On Wed, May 11, 2016 at 12:39 PM, David Dimas <[email protected]> wrote:
> Hi, > > I'm doing some integration work with Openshift Origin 1.1.6 and I'm > running across this issue (occurs both with a binary built from source and > using the binary release): > > # oc logs -f dc/docker-registry > > F0509 21:10:07.958966 1 deployer.go:70] couldn't get deployment > default/docker-registry-1: Get > https://172.30.0.1:443/api/v1/namespaces/default/replicationcontrollers/docker-registry-1 > <https://172.30.0.1/api/v1/namespaces/default/replicationcontrollers/docker-registry-1>: > dial tcp172.30.0.1:443: i/o timeout > > Unless I'm misinterpreting something, that's a straight up TCP/IP timeout, > yet when I use curl against this URL I get this: > > #curl > https://172.30.0.1:443/api/v1/namespaces/default/replicationcontrollers/docker-registry-1 > <https://172.30.0.1/api/v1/namespaces/default/replicationcontrollers/docker-registry-1> > { > "kind": "Status", > "apiVersion": "v1", > "metadata": {}, > "status": "Failure", > "message": "User \"system:anonymous\" cannot get replicationcontrollers > in project \"default\"", > "reason": "Forbidden", > "details": { > "name": "docker-registry-1", > "kind": "replicationcontrollers" > }, > "code": 403 > } > > Which I suppose is to be expected since I haven't supplied credentials, > but clearly the service is reachable. > An easy unauth'd health check path is curl REGISTRY:5000/healthz > I've done nothing in this case but set up docker, run the openshift > binary, and attempt to deploy the registry using these commands: > > #oc create serviceaccount registry -n default > #oadm policy add-scc-to-user privileged > system:serviceaccount:default:registry > #oadm registry --service-account=registry \ > --config=openshift.local.config/master/admin.kubeconfig \ > > --credentials=openshift.local.config/master/openshift-registry.kubeconfig \ > --mount-host=/opt/registry > > > The registry command has been simplified so you shouldn't need to create the sa and update policy. You should be able to run oadm registry --mount-host=/opt/registry and be good to go. That will use a service account in the registry pod. You can get logs from the registry pod: oc get pods oc logs <name-of-registry-pod> > Can anyone help me? > > Thanks in advance. > > David > > _______________________________________________ > dev mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
