On Thu, Oct 26, 2017 at 12:43 PM, Lionel Orellana <lione...@gmail.com> wrote:
> This works.Would have thought the api server address was added > automatically to NO_PROXY? > it's supposed to be, but i do think there is a bug open where people have seen it not be added: https://bugzilla.redhat.com/show_bug.cgi?id=1504464 > > -bash-4.2$ oc rsh docker-registry-1-9z8p2 > sh-4.2$ export NO_PROXY=$NO_PROXY,172.23.192.1 > sh-4.2$ oc whoami > system:serviceaccount:default:registry > sh-4.2$ > > On 26 October 2017 at 20:54, Ben Parees <bpar...@redhat.com> wrote: > >> >> >> On Thu, Oct 26, 2017 at 11:50 AM, Lionel Orellana <lione...@gmail.com> >> wrote: >> >>> I didn't put it there. >>> >>> I another cluster this works. >>> >>> -bash-4.2$ oc rsh docker-registry-9-c9mgd oc whoami >>> system:serviceaccount:default:registry >>> >>> -bash-4.2$ oc rsh docker-registry-9-c9mgd which oc >>> /usr/bin/oc >>> >>> >> ok, it looks like it was removed on 3.7. >> >> Anyway you've certainly established there is a networking issue between >> your registry pod and the api server in your cluster >> (but oddly not between other pods an the api server) Adding the >> networking team to the thread. >> >> >> >> >>> >>> On 26 October 2017 at 20:37, Ben Parees <bpar...@redhat.com> wrote: >>> >>>> >>>> >>>> On Thu, Oct 26, 2017 at 10:53 AM, Lionel Orellana <lione...@gmail.com> >>>> wrote: >>>> >>>>> Interestingly >>>>> >>>>> -bash-4.2$ oc rsh router-1-bf95x oc whoami >>>>> system:serviceaccount:default:router >>>>> -bash-4.2$ oc rsh docker-registry-1-9z8p2 oc whoami >>>>> Unable to connect to the server: Service Unavailable >>>>> command terminated with exit code 1 >>>>> >>>> >>>> the registry image doesn't even contain an oc client binary (unless you >>>> put one there?) so i'm not sure what that is doing. >>>> >>>> >>>> >>>>> >>>>> On 26 October 2017 at 19:50, Lionel Orellana <lione...@gmail.com> >>>>> wrote: >>>>> >>>>>> Well this works from one of the hosts (using a token from oc whoami) >>>>>> >>>>>> curl -X GET -H "Authorization: Bearer $TOKEN" >>>>>> https://172.23.192.1/oapi/v1/users/~ >>>>>> >>>>>> In the error msg >>>>>> >>>>>> msg="*invalid token*: Get https://172.23.192.1:443/oapi/v1/users/~ >>>>>> <https://172.23.192.1/oapi/v1/users/~>: Service Unavailable" >>>>>> >>>>>> I wonder if the invalid toke part is the issue. >>>>>> >>>>>> On 26 October 2017 at 19:16, Ben Parees <bpar...@redhat.com> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Oct 26, 2017 at 8:11 AM, Lionel Orellana <lione...@gmail.com >>>>>>> > wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> In a new OCP 3.6 installation I'm trying to deploy JBoss EAP 7.0 >>>>>>>> from the catalog. >>>>>>>> >>>>>>>> This is in a project for which I am the admin. >>>>>>>> >>>>>>>> It's failing to push the image to the registry >>>>>>>> >>>>>>>> Pushing image >>>>>>>> docker-registry.default.svc:5000/bimorl/jboss-eap70:latest >>>>>>>> ... >>>>>>>> Registry server Address: >>>>>>>> Registry server User Name: serviceaccount >>>>>>>> Registry server Email: serviceacco...@example.org >>>>>>>> Registry server Password: <<non-empty>> >>>>>>>> error: build error: Failed to push image: unauthorized: >>>>>>>> authentication required >>>>>>>> >>>>>>> >>>>>>>> In the registry logs I see >>>>>>>> >>>>>>>> 172.23.140.1 - - [26/Oct/2017:05:08:19 +0000] "GET >>>>>>>> /openshift/token?account=serviceaccount&scope=repository%3Ab >>>>>>>> imorl%2Fjboss-eap70%3Apush%2Cpull HTTP/1.1" 401 0 "" >>>>>>>> "docker/1.12.6 go/go1.8.3 kernel/3.10.0-693.2.2.el7.x86_64 >>>>>>>> os/linux arch/amd64 UpstreamClient(go-dockerclient)" >>>>>>>> time="2017-10-26T05:08:19.116844289Z" level=debug msg="invalid >>>>>>>> token: Get https://172.23.192.1:443/oapi/v1/users/~: *Service >>>>>>>> Unavailable*" go.version=go1.7.6 >>>>>>>> http.request.host="docker-registry.default.svc:5000" >>>>>>>> http.request.id=467674a1-8618-4986-9e7f-b92a06afa43d >>>>>>>> http.request.method=GET http.request.remoteaddr="172.23.140.1:38284" >>>>>>>> http.request.uri="/openshift/token?account=serviceaccount&sc >>>>>>>> ope=repository%3Abimorl%2Fjboss-eap70%3Apush%2Cpull" >>>>>>>> http.request.useragent="docker/1.12.6 go/go1.8.3 >>>>>>>> kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64 >>>>>>>> UpstreamClient(go-dockerclient)" >>>>>>>> instance.id=e5e8a55e-c3bc-4dfa-a706-e844ddbbdf44 >>>>>>>> openshift.logger=registry >>>>>>>> >>>>>>> >>>>>>> sounds like your registry is unable to reach your api server. I >>>>>>> would check if other pods running within your cluster are able to access >>>>>>> the api server (ie run oc client commands from within a pod, against the >>>>>>> kubernetes service ip) >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Any ideas? >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> users mailing list >>>>>>>> users@lists.openshift.redhat.com >>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ben Parees | OpenShift >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Ben Parees | OpenShift >>>> >>>> >>> >> >> >> -- >> Ben Parees | OpenShift >> >> > -- Ben Parees | OpenShift
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users