date:20160913

Re: Pulling image from Google Cloud Registry failing with 403

2016-09-13 Thread Clayton Coleman

> On Sep 13, 2016, at 1:18 PM, Andre Esser  wrote:
>
> It's Origin 1.2.1.
>
> Interesting entries in the node's /var/log/messages are:
> --->
> docker-current: msg="Handler for GET /images/eu.gcr.io/vb-europe
>  /graylog-stack-deployer:latest/json returned error: No such image:
>  eu.gcr.io/vb-europe/graylog-stack-deployer:latest"
>
> origin-node: Pulling image eu.gcr.io/vb-europe/graylog-stack-
>  deployer:latest without credentials
>
> origin-node: Error syncing pod [..], skipping: failed to
>  "StartContainer" for "deployer" with ErrImagePull: "image pull failed
>  for eu.gcr.io/vb-europe/graylog-stack-deployer:latest,
>  this may be because there are no credentials on this request.
>  details: (Error: Status 403 trying to pull repository
>  vb-europe/graylog-stack-deployer: \"Unable to access the repository:
>  vb-europe/graylog-stack-deployer;
>  please verify that it exists and you have permission to access it (no
>  valid credential was supplied).\")"
>
> docker-current: level=error msg="Handler for GET /images/eu.gcr.io
>  /vb-europe/graylog-stack-deployer:latest/json returned error: No such
>  image: eu.gcr.io/vb-europe/graylog-stack-deployer:latest"
>
> origin-node: Error syncing pod [..], skipping: failed to
>  "StartContainer" for "deployer" with ImagePullBackOff: "Back-off
>  pulling image \"eu.gcr.io/vb-europe/graylog-stack-deployer:latest\""
> <--
>
> 'without credentials' seems to indicate that the google-cloud-registry
> secret isn't used at all?


Yeah.  Can you double check that your created pod and service account
names (and the linked secret names) all line up?

Also, this could be the docker v1 issue where  the credential was
skipped because of a bug in how it handled names.  I'll try to lookup
the issue and see whether we had a recommendation on a fix.


>
> I've double checked that the google-cloud-registry secret exists in projects 
> 'default', 'openshift' and 'logging' ('logging' being the one the pod is 
> being created in).


T


>
>
> Andre
>
>
>
>
>
>
>> On 2016-09-13 16:15, Clayton Coleman wrote:
>> What version of OpenShift?  What you pasted looks correct:
>>
>> 1. Generate secret with the right server name
>> 2. Add pull secret to all of the service accounts that will be pulling
>> the image
>> 3. Launch pod
>>
>> You may want to look at the docker log and verify that what it is trying
>> to pull looks correct.  It's always possible there's a subtle bug though
>> in how this is being checked, so may need to have you turn on debug
>> logging on your node so we can investigate.
>>
>> On Tue, Sep 13, 2016 at 5:57 AM, Andre Esser > > wrote:
>>
>>Hi,
>>
>>I'm trying to pull an image from the Google Cloud Registry from within
>>a pod definition. My JSON file seems to be fine:
>>--->
>>$ docker login -u _json_key -p "$(cat google-cloud-registry.json)" \
>>  https://eu.gcr.io
>>Login Succeeded
>>$ docker pull eu.gcr.io/vb-europe/graylog-stack-deployer:latest
>>
>>latest: Pulling from vb-europe/graylog-stack-deployer
>>[...]
>>Status: Downloaded newer image for
>>eu.gcr.io/vb-europe/graylog-stack-\
>>
>>deployer:latest
>><---
>>
>>I create the corresponding secret with:
>>--->
>>$ oc -n default secrets new-dockercfg google-cloud-registry \
>>  --docker-server=eu.gcr.io 
>>--docker-username=_json_key \
>>  --docker-password="$(cat google-cloud-registry.json)" \
>>  --docker-email="docker-registry-p...@vb-europe.iam.\
>>  gserviceaccount.com "
>>secret/google-cloud-registry
>><---
>>
>>and add it to the service accounts:
>>--->
>>$ oc secrets add serviceaccount/default \
>>  secrets/google-cloud-registry --for=pull
>>$ oc secrets add serviceaccount/builder \
>>  secrets/google-cloud-registry
>><---
>>
>>The corresponding pod definition contains:
>>--->
>>[...]
>>  containers:
>>-
>>  name: "deployer"
>>  image:
>>"eu.gcr.io/vb-europe/graylog-stack-deployer:latest
>>"
>>  imagePullPolicy: "Always"

Re: Pulling image from Google Cloud Registry failing with 403

2016-09-13 Thread Andre Esser


It's Origin 1.2.1.

