[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: configuring periodic import of images



Right, I get the v1schema vs v2schema issue. What I'm saying is that I've already been able to import the image from the private docker repository into an imagestream:

[root os-master ~]# oc describe is
Name:                   testwebapp
Created:                24 hours ago
Labels:                 <none>
Annotations:            openshift.io/image.dockerRepositoryCheck=2016-08-11T13:02:27Z
Docker Pull Spec:       172.30.11.167:5000/testwebapp/testwebapp

Tag     Spec                                                    Created         PullSpec                                                                Image
latest  docker-lab.example.com:5000/testwebapp:latest *        24 hours ago    docker-lab.example.com:5000/testwebapp sha256:c1c8c6c3e1c672...        <same>

  * tag is scheduled for periodic import
  ! tag is insecure and can be imported over HTTP or self-signed HTTPS


[root os-master ~]# oc describe dc/testwebapp
Name:           testwebapp
Created:        24 hours ago
Labels:         app=testwebapp
Annotations:    openshift.io/generated-by=OpenShiftNewApp
Latest Version: 3
Selector:       app=testwebapp,deploymentconfig=testwebapp
Replicas:       3
Triggers:       Config, Image(testwebapp latest, auto=true)
Strategy:       Rolling
Template:
  Labels:       app=testwebapp,deploymentconfig=testwebapp
  Annotations:  openshift.io/container.testwebapp.image.entrypoint=["/bin/sh","-c","/usr/local/tomcat/bin/startup.sh \u0026\u0026 tail -f /usr/local/tomcat/logs/catalina.out"],openshift.io/generated-by=OpenShiftNewApp
  Containers:
  testwebapp:
    Image:      docker-lab.example.com:5000/testwebapp sha256:c1c8c6c3e1c6729d1366acaf54c9772b4849f35d971e73449cf9044f3af06074
    Port:
    QoS Tier:
      cpu:      BestEffort
      memory:   BestEffort
    Environment Variables:
  No volumes.

Deployment #3 (latest):
        Name:           testwebapp-3
        Created:        18 hours ago
        Status:         Complete
        Replicas:       3 current / 3 desired
        Selector:       app=testwebapp,deployment=testwebapp-3,deploymentconfig=testwebapp
        Labels:         app=testwebapp,openshift.io/deployment-config.name=testwebapp
        Pods Status:    3 Running / 0 Waiting / 0 Succeeded / 0 Failed
Deployment #2:
        Created:        21 hours ago
        Status:         Complete
        Replicas:       0 current / 0 desired
Deployment #1:
        Created:        24 hours ago
        Status:         Complete
        Replicas:       0 current / 0 desired

No events.

All updated images have been pushed to the registry from the same docker client. If the issue was the manifest 2 vs 1 issue wouldn't I have been unable to deploy the app initially as well?

On Fri, Aug 12, 2016 at 9:30 AM, Clayton Coleman <ccoleman redhat com> wrote:
To have openshift import an image's metadata from another registry (which finds the digest ID of the image, so that internally you can trigger deployments that use the latest digest ID), OpenShift needs to be able to get the correct digest ID.  When Docker 1.10+ tries to push an image, it first tries to push as a v2schema, and if that fails pushes as a v1schema.  Because v1schema and v2schema have different digest IDs, when a v2schema is pushed the Docker registry tells OpenShift 1.2 that the digest is the v1schema value, but in reality only the v2schema value can be pulled.  

OpenShift 1.3 adds support for using the newer registry client so that it gets the v2schema value.  We hope to cut an rc very soon, but until then, if you want to have openshift import images by digest (what most of the tools do by default) you need to push your images using Docker 1.9.  If you want to bypass the import by digest, you can use the `--reference` flag which only imports the tag name (but includes none of the metadata):

    oc tag --reference --source=docker SOME_DOCKER_TAG IMAGESTREAM:TAG



On Fri, Aug 12, 2016 at 8:58 AM, Tony Saxon <tony saxon gmail com> wrote:
Ok, so I'm a little confused. If my problem is the manifest schema, I had thought that I already fixed that by downgrading my private registry to an older version that didn't support schema 2 (http://lists.openshift.redhat.com/openshift-archives/users/2016-August/msg00081.html).

Basically I downgraded my registry to version 2.2.1 just so that I could deploy an application from an imagestream that pulled from my private registry. That works successfully.

Does the internal registry that is used by docker support schema 2? If I reconfigure that to be secure and expose it externally and push my images to that will I still run into this problem?

On Thu, Aug 11, 2016 at 9:26 PM, Philippe Lafoucrière <philippe lafoucriere tech-angels.com> wrote:


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]