[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Issues with the built-in registry



I should have mentioned that in my original email, but that's exactly the steps I followed. 

IOW:  In addition to the stuff below (and prior to all that) I have done, as "system:admin" , for user "reguser" 

oadm policy add-role-to-user system:registry reguser 
oadm policy add-role-to-user  system:image-builder reguser

Again, following the instructions in the docs all works fine, until I try a "docker push" 

The only thing that doesn't seem quite right is that listing the content of the Docker registry only lists the top directory "/registry", but nothing underneath it: 

root osev31-node1 src]# docker ps
CONTAINER ID        IMAGE                                                                COMMAND                  CREATED             STATUS              PORTS               NAMES
ea83db288da1        registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6   "/bin/sh -c 'DOCKER_R"   2 hours ago         Up 2 hours                              k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
f383ae8db39f        openshift3/ose-pod:latest                                            "/pod"                   2 hours ago         Up 2 hours                              k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c



[root osev31-node1 src]# docker ps
CONTAINER ID        IMAGE                                                                COMMAND                  CREATED             STATUS              PORTS               NAMES
ea83db288da1        registry.access.redhat.com/openshift3/ose-docker-registry:v3.1.1.6   "/bin/sh -c 'DOCKER_R"   2 hours ago         Up 2 hours                              k8s_registry.f0018725_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_dd13c8d0
f383ae8db39f        openshift3/ose-pod:latest                                            "/pod"                   2 hours ago         Up 2 hours                              k8s_POD.f419fdd1_docker-registry-1-1sfvt_default_691370c8-c673-11e5-bc1c-4201ac10fe14_d21e1b8c
[root osev31-node1 src]#


#### (????) Nothing listed under "/registry" ??


[root osev31-node1 src]# docker exec -it ea83db288da1 find /registry
/registry
[root osev31-node1 src]#



On Fri, Jan 29, 2016 at 1:03 PM, Jason DeTiberus <jdetiber redhat com> wrote:


On Jan 29, 2016 6:07 AM, "Florian Daniel Otel" <florian otel gmail com> wrote:
>
> Hello all, 
>
> I'm pretty sure it's mostly related to my ignorance, but for some reason I'm not able to push to the built-in docker registry after deploying it. 
>
>
> Deplyoment: 
>
> oadm registry --service-account=registry     --config=/etc/origin/master/admin.kubeconfig     --credentials=/etc/origin/master/openshift-registry.kubeconfig     --images='registry.access.redhat.com/openshift3/ose-${component}:${version}'     --mount-host=/opt/ose-registr
>
> ### Everything looks ok
>
> oc describe service docker-registry
> Name:                   docker-registry
> Namespace:              default
> Labels:                 docker-registry=default
> Selector:               docker-registry=default
> Type:                   ClusterIP
> IP:                     172.30.38.99
> Port:                   5000-tcp        5000/TCP
> Endpoints:              10.1.0.138:5000
> Session Affinity:       ClientIP
> No events.
>
>
> #### Adding the right roles to "reguser"
>
> oadm policy add-role-to-user system:registry reguser
>
> #### Logging in as "reguser" into the registry: 
>
> [root osev31-node1 src]# oc whoami
> reguser
>
> [root osev31-node1 src]# oc whoami -t
> GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs
>
> [root osev31-node1 src]#  docker login -u reguser -e none nospam org -p GY_q37YZqjor7rIVPkm4ReBhEX0yV4XQqyWIOzf6ANs 172.30.38.99:5000
> WARNING: login credentials saved in /root/.docker/config.json
> Login Succeeded
>
> #### Pulling "busybox" & tagging it: 
>
> [root osev31-node1 src]# docker pull docker.io/busybox
> Using default tag: latest
> Trying to pull repository docker.io/library/busybox ... latest: Pulling from library/busybox
> 9e77fef7a1c9: Pull complete
> 964092b7f3e5: Pull complete
> library/busybox:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
> Digest: sha256:c1bc9b4bffe665bf014a305cc6cf3bca0e6effeb69d681d7a208ce741dad58e0
> Status: Downloaded newer image for docker.io/busybox:latest
>
> [root osev31-node1 src]#  docker tag docker.io/busybox 172.30.38.99:5000/openshift/busybox
>
>
> #### Pushing fails due to "authentication required" 
>
> [root osev31-node1 src]#  docker push  172.30.38.99:5000/openshift/busybox
> The push refers to a repository [172.30.38.99:5000/openshift/busybox] (len: 1)
> 964092b7f3e5: Preparing
> unauthorized: authentication required
>
>
> Any advice on what I'm missing ?

This should be what you are looking for: https://docs.openshift.com/enterprise/latest/install_config/install/docker_registry.html#access



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]