Interesting entries in the node's /var/log/messages are:
--->
docker-current: msg="Handler for GET /images/eu.gcr.io/vb-europe
  /graylog-stack-deployer:latest/json returned error: No such image:
  eu.gcr.io/vb-europe/graylog-stack-deployer:latest"

origin-node: Pulling image eu.gcr.io/vb-europe/graylog-stack-
  deployer:latest without credentials

origin-node: Error syncing pod [..], skipping: failed to
  "StartContainer" for "deployer" with ErrImagePull: "image pull failed
  for eu.gcr.io/vb-europe/graylog-stack-deployer:latest,
  this may be because there are no credentials on this request.
  details: (Error: Status 403 trying to pull repository
  vb-europe/graylog-stack-deployer: \"Unable to access the repository:
  vb-europe/graylog-stack-deployer;
  please verify that it exists and you have permission to access it (no
  valid credential was supplied).\")"

docker-current: level=error msg="Handler for GET /images/eu.gcr.io
  /vb-europe/graylog-stack-deployer:latest/json returned error: No such
  image: eu.gcr.io/vb-europe/graylog-stack-deployer:latest"

origin-node: Error syncing pod [..], skipping: failed to
  "StartContainer" for "deployer" with ImagePullBackOff: "Back-off
  pulling image \"eu.gcr.io/vb-europe/graylog-stack-deployer:latest\""
<--

'without credentials' seems to indicate that the google-cloud-registry
secret isn't used at all?

I've double checked that the google-cloud-registry secret exists in 
projects 'default', 'openshift' and 'logging' ('logging' being the one 
the pod is being created in).



Andre






On 2016-09-13 16:15, Clayton Coleman wrote:

What version of OpenShift?  What you pasted looks correct:

1. Generate secret with the right server name
2. Add pull secret to all of the service accounts that will be pulling
the image
3. Launch pod

You may want to look at the docker log and verify that what it is trying
to pull looks correct.  It's always possible there's a subtle bug though
in how this is being checked, so may need to have you turn on debug
logging on your node so we can investigate.

On Tue, Sep 13, 2016 at 5:57 AM, Andre Esser > wrote:

Hi,

I'm trying to pull an image from the Google Cloud Registry from within
a pod definition. My JSON file seems to be fine:
--->
$ docker login -u _json_key -p "$(cat google-cloud-registry.json)" \
  https://eu.gcr.io
Login Succeeded
$ docker pull eu.gcr.io/vb-europe/graylog-stack-deployer:latest

latest: Pulling from vb-europe/graylog-stack-deployer
[...]
Status: Downloaded newer image for
eu.gcr.io/vb-europe/graylog-stack-\

deployer:latest
<---

I create the corresponding secret with:
--->
$ oc -n default secrets new-dockercfg google-cloud-registry \
  --docker-server=eu.gcr.io 
--docker-username=_json_key \
  --docker-password="$(cat google-cloud-registry.json)" \
  --docker-email="docker-registry-p...@vb-europe.iam.\
  gserviceaccount.com "
secret/google-cloud-registry
<---

and add it to the service accounts:
--->
$ oc secrets add serviceaccount/default \
  secrets/google-cloud-registry --for=pull
$ oc secrets add serviceaccount/builder \
  secrets/google-cloud-registry
<---

The corresponding pod definition contains:
--->
[...]
  containers:
-
  name: "deployer"
  image:
"eu.gcr.io/vb-europe/graylog-stack-deployer:latest
"
  imagePullPolicy: "Always"
  env:
[...]
<---

However when I try to create the container I get:
--->
Failed to pull image "eu.gcr.io/vb-europe/graylog-stack-

deployer:latest": image pull failed for eu.gcr.io/vb-europe/graylog-

stack-deployer:latest, this may be because there are no credentials on
this request. details: (Error: Status 403 trying to pull

Capacity Planning

2016-09-13 Thread Peter Blinstrubas

The capacity planning guide (
https://www.openshift.com/sites/default/files/file_downloads/ose-scale-master_0.pdf)
for openshift contains two tables depicting the CPUs required for a highly
scalable topology.

