Re: Can't push to registry after ansible install

More on this - it looks like the faulty certificate only happens when you are using custom certificates (specifying the openshift_master_named_certificate parameter). Without this the registry.crt has the correct host name.

Presumably this is a bug?


On 22/08/2017 17:15, Tim Dudgeon wrote:
Actually I should have looked closer.

The error on EC2 was different:

error: build error: Failed to push image: Get https://docker-registry.default.svc:5000/v1/_ping: x509: certificate is valid for docker-registry-default.router.default.svc.cluster.local,, not docker-registry.default.svc
So it find the registry but the certificate is not correct.

On 22/08/2017 16:24, Cesar Wong wrote:
I saw the same thing on a new cluster. I resolved it manually by:

1) adding ‘search cluster.local’ to the node’s /etc/resolv.conf
2) adding docker-registry.default.svc and docker-registry.default.svc.cluster.local to the docker daemon’s insecure registries

then stopped the node service, restarted docker and started the node service

Maybe #2 is unnecessary once you add the search directive to resolv.conf, but didn’t try.

Scott, it seems the default is now to use the registry host name instead of the numeric service IP. Is there a variable that controls that?

On Aug 22, 2017, at 7:17 AM, Tim Dudgeon <tdudgeon ml gmail com> wrote:

Hi All,

I'm having problems with the ansible installer.
I've created a very simple 1 node cluster using an inventory file like this:


openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/users.htpasswd'}]

MASTER_PRIVATE_FQDN ansible_connection=local
MASTER_PRIVATE_FQDN ansible_connection=local

MASTER_PRIVATE_FQDN openshift_node_labels="{'region': 'infra'}" openshift_schedulable=true ansible_connection=local

The installer seems to run OK and the web console is accessible, but when I try to do a build it fails as it can't push to the docker repo. The end of the log file shows this:

Pushing image docker-registry.default.svc:5000/simple/nodejs-ex:latest ...
Registry server Address:
Registry server User Name: serviceaccount
Registry server Email: serviceaccount example org
Registry server Password: <<non-empty>>
error: build error: Failed to push image: Get https://docker-registry.default.svc:5000/v1/_ping: dial tcp: lookup docker-registry.default.svc on no such host
'oc get all' shows this:

NAME                  DOCKER REPO                                                 TAGS UPDATED is/registry-console docker-registry.default.svc:5000/default/registry-console latest    22 minutes ago

dc/docker-registry    1          1         1         config
dc/registry-console   1          1         1         config
dc/router             1          1         1         config

NAME                    DESIRED   CURRENT   READY     AGE
rc/docker-registry-1    1         1         1         23m
rc/registry-console-1   1         1         1         22m
rc/router-1             1         1         1         25m

NAME HOST/PORT PATH      SERVICES           PORT TERMINATION   WILDCARD routes/docker-registry docker-registry-default.router.default.svc.cluster.local docker-registry    <all>     passthrough   None routes/registry-console registry-console-default.router.default.svc.cluster.local registry-console   <all>     passthrough   None

NAME                   CLUSTER-IP       EXTERNAL-IP PORT(S)                   AGE svc/docker-registry   <none> 5000/TCP                  23m svc/kubernetes       <none> 443/TCP,53/UDP,53/TCP     31m svc/registry-console    <none> 9000/TCP                  22m svc/router      <none> 80/TCP,443/TCP,1936/TCP   25m

NAME                          READY     STATUS    RESTARTS AGE
po/docker-registry-1-wps11    1/1       Running   0 23m
po/registry-console-1-d8ss8   1/1       Running   0 22m
po/router-1-3p2nn             1/1       Running   0 24m
Any ideas what is wrong?


users mailing list
users lists openshift redhat com

