Re: cluster up - reuse registry address
Digging through the go libraries used for parsing the command options I found that setting the no_proxy variable like this works: -e \"no_proxy=172.17.0.3,172.17.0.4\" It all comes down to https://golang.org/pkg/encoding/csv which is used by the pflag package. On Tue, 9 Aug 2016 at 10:31 PM, Lionel Orellana wrote: > Setting the log level to 4 I found the following > > Starting OpenShift using container 'origin' > > I0809 22:21:26.415373 20151 run.go:143] Creating container named "origin" > > config: > > image: openshift/origin:v1.3.0-alpha.2 > > command: > > start > > > --master-config=/var/lib/origin/openshift.local.config/master/master-config.yaml > > --node-config=/var/lib/origin/openshift.local.config/ > node-poc-docker03.aipo.gov.au/node-config.yaml > > environment: > > http_proxy=http://proxy.aipo.gov.au:3128 > > https_proxy=http://proxy.aipo.gov.au:3128 > >* no_proxy=172.17.0.3* > > *172.17.0.4* > > I've tried different ways of setting multiple ip's in no_proxy but they > always seem to be getting split on the comma. > > -e "no_proxy=172.17.0.3,172.17.0.4" > > -e no_proxy="172.17.0.3\,172.17.0.4" > > -e no_proxy=’172.17.0.3,172.17.0.4’ > -e no_proxy=172.17.0.3,172.17.0.4 > > This might be causing some of my problems. The fact that I can't set more > than one ip address in no_proxy. > > > > > > > > On 9 August 2016 at 11:18, Lionel Orellana wrote: > >> I guess what I need is a way to configure the proxy as per >> https://docs.openshift.org/latest/install_config/http_proxies.html#configuring-hosts-for-proxies >> >> >> On Tue, 9 Aug 2016 at 10:05 AM, Lionel Orellana >> wrote: >> >>> It's been difficult to get a functional poc going with oc cluster up >>> behind a proxy. >>> >>> I need to maintain the registry's address so I can add it to the >>> no_proxy variable of the docker deamon. Clayton's procedure works for >>> reusing the address . I will try --use-existing-config. >>> >>> But I also need to add the registry's internal address (which always >>> seems to be initially set to 172.17.0.4) to the no_proxy variable of the >>> cluster up command itself. Otherwise the health checks try to go through >>> the proxy and fail. >>> >>> When I recreate the registry (in order to set a known service ip) the >>> pod ip changes and the health checks start to fail again. >>> >>> Obviously I am making this harder than it should be. But I just can't >>> get the right combination to run a cluster behind a proxy where I can login >>> to the registry (docker login). Maybe I should have said that's what I'm >>> trying to do from the beginning. >>> >>> Cheers >>> >>> >>> Lionel. >>> >>> On Tue, 9 Aug 2016 at 1:16 AM, Clayton Coleman >>> wrote: >>> Generally deep configuration is not the goal of oc cluster up - that's more the Ansible installs responsibility. oc cluster up is about getting a running cluster up for test / dev as quickly as possible, but we don't want to add fine grained tuning to it. On Mon, Aug 8, 2016 at 10:49 AM, Cesar Wong wrote: > Hi Lionel, > > You can always reuse the same data/config dirs and keep your service > ips: > > oc cluster up --host-data-dir=blah --host-config-dir=blah > --use-existing-config > > On Aug 7, 2016, at 9:17 PM, Lionel Orellana > wrote: > > Thanks Clayton. > > Would be nice to have a way of setting the address when using cluster > up though. > On Mon, 8 Aug 2016 at 11:03 AM, Clayton Coleman > wrote: > >> When you create the registry you can specify the service IP that is >> assigned (as long as another service hasn't claimed it). >> >> $ oadm registry -o yaml > registry.yaml >> $ vi registry.yaml >> # Set the registry service `spec.clusterIP` field to a valid >> service IP (must be within the service CIDR, typically 172.30.0.0/16) >> $ oc create -f registry.yaml >> >> >> On Sun, Aug 7, 2016 at 8:55 PM, Lionel Orellana >> wrote: >> >>> Hi >>> >>> I'm facing a similar problem to this: >>> https://github.com/openshift/origin/issues/7879 >>> >>> Basically I need to configure the NO_PROXY variable of the Docker >>> deamon to include the registry address. Problem is with cluster up I >>> can't >>> control the ip address that will be assigned to the registry. Or at >>> least I >>> can't find a way to do it. Is there an option that I'm not seeing? >>> >>> Thanks >>> >>> Lionel. >>> >>> ___ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >> ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > >
