[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Authorisation issue



Hi All

Can anyone help with this?   From a fresh install of open shift enterprise with only a router and registry I’ve attempted to build an image based on a docker file.   The build works but the image can’t be pushed to the repository because there appears to be an authorisation problem.   I am using the AllowAll security. and I have service users for the registry and the router.

oc edit scc priviliged
...
users:
- system:serviceaccount:openshift-infra:build-controller
- system:serviceaccount:default:registry
- system:serviceaccount:default:router

I looks like this issue

https://github.com/openshift/origin/issues/3613

but

[root master ~]# sudo ls -laZ /var/lib/openshift/openshift.local.volumes/
drwxr-x---. root root system_u:object_r:svirt_sandbox_file_t:s0 .
drwxr-xr-x. root root system_u:object_r:openshift_var_lib_t:s0 ..
drwxr-x---. root root system_u:object_r:svirt_sandbox_file_t:s0 plugins
drwxr-x---. root root system_u:object_r:svirt_sandbox_file_t:s0 pods

Here’s what I get:

oc create -f ./java7-base-buildConfig.json

$ oc get pods
NAME                                READY     STATUS         RESTARTS   AGE
sixtree-docker-java7-base-1-build   0/1       ExitCode:255   0          2$1m

Here are the logs from the build:
---------------------------------------------

$ oc logs sixtree-docker-java7-base-1-build

…

Removing intermediate container 5e7c5499b845
Successfully built 04cce34a6768
I0825 23:05:16.345191       1 docker.go:105] Pushing 172.30.187.196:5000/kafka-elastic/sixtree-docker-java7-base:latest image ...
E0825 23:06:18.688196       1 dockerutil.go:50] push for image 172.30.187.196:5000/kafka-elastic/sixtree-docker-java7-base:latest failed, will retry in 10s ...
E0825 23:08:57.310072       1 dockerutil.go:50] push for image 172.30.187.196:5000/kafka-elastic/sixtree-docker-java7-base:latest failed, will retry in 10s ...
F0825 23:12:50.808531       1 builder.go:64] Build error: Failed to push image: Error pushing to registry: Server error: unexpected 400 response status trying to initiate upload of kafka-elastic/sixtree-docker-java7-base

Here are the logs from the registry:
---------------------------------------------