Are the CPU and RAM values in each row per node or do they cover the
associated quantity?


[image: Inline image 2]




[image: Inline image 1]

Thanks!
Peter
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Expose port range to containers and services

2016-09-13 Thread Robson Ramos Barreto

Hello Guys

I'm trying create a FTP container in openshift and it need an open port
range to passive mode connections so I would like to know if Is there any
way to set up port range to Pods and Services ?

I know that if I specify one port each in openshift it's possible

In docker I'm able to do like:

$ docker run -d --name ose-ftp -p 21:21 -p 3-30100:3-30100 ose-ftp

In Dockerfile I have:

$ grep EXP Dockerfile
EXPOSE 21 3-30100

I tried something like in openshift template:

pod.json
...
  "spec": {
"containers": [
  {
"ports": [
  {
"containerPort": 21,
"protocol": "TCP"
  },
"ports": [
  {
"containerPort": "3-30100",
"protocol": "TCP"
  }
...

$ oc create -f pod.json
unable to decode "pod.json": [pos 440]: json: expect char ',' but got char
'-'

I tried with colon instead of dash ("containerPort": "3:30100",) but
same error

And after that, I'll need to configure the port range in service template
too

Thank you
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Pulling image from Google Cloud Registry failing with 403

2016-09-13 Thread Clayton Coleman

What version of OpenShift?  What you pasted looks correct:

1. Generate secret with the right server name
2. Add pull secret to all of the service accounts that will be pulling the
image
3. Launch pod

You may want to look at the docker log and verify that what it is trying to
pull looks correct.  It's always possible there's a subtle bug though in
how this is being checked, so may need to have you turn on debug logging on
your node so we can investigate.

On Tue, Sep 13, 2016 at 5:57 AM, Andre Esser 
wrote:

> Hi,
>
> I'm trying to pull an image from the Google Cloud Registry from within
> a pod definition. My JSON file seems to be fine:
> --->
> $ docker login -u _json_key -p "$(cat google-cloud-registry.json)" \
>   https://eu.gcr.io
> Login Succeeded
> $ docker pull eu.gcr.io/vb-europe/graylog-stack-deployer:latest
> latest: Pulling from vb-europe/graylog-stack-deployer
> [...]
> Status: Downloaded newer image for eu.gcr.io/vb-europe/graylog-stack-\
> 
> deployer:latest
> <---
>
> I create the corresponding secret with:
> --->
> $ oc -n default secrets new-dockercfg google-cloud-registry \
>   --docker-server=eu.gcr.io --docker-username=_json_key \
>   --docker-password="$(cat google-cloud-registry.json)" \
>   --docker-email="docker-registry-p...@vb-europe.iam.\
>   gserviceaccount.com"
> secret/google-cloud-registry
> <---
>
> and add it to the service accounts:
> --->
> $ oc secrets add serviceaccount/default \
>   secrets/google-cloud-registry --for=pull
> $ oc secrets add serviceaccount/builder \
>   secrets/google-cloud-registry
> <---
>
> The corresponding pod definition contains:
> --->
> [...]
>   containers:
> -
>   name: "deployer"
>   image: "eu.gcr.io/vb-europe/graylog-stack-deployer:latest"
>   imagePullPolicy: "Always"
>   env:
> [...]
> <---
>
> However when I try to create the container I get:
> --->
> Failed to pull image "eu.gcr.io/vb-europe/graylog-stack-
> deployer:latest": image pull failed for eu.gcr.io/vb-europe/graylog-
> stack-deployer:latest, this may be because there are no credentials on
> this request. details: (Error: Status 403 trying to pull repository
> vb-europe/graylog-stack-deployer: "Unable to access the repository:
> vb-europe/graylog-stack-deployer; please verify that it exists and you
> have permission to access it (no valid credential was supplied).")
> <--
>
> What am I missing?
>
>
> Cheers,
>
> Andre
> --
> Andre Esser, IT Manager
> Voidbridge Software Ltd
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Using OpenShift registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2-12 image