Problem authenticating to private docker registry
I'm not sure what I'm missing here. I have a private docker registry that is set up securely and uses authentication. I followed the docs at https://docs.openshift.org/latest/dev_guide/managing_images.html#using-image-pull-secrets to create the secret with the username and password to authenticate with the docker registry. I verified that I can manually login to the docker registry from the master and the nodes. However, when I go to deploy a new app based on an image from the docker registry it seem to be failing to authenticate. The command that I'm running to create the new app: oc new-app docker-lab.example.net:5000/testwebapp:latest It creates the imagestream and attempts to deploy the pod. I get the following in the logs on the pod: # oc logs testwebapp-1-us1wu Error from server: container "testwebapp" in pod "testwebapp-1-us1wu" is waiting to start: image can't be pulled The logs on the docker registry show: time="2016-08-09T13:54:45Z" level=warning msg="error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential" go.version=go1.6.3 http.request.host=" docker-lab.example.net:5000" http.request.id=f5aeb8b9-ce4e-41b7-86a8-76e8c520bd22 http.request.method=GET http.request.remoteaddr="192.168.122.158:54436" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 version=v2.5.0 192.168.122.158 - - [09/Aug/2016:13:54:45 +] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" time="2016-08-09T13:54:45Z" level=error msg="response completed with error" auth.user.name=tsaxon err.code="manifest unknown" err.detail="unknown manifest name=testwebapp revision=sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" err.message="manifest unknown" go.version=go1.6.3 http.request.host=" docker-lab.example.net:5000" http.request.id=130a9014-7c19-48f7-bef3-2b8cfe0470a0 http.request.method=GET http.request.remoteaddr="192.168.122.158:54438" http.request.uri="/v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" http.request.useragent="docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=6.174905ms http.response.status=404 http.response.written=186 instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 vars.name=testwebapp vars.reference="sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" version=v2.5.0 192.168.122.158 - - [09/Aug/2016:13:54:45 +] "GET /v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3 HTTP/1.1" 404 186 "" "docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" time="2016-08-09T13:54:45Z" level=warning msg="error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential" go.version=go1.6.3 http.request.host=" docker-lab.example.net:5000" http.request.id=0185e07b-f1c1-48e6-91ea-dede2339f087 http.request.method=GET http.request.remoteaddr="192.168.122.158:54440" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 version=v2.5.0 192.168.122.158 - - [09/Aug/2016:13:54:45 +] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" time="2016-08-09T13:54:46Z" level=error msg="response completed with error" auth.user.name=tsaxon err.code="manifest unknown" err.detail="unknown manifest name=testwebapp revision=sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" err.message="manifest unknown" go.version=go1.6.3 http.request.host=" docker-lab.example.net:5000" http.request.id=c1ab0cd7-42ac-4fef-b2c4-0f451976e302 http.request.method=GET http.request.remoteaddr="192.168.122.158:54442" http.request.uri="/v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" http.request.useragent="docker/1.10.3 go/go1.4.2 git-commit/9419b24-unsupported kernel/3.10.0-327.22.2.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=6.28913ms http.response.status=404 http.response.written=186 instance.id=f0d70491-6e34-44eb-a51c-3b13eae8daa6 vars.name=testwebapp vars.reference="sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a5b8a3ed2bf9ec3" version=v2.5.0 192.168.122.158 - - [09/Aug/2016:13:54:46 +] "GET /v2/testwebapp/manifests/sha256:9799a25cd6fd7f7908bad740fc0c85823e38aa22afb22f687a