$ oc logs docker-registry-1-259kz

…

time="2015-08-25T23:11:24-04:00" level=info msg="response completed" http.request.host="172.30.187.196:5000" http.request.id=49bfcb6c-8341-4cd9-bea6-ec7a13a60ef3 http.request.method=PUT http.request.remoteaddr="10.1.1.1:59058" http.request.uri="/v2/kafka-elastic/sixtree-docker-java7-base/blobs/uploads/86659720-4a86-4c3e-9c5f-6975fc8fb6fc?_state=bfwh7lQgr_kxASK0brAixitGP_U4YOMxPs6QaF3MgkB7Ik5hbWUiOiJrYWZrYS1lbGFzdGljL3NpeHRyZWUtZG9ja2VyLWphdmE3LWJhc2UiLCJVVUlEIjoiODY2NTk3MjAtNGE4Ni00YzNlLTljNWYtNjk3NWZjOGZiNmZjIiwiT2Zmc2V0IjowLCJTdGFydGVkQXQiOiIyMDE1LTA4LTI2VDAzOjEwOjU4LjI5MDAzMjA4N1oifQ%3D%3D&digest=sha256%3Aa3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4" http.request.useragent="docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64" http.response.duration=26.313875973s http.response.written=0 instance.id=a53483e4-d891-4191-8f60-1dcdf0473192 
10.1.1.1 - - [25/Aug/2015:23:10:58 -0400] "PUT /v2/kafka-elastic/sixtree-docker-java7-base/blobs/uploads/86659720-4a86-4c3e-9c5f-6975fc8fb6fc?_state=bfwh7lQgr_kxASK0brAixitGP_U4YOMxPs6QaF3MgkB7Ik5hbWUiOiJrYWZrYS1lbGFzdGljL3NpeHRyZWUtZG9ja2VyLWphdmE3LWJhc2UiLCJVVUlEIjoiODY2NTk3MjAtNGE4Ni00YzNlLTljNWYtNjk3NWZjOGZiNmZjIiwiT2Zmc2V0IjowLCJTdGFydGVkQXQiOiIyMDE1LTA4LTI2VDAzOjEwOjU4LjI5MDAzMjA4N1oifQ%3D%3D&digest=sha256%3Aa3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1" 201 0 "" "docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64"
time="2015-08-25T23:12:20-04:00" level=debug msg="authorizing request" http.request.host="172.30.187.196:5000" http.request.id=f1da96d2-42d4-49ec-ac7c-3d727aa24cdc http.request.method=POST http.request.remoteaddr="10.1.1.1:59060" http.request.uri="/v2/kafka-elastic/sixtree-docker-java7-base/blobs/uploads/" http.request.useragent="docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64" instance.id=a53483e4-d891-4191-8f60-1dcdf0473192 vars.name="kafka-elastic/sixtree-docker-java7-base" 
time="2015-08-25T23:12:20-04:00" level=debug msg="OpenShift auth: checking for access to repository:kafka-elastic/sixtree-docker-java7-base:pull" 
time="2015-08-25T23:12:50-04:00" level=error msg="OpenShift client error: Post https://master.sixtree.com:8443/oapi/v1/namespaces/kafka-elastic/subjectaccessreviews: dial tcp: i/o timeout" 
time="2015-08-25T23:12:50-04:00" level=error msg="error checking authorization: Post https://master.sixtree.com:8443/oapi/v1/namespaces/kafka-elastic/subjectaccessreviews: dial tcp: i/o timeout" http.request.host="172.30.187.196:5000" http.request.id=f1da96d2-42d4-49ec-ac7c-3d727aa24cdc http.request.method=POST http.request.remoteaddr="10.1.1.1:59060" http.request.uri="/v2/kafka-elastic/sixtree-docker-java7-base/blobs/uploads/" http.request.useragent="docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64" instance.id=a53483e4-d891-4191-8f60-1dcdf0473192 vars.name="kafka-elastic/sixtree-docker-java7-base" 
time="2015-08-25T23:12:50-04:00" level=error msg="error authorizing context: Post https://master.sixtree.com:8443/oapi/v1/namespaces/kafka-elastic/subjectaccessreviews: dial tcp: i/o timeout" http.request.host="172.30.187.196:5000" http.request.id=f1da96d2-42d4-49ec-ac7c-3d727aa24cdc http.request.method=POST http.request.remoteaddr="10.1.1.1:59060" http.request.uri="/v2/kafka-elastic/sixtree-docker-java7-base/blobs/uploads/" http.request.useragent="docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64" instance.id=a53483e4-d891-4191-8f60-1dcdf0473192 vars.name="kafka-elastic/sixtree-docker-java7-base" 
time="2015-08-25T23:12:50-04:00" level=info msg="response completed" http.request.host="172.30.187.196:5000" http.request.id=f1da96d2-42d4-49ec-ac7c-3d727aa24cdc http.request.method=POST http.request.remoteaddr="10.1.1.1:59060" http.request.uri="/v2/kafka-elastic/sixtree-docker-java7-base/blobs/uploads/" http.request.useragent="docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64" http.response.duration=30.002254933s http.response.written=0 instance.id=a53483e4-d891-4191-8f60-1dcdf0473192 
10.1.1.1 - - [25/Aug/2015:23:12:20 -0400] "POST /v2/kafka-elastic/sixtree-docker-java7-base/blobs/uploads/ HTTP/1.1" 400 0 "" "docker/1.7.1 go/go1.4.2 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64”

Thanks and regards
Justin



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]