2016-09-13 Thread Skarbek, John

Den,


--
John Skarbek


On September 13, 2016 at 07:03:18, Den Cowboy 
(dencow...@hotmail.com) wrote:

Hi


We are using the image:

registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2-12

inside our OpenShift environment to deploy some .WARS.

Now we need to edit the dockerfile because one of our WARS expects another 
encoding than UTF-8.

How can I check which is the default encoding inside my container? Where is it 
stored?

Usually you can find this info by running the command `locale -a`.  If it's run 
without any arguments you can see what it is set to by default.

I don't see it as an environment variable. I only saw:

CATALINA_OPTS=-Djava.security.egd=file:/dev/./urandom

Which is an unreadable file for me.

This is to be expected.  This option is to assist java's random number 
generator.  This file produces random numbers.



Thanks

___
users mailing list
users@lists.openshift.redhat.com
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users=DQICAg=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74=SAviYYOT6WnGUbofBTSQRI7wPBtjh7SOItuO78x_5Yg=LxFWuaQa_OCoSGwrtiL_242PHibI2BMk7hZaVyqvNeQ=
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Pulling image from Google Cloud Registry failing with 403

2016-09-13 Thread Andre Esser


Hi,

I'm trying to pull an image from the Google Cloud Registry from within
a pod definition. My JSON file seems to be fine:
--->
$ docker login -u _json_key -p "$(cat google-cloud-registry.json)" \
  https://eu.gcr.io
Login Succeeded
$ docker pull eu.gcr.io/vb-europe/graylog-stack-deployer:latest
latest: Pulling from vb-europe/graylog-stack-deployer
[...]
Status: Downloaded newer image for eu.gcr.io/vb-europe/graylog-stack-\
deployer:latest
<---

I create the corresponding secret with:
--->
$ oc -n default secrets new-dockercfg google-cloud-registry \
  --docker-server=eu.gcr.io --docker-username=_json_key \
  --docker-password="$(cat google-cloud-registry.json)" \
  --docker-email="docker-registry-p...@vb-europe.iam.\
  gserviceaccount.com"
secret/google-cloud-registry
<---

and add it to the service accounts:
--->
$ oc secrets add serviceaccount/default \
  secrets/google-cloud-registry --for=pull
$ oc secrets add serviceaccount/builder \
  secrets/google-cloud-registry
<---

The corresponding pod definition contains:
--->
[...]
  containers:
-
  name: "deployer"
  image: "eu.gcr.io/vb-europe/graylog-stack-deployer:latest"
  imagePullPolicy: "Always"
  env:
[...]
<---

However when I try to create the container I get:
--->
Failed to pull image "eu.gcr.io/vb-europe/graylog-stack-
deployer:latest": image pull failed for eu.gcr.io/vb-europe/graylog-
stack-deployer:latest, this may be because there are no credentials on
this request. details: (Error: Status 403 trying to pull repository
vb-europe/graylog-stack-deployer: "Unable to access the repository:
vb-europe/graylog-stack-deployer; please verify that it exists and you
have permission to access it (no valid credential was supplied).")
<--

What am I missing?


Cheers,

Andre
--
Andre Esser, IT Manager
Voidbridge Software Ltd

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: few basic questions about S2I and docker run

2016-09-13 Thread Ben Parees

On Tue, Sep 13, 2016 at 1:35 AM, Ravi Kapoor 
wrote:

> Hi Ben,
>
> I am finally able to run my nodejs code on openshift with both approaches
> (volume mount as well as S2I)
> I was also able to resolve most of other issues I mentioned and was able
> to run JEE application as well.
>
> Thanks a lot for helping me through all the silly questions.
> Good news is that now my company will be using openshift to manage our
> dockers/deployments.
>

cool!  glad we were able to get you going.