Re: cluster up - reuse registry address
Setting the log level to 4 I found the following Starting OpenShift using container 'origin' I0809 22:21:26.415373 20151 run.go:143] Creating container named "origin" config: image: openshift/origin:v1.3.0-alpha.2 command: start --master-config=/var/lib/origin/openshift.local.config/maste r/master-config.yaml --node-config=/var/lib/origin/openshift.local.config/node-po c-docker03.aipo.gov.au/node-config.yaml environment: http_proxy=http://proxy.aipo.gov.au:3128 https_proxy=http://proxy.aipo.gov.au:3128 * no_proxy=172.17.0.3* *172.17.0.4* I've tried different ways of setting multiple ip's in no_proxy but they always seem to be getting split on the comma. -e "no_proxy=172.17.0.3,172.17.0.4" -e no_proxy="172.17.0.3\,172.17.0.4" -e no_proxy=’172.17.0.3,172.17.0.4’ -e no_proxy=172.17.0.3,172.17.0.4 This might be causing some of my problems. The fact that I can't set more than one ip address in no_proxy. On 9 August 2016 at 11:18, Lionel Orellana wrote: > I guess what I need is a way to configure the proxy as per > https://docs.openshift.org/latest/install_config/http_ > proxies.html#configuring-hosts-for-proxies > > > On Tue, 9 Aug 2016 at 10:05 AM, Lionel Orellana > wrote: > >> It's been difficult to get a functional poc going with oc cluster up >> behind a proxy. >> >> I need to maintain the registry's address so I can add it to the no_proxy >> variable of the docker deamon. Clayton's procedure works for reusing the >> address . I will try --use-existing-config. >> >> But I also need to add the registry's internal address (which always >> seems to be initially set to 172.17.0.4) to the no_proxy variable of the >> cluster up command itself. Otherwise the health checks try to go through >> the proxy and fail. >> >> When I recreate the registry (in order to set a known service ip) the pod >> ip changes and the health checks start to fail again. >> >> Obviously I am making this harder than it should be. But I just can't get >> the right combination to run a cluster behind a proxy where I can login to >> the registry (docker login). Maybe I should have said that's what I'm >> trying to do from the beginning. >> >> Cheers >> >> >> Lionel. >> >> On Tue, 9 Aug 2016 at 1:16 AM, Clayton Coleman >> wrote: >> >>> Generally deep configuration is not the goal of oc cluster up - that's >>> more the Ansible installs responsibility. oc cluster up is about getting a >>> running cluster up for test / dev as quickly as possible, but we don't want >>> to add fine grained tuning to it. >>> >>> On Mon, Aug 8, 2016 at 10:49 AM, Cesar Wong wrote: >>> Hi Lionel, You can always reuse the same data/config dirs and keep your service ips: oc cluster up --host-data-dir=blah --host-config-dir=blah --use-existing-config On Aug 7, 2016, at 9:17 PM, Lionel Orellana wrote: Thanks Clayton. Would be nice to have a way of setting the address when using cluster up though. On Mon, 8 Aug 2016 at 11:03 AM, Clayton Coleman wrote: > When you create the registry you can specify the service IP that is > assigned (as long as another service hasn't claimed it). > > $ oadm registry -o yaml > registry.yaml > $ vi registry.yaml > # Set the registry service `spec.clusterIP` field to a valid > service IP (must be within the service CIDR, typically 172.30.0.0/16) > $ oc create -f registry.yaml > > > On Sun, Aug 7, 2016 at 8:55 PM, Lionel Orellana > wrote: > >> Hi >> >> I'm facing a similar problem to this: https://github.com/openshift/ >> origin/issues/7879 >> >> Basically I need to configure the NO_PROXY variable of the Docker >> deamon to include the registry address. Problem is with cluster up I >> can't >> control the ip address that will be assigned to the registry. Or at >> least I >> can't find a way to do it. Is there an option that I'm not seeing? >> >> Thanks >> >> Lionel. >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users