[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Problem authenticating to private docker registry



I'm not sure what I'm missing here. I have a private docker registry that is set up securely and uses authentication. I followed the docs at https://docs.openshift.org/latest/dev_guide/managing_images.html#using-image-pull-secrets to create the secret with the username and password to authenticate with the docker registry. I verified that I can manually login to the docker registry from the master and the nodes. However, when I go to deploy a new app based on an image from the docker registry it seem to be failing to authenticate. The command that I'm running to create the new app:

oc new-app docker-lab.example.net:5000/testwebapp:latest

It creates the imagestream and attempts to deploy the pod. I get the following in the logs on the pod:

# oc logs testwebapp-1-us1wu
Error from server: container "testwebapp" in pod "testwebapp-1-us1wu" is waiting to start: image can't be pulled

The logs on the docker registry show:

time="2016-08-09T13:54:45Z" level=warning msg="error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential" go.version=go1.6.3 http.request.host="docker-lab.example.net:5000" http.request.id=f5aeb8b9-ce4e-41b7-86a8-76e8c520bd22 http.request.method=GET http.request.remoteaddr="192.168.122.158:54436" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 version=v2.5.0
192.168.122.158 - - [09/Aug/2016:13:54:45 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64"
time="2016-08-09T13:54:45Z" level=error msg="response completed with error" auth.user.name=tsaxon err.code="manifest unknown" err.detail="unknown manifest name=testwebapp revision=sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" err.message="manifest unknown" go.version=go1.6.3 http.request.host="docker-lab.example.net:5000" http.request.id=130a9014-7c19-48f7-bef3-2b8cfe0470a0 http.request.method=GET http.request.remoteaddr="192.168.122.158:54438" http.request.uri="/v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" http.request.useragent="docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=6.174905ms http.response.status=404 http.response.written=186 instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 vars.name=testwebapp vars.reference="sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" version=v2.5.0
192.168.122.158 - - [09/Aug/2016:13:54:45 +0000] "GET /v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3 HTTP/1.1" 404 186 "" "docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64"
time="2016-08-09T13:54:45Z" level=warning msg="error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential" go.version=go1.6.3 http.request.host="docker-lab.example.net:5000" http.request.id=0185e07b-f1c1-48e6-91ea-dede2339f087 http.request.method=GET http.request.remoteaddr="192.168.122.158:54440" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 version=v2.5.0
192.168.122.158 - - [09/Aug/2016:13:54:45 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64"
time="2016-08-09T13:54:46Z" level=error msg="response completed with error" auth.user.name=tsaxon err.code="manifest unknown" err.detail="unknown manifest name=testwebapp revision=sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" err.message="manifest unknown" go.version=go1.6.3 http.request.host="docker-lab.example.net:5000" http.request.id=c1ab0cd7-42ac-4fef-b2c4-0f451976e302 http.request.method=GET http.request.remoteaddr="192.168.122.158:54442" http.request.uri="/v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" http.request.useragent="docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=6.28913ms http.response.status=404 http.response.written=186 instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 vars.name=testwebapp vars.reference="sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" version=v2.5.0
192.168.122.158 - - [09/Aug/2016:13:54:46 +0000] "GET /v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3 HTTP/1.1" 404 186 "" "docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64"

Here are the service accounts showing that they have the image pull secret added (docker-lab):

[root os-master ~]# oc get serviceaccounts
NAME       SECRETS   AGE
builder    3         21h
default    2         21h
deployer   3         21h
[root os-master ~]# oc describe serviceaccounts default
Name:           default
Namespace:      testwebapp
Labels:         <none>

Image pull secrets:     default-dockercfg-pfota
                        eip-docker
                        docker-lab

Mountable secrets:      default-token-xffu5
                        default-dockercfg-pfota

Tokens:                 default-token-vbcmc
                        default-token-xffu5



[root os-master ~]# oc describe serviceaccounts builder
Name:           builder
Namespace:      testwebapp
Labels:         <none>

Image pull secrets:     builder-dockercfg-7bjoo
                        docker-lab

Mountable secrets:      builder-token-wf31u
                        builder-dockercfg-7bjoo
                        eip-docker

Tokens:                 builder-token-gi9o9
                        builder-token-wf31u



[root os-master ~]# oc describe serviceaccounts deployer
Name:           deployer
Namespace:      testwebapp
Labels:         <none>

Image pull secrets:     deployer-dockercfg-lfiuw
                        docker-lab

Mountable secrets:      deployer-token-9euo2
                        deployer-dockercfg-lfiuw
                        eip-docker

Tokens:                 deployer-token-9euo2
                        deployer-token-mq6vw


Not sure what I could be missing.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]