[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Using an external registry for the cluster



Hi Adam

 

Yes. I can actually manually pull it from nexus on any openshift node. Because we use an internally signed certificate I was wondering if it might have something to do it with? The node is able to pull because I put the certificates into /etc/pki. Not sure the builder image has that information.

# crictl pull nexus.example.com:8500/openshift/nodejs sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c

W0808 08:53:09.780779   31667 util_unix.go:75] Using "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/crio/crio.sock".

Image is update to date for nexus.example.com:8500/openshift/nodejs sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c

Best

Chris

 

From: Adam Kaplan [mailto:adam kaplan redhat com]
Sent: 13 August 2018 15:29
To: Sandrini, Christian <Christian Sandrini bis org>
Cc: users lists openshift redhat com
Subject: Re: Using an external registry for the cluster

 

Have you pushed the nodejs s2i image to your nexus registry? The ansible playbook does not do this for you.

 

If you haven't done so, you can manually pull the nodejs s2i image from registry.access.redhat.com, then push it to the nexus registry.

 

On Mon, Aug 13, 2018 at 9:16 AM Sandrini, Christian <Christian Sandrini bis org> wrote:

Hi Adam

 

This is the buildconfig

 

# oc get buildconfig test -o yaml

apiVersion: build.openshift.io/v1

kind: BuildConfig

metadata:

  annotations:

    openshift.io/generated-by: OpenShiftWebConsole

  creationTimestamp: 2018-08-10T11:30:11Z

  labels:

    app: test

  name: test

  namespace: test

  resourceVersion: "11651"

  selfLink: /apis/build.openshift.io/v1/namespaces/test/buildconfigs/test

  uid: bdeacbd8-9c90-11e8-9f83-005056b28a97

spec:

  nodeSelector: null

  output:

    to:

      kind: ImageStreamTag

      name: test:latest

  postCommit: {}

  resources: {}

  runPolicy: Serial

  source:

    git:

      ref: master

      uri: ssh://imstfs.bisinfo.org:22/tfs/DevBIS/Linux%20Team/_git/LinuxAPI

    sourceSecret:

      name: tfs

    type: Git

  strategy:

    sourceStrategy:

      from:

        kind: ImageStreamTag

        name: nodejs:8

        namespace: openshift

    type: Source

  triggers:

  - generic:

      secret: 20d714198be8c14a

    type: Generic

  - github:

      secret: 7ee9ecd7d2bf955b

    type: GitHub

  - imageChange:

      lastTriggeredImageID: nexus.bisinfo.org:8500/openshift/nodejs sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c

    type: ImageChange

  - type: ConfigChange

status:

  lastVersion: 4

 

best

Chris

 

From: Adam Kaplan [mailto:adam kaplan redhat com]
Sent: 13 August 2018 15:07
To: Sandrini, Christian <Christian Sandrini bis org>
Cc: users lists openshift redhat com
Subject: Re: Using an external registry for the cluster

 

Hi Chris,

 

I'm with the developer experience team - can you please provide a snippet of the build config that is breaking? We'd like to see which image streams are being used in the build.

 

Thank You,

Adam

 

On Wed, Aug 8, 2018 at 2:58 AM Sandrini, Christian <Christian Sandrini bis org> wrote:

Hi

 

I was wondering if it is supported to use a completely external registry (Nexus) to pull and push images? Ideally I would like to have multiple clusters pointing to the same external registry.

 

I have setup a test cluster “enterprise 3.10.14-1” and specified the following settings in the ansible inventory

 

openshift_hosted_manage_registry=false

oreg_url=nexus.example.com:8500/openshift3/ose-${component}:${version}

openshift_examples_modify_imagestreams=true

 

This seems to work fine for installing the cluster. Next step I tried to create a new app from nodejs which failed as the image streams tried to pull from an internal registry which does not exist

 

NAME             DOCKER REPO                                                 TAGS                         UPDATED

dotnet           docker-registry.default.svc:5000/openshift/dotnet           1.0,1.1,2.0 + 2 more...      17 hours ago

dotnet-runtime   docker-registry.default.svc:5000/openshift/dotnet-runtime   2.0,2.1,latest               17 hours ago

httpd            docker-registry.default.svc:5000/openshift/httpd            latest,2.4                   17 hours ago

 

The master-config.yaml points to the internal registry

 

imagePolicyConfig:

  internalRegistryHostname: docker-registry.default.svc:5000

 

I tried to change that to nexus.example.com:8500 but am getting an error when trying to pull an image

 

# oc logs api-4-build

pulling image error : unknown blob

error: build error: unable to get nexus.example.com:8500/openshift/nodejs sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c

 

Manually pulling from that registry on the node works though

 

# crictl pull nexus.example.com:8500/openshift/nodejs sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c

W0808 08:53:09.780779   31667 util_unix.go:75] Using "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/crio/crio.sock".

Image is update to date for nexus.example.com:8500/openshift/nodejs sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c

 

Any help would be greatly appreciated.

 

Best

Chris

 

 

 

Disclaimer

This e-mail message and any attachments (“message”) may contain confidential, privileged or proprietary information and is intended solely for the use of the named recipient(s). If you are not the intended recipient, you may not disclose, copy, distribute or retain any part of this message. If you have received this message in error, please inform the sender immediately by return e-mail and delete this message from your system. The BIS is not liable for any error in the content of this message and does not represent that it is uncorrupted and/or free of viruses. Views expressed in this message are those of the author and may not reflect those of the BIS.

By exchanging e-mails with the BIS it is understood that the BIS may collect, store and further use e-mail addresses and other personal information which may be provided therein. The BIS will treat such information as confidential.

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


 

--

ADAM KAPLAN

SENIOR SOFTWARE ENGINEER - OPENSHIFT

Red Hat

100 E Davie St Raleigh, NC 27601 USA

adam kaplan redhat com    T: +1-919-754-4843     IM: adambkaplan

 


 

--

ADAM KAPLAN

SENIOR SOFTWARE ENGINEER - OPENSHIFT

Red Hat

100 E Davie St Raleigh, NC 27601 USA

adam kaplan redhat com    T: +1-919-754-4843     IM: adambkaplan

 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]