>
> regards
>
>
> On Sat, Sep 10, 2016 at 8:23 AM, Ben Parees  wrote:
>
>> you can define a command on the container within the pod:
>> http://kubernetes.io/docs/user-guide/configuring-containers/
>> #launching-a-container-using-a-configuration-file
>>
>>
>> On Fri, Sep 9, 2016 at 5:21 PM, Ravi  wrote:
>>
>>>
>>> Thank you for this help.
>>>
>>> I was trying nginx because after invoking container, I do not have to
>>> run a command. For java or node, after the container is run I will need to
>>> run a command e.g.
>>>
>>> java -jar myapp.jar
>>> OR
>>> node server.js
>>>
>>> Can you guide me how to add this to the json file or point me to
>>> documentation so I can try this?
>>>
>>> thanks so much
>>>
>>>
>>> On 9/8/2016 6:56 PM, Ben Parees wrote:
>>>
 Downloads$ oc get pods
 NAME READY STATUSRESTARTS   AGE
 nginx-1-deploy   1/1   Running   0  14s
 nginx-1-rmfl90/1   Error 0  11s

 Downloads$ oc logs nginx-1-rmfl9
 2016/09/09 01:54:21 [warn] 1#1: the "user" directive makes sense only if
 the master process runs with super-user privileges, ignored in
 /etc/nginx/nginx.conf:2
 nginx: [warn] the "user" directive makes sense only if the master
 process runs with super-user privileges, ignored in
 /etc/nginx/nginx.conf:2
 2016/09/09 01:54:21 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp"
 failed (13: Permission denied)
 nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13:
 Permission denied)


 the nginx image probably only works when run as root or as some other
 specific user.  when images are run in openshift, by default they are
 assigned a random uid for security purposes.  that can cause issues with
 images that expect to run as a specific user.  please see our
 documentation:

 https://docs.openshift.org/latest/creating_images/guidelines
 .html#openshift-origin-specific-guidelines
 (section on support arbitrary uids)

 to relax the restriction, see:
 https://docs.openshift.org/latest/admin_guide/manage_scc.htm
 l#enable-images-to-run-with-user-in-the-dockerfile





 On Thu, Sep 8, 2016 at 9:50 PM, Ravi > wrote:


 oh, forgot to add, I do not have any readiness probe.

 On 9/8/2016 6:47 PM, Ravi Kapoor wrote:

 I removed volumes, pod still failed. json and logs attached



 On Thu, Sep 8, 2016 at 6:35 PM, Ben Parees 
 >> wrote:

 though i don't see it in your json it sounds like you have a
 readiness probe defined on your pod and it's not being met
 successfully.

 the other possibility is it has to do w/ your mounts.  can
 you
 temporarily remove the volume mounts and see if the pod
 comes up?


 On Thu, Sep 8, 2016 at 8:33 PM, Ravi Kapoor
 
 >> wrote:

 Pod deployment failed. error in console log is

 --> Scaling nginx-1 to 1
 --> Waiting up to 10m0s for pods in deployment nginx-1
 to become
 ready
 error: update acceptor rejected nginx-1: pods for
 deployment
 "nginx-1" took longer than 600 seconds to become ready



 *$ oc describe pods*
 Name:   nginx-1-deploy
 Namespace:  test
 Security Policy:restricted
 Node:   172.27.104.71/172.27.104.71
 
 >
 Start Time: Thu, 08 Sep 2016 17:30:29 -0400
 Labels:
 openshift.io/deployer-pod-for.name=nginx-1

Re: Pulling image from Google Cloud Registry failing with 403

Re: Pulling image from Google Cloud Registry failing with 403

Capacity Planning

Expose port range to containers and services

Re: Pulling image from Google Cloud Registry failing with 403

Re: Using OpenShift registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2-12 image

Pulling image from Google Cloud Registry failing with 403

Re: few basic questions about S2I and docker run

8 matches

Site Navigation

Mail list logo

Footer information