Hi Scott,The problem is the CA file didn't exist, so it would refuse to pull, it seems a gap in the docker rpm. It blindly creates symlinks to the redhat ca, but doesn't make sure that file actually exists:See here:https://git.centos.org/blob/
rpms!docker.git/ 0ed995e7fde2a28653cee391a37233 e0323e8b61/SPECS!docker.spec# L449To get around this problem I just created an empty file, because I figured the redhat registry would use a valid certificate, which was a correct assumption it seems.This was my solution in ansible:- name: create redhat rhsm directoryfile:path: /etc/rhsm/camode: 0755state: directoryrecurse: yes- name: Create an empty redhat ca filecommand: touch /etc/rhsm/ca/redhat-uep.pemargs:creates: /etc/rhsm/ca/redhat-uep.pemSo, do you think it is better to pull from the fedora registry? Or it doesn't matter. I can pull from the redhat registry fine now.Thanks,JoelOn Tue, Nov 7, 2017 at 1:25 PM Scott Dodson <sdodson redhat com> wrote:Joel,Can you clarify, you're saying even with the CA you referenced you cannot pull the etcd image? I think we've got a gap in that our containerized CI tests happen on a RHEL host which may have additional certificates deployed which allows for pulling that image whereas centos hosts may not be able to. For now you can set osm_etcd_image=registry. fedoraproject.org/f26/etcdto pull from fedora rather than rhel repos. We're going to work on making that the default for origin installs.
Also, the origin 3.6.1 RPMs were tagged into the release repos today so those should soon be available if you prefer RPM based installs.On Mon, Nov 6, 2017 at 7:14 PM, Joel Pearson <japearson agiledigital com au
>wrote:It looks like the docker package was the one to install redhat registry, so I guess the problem lies in there. I guess I'll just make that certificate exist.[root ip-10-2-7-120 ~]# rpm -qf /etc/docker/certs.d/registry. access.redhat.com/redhat-ca. crtdocker-1.12.6-61.git85d7426. el7.centos.x86_64On Tue, Nov 7, 2017 at 11:01 AM Joel Pearson <japearson agiledigital com au > wrote:Hi,I'm trying to install Origin 3.6.1 in AWS, and the containerized version isn't working because the redhat registry isn't setup correctly via the ansible scripts.I'm using the release-3.6 branch: https://github.com/ openshift/openshift-ansible/ tree/release-3.6And latest master of https://github.com/ openshift/openshift-ansible- contrib/tree/master/reference- architecture/aws-ansibleAnd latest Centos 7 (1708_01), which is 7.4.I've noticed it's partially configured the redhat registry, but that certificate is missing, so the etc image doesn't pull down correctly.What did you have to do to enable the redhat registry?I thought openshift-ansible scripts would add the registry automatically, but it's not quite working, there is a bad symlink it seems:[ec2-user ip-10-2-8-9 ~]$ sudo docker pull registry.access.redhat. com/rhel7/etcdUsing default tag: latestTrying to pull repository registry.access. redhat.com/rhel7/etcd...open /etc/docker/certs.d/registry. access.redhat.com/redhat-ca.: no such file or directory crt[ec2-user ip-10-2-8-9 ~]$ ls -la /etc/docker/certs.d/registry. access.redhat.com/redhat-ca. crtlrwxrwxrwx. 1 root root 27 Nov 3 04:43 /etc/docker/certs.d/registry. access.redhat.com/redhat-ca.-> /etc/rhsm/ca/redhat-uep.pem crt[ec2-user ip-10-2-8-9 ~]$Ideas?Strangely the rpm version is failing now when it was working last week too, it fails starting the master apis, I'm thinking maybe Centos 7.4 is not supported or the release-3.6 branch is no longer stable. But I want the containerized version now, so that I can get 3.6.1, as it looks like there are no rpms for 3.6.1 yet.Thanks,-Joel----______________________________ _________________
users mailing list
users lists openshift redhat