://build.openshift.io/v1>
kind: BuildConfig
metadata:
annotations:
openshift.io/generated-by<http://openshift.io/generated-by>:
OpenShiftWebConsole
creationTimestamp: 2018-08-10T11:30:11Z
labels:
app: test
name: test
namespace: test
resourceVersion: "11651"
selfLink:
/apis/build.openshift.io/v1/namespaces/test/buildconfigs/test<http://build.openshift.io/v1/namespaces/test/buildconfigs/test>
uid: bdeacbd8-9c90-11e8-9f83-005056b28a97
spec:
nodeSelector: null
output:
to:
kind: ImageStreamTag
name: test:latest
postCommit: {}
resources: {}
runPolicy: Serial
source:
git:
ref: master
uri:
ssh://imstfs.bisinfo.org:22/tfs/DevBIS/Linux%20Team/_git/LinuxAPI<http://imstfs.bisinfo.org:22/tfs/DevBIS/Linux%20Team/_git/LinuxAPI>
sourceSecret:
name: tfs
type: Git
strategy:
sourceStrategy:
from:
kind: ImageStreamTag
name: nodejs:8
namespace: openshift
type: Source
triggers:
- generic:
secret: 20d714198be8c14a
type: Generic
- github:
secret: 7ee9ecd7d2bf955b
type: GitHub
- imageChange:
lastTriggeredImageID:
nexus.bisinfo.org:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.bisinfo.org:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c>
type: ImageChange
- type: ConfigChange
status:
lastVersion: 4
best
Chris
From: Adam Kaplan [mailto:[email protected]<mailto:[email protected]>]
Sent: 13 August 2018 15:07
To: Sandrini, Christian
<[email protected]<mailto:[email protected]>>
Cc: [email protected]<mailto:[email protected]>
Subject: Re: Using an external registry for the cluster
Hi Chris,
I'm with the developer experience team - can you please provide a snippet of
the build config that is breaking? We'd like to see which image streams are
being used in the build.
Thank You,
Adam
On Wed, Aug 8, 2018 at 2:58 AM Sandrini, Christian
<[email protected]<mailto:[email protected]>> wrote:
Hi
I was wondering if it is supported to use a completely external registry
(Nexus) to pull and push images? Ideally I would like to have multiple clusters
pointing to the same external registry.
I have setup a test cluster “enterprise 3.10.14-1” and specified the following
settings in the ansible inventory
openshift_hosted_manage_registry=false
oreg_url=nexus.example.com:8500/openshift3/ose-${component}:${version}<http://nexus.example.com:8500/openshift3/ose-$%7Bcomponent%7D:$%7Bversion%7D>
openshift_examples_modify_imagestreams=true
This seems to work fine for installing the cluster. Next step I tried to create
a new app from nodejs which failed as the image streams tried to pull from an
internal registry which does not exist
NAME DOCKER REPO
TAGS UPDATED
dotnet docker-registry.default.svc:5000/openshift/dotnet
1.0,1.1,2.0 + 2 more... 17 hours ago
dotnet-runtime docker-registry.default.svc:5000/openshift/dotnet-runtime
2.0,2.1,latest 17 hours ago
httpd docker-registry.default.svc:5000/openshift/httpd
latest,2.4 17 hours ago
The master-config.yaml points to the internal registry
imagePolicyConfig:
internalRegistryHostname: docker-registry.default.svc:5000
I tried to change that to nexus.example.com:8500<http://nexus.example.com:8500>
but am getting an error when trying to pull an image
# oc logs api-4-build
pulling image error : unknown blob
error: build error: unable to get
nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c>
Manually pulling from that registry on the node works though
# crictl pull
nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c>
W0808 08:53:09.780779 31667 util_unix.go:75] Using "/var/run/crio/crio.sock"
as endpoint is deprecated, please consider using full url format
"unix:///var/run/crio/crio.sock".
Image is update to date for
nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c>
Any help would be greatly appreciated.
Best
Chris
Disclaimer
This e-mail message and any attachments (“message”) may contain confidential,
privileged or proprietary information and is intended solely for the use of the
named recipient(s). If you are not the intended recipient, you may not
disclose, copy, distribute or retain any part of this message. If you have
received this message in error, please inform the sender immediately by return
e-mail and delete this message from your system. The BIS is not liable for any
error in the content of this message and does not represent that it is
uncorrupted and/or free of viruses. Views expressed in this message are those
of the author and may not reflect those of the BIS.
By exchanging e-mails with the BIS it is understood that the BIS may collect,
store and further use e-mail addresses and other personal information which may
be provided therein. The BIS will treat such information as confidential.
_______________________________________________
users mailing list
[email protected]<mailto:[email protected]>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
--
ADAM KAPLAN
SENIOR SOFTWARE ENGINEER - OPENSHIFT
Red Hat<https://www.redhat.com/>
100 E Davie St Raleigh, NC 27601 USA
[email protected]<mailto:[email protected]> T: +1-919-754-4843
IM: adambkaplan
[https://www.redhat.com/files/brand/email/sig-redhat.png]<https://red.ht/sig>
--
ADAM KAPLAN
SENIOR SOFTWARE ENGINEER - OPENSHIFT
Red Hat<https://www.redhat.com/>
100 E Davie St Raleigh, NC 27601 USA
[email protected]<mailto:[email protected]> T: +1-919-754-4843
IM: adambkaplan
[https://www.redhat.com/files/brand/email/sig-redhat.png]<https://red.ht/sig>
_______________________________________________
users mailing list
[email protected]<mailto:[email protected]>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
--
Ben Parees | OpenShift
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
