I've caught another error like this one and one of the docker-registry
pods gives some errors about authorization.
I've tried adding, inside the web-interface for the docker-registry, the
system:serviceaccount:slimmelde-dev:builder user to have pull access in
the generic project.
The docs that I've found/read about the integrated registry only
describe direct access/manual to the registry:
https://docs.openshift.org/latest/install_config/registry/accessing_registry.html
Any other place to look, for my type of usage?
Thank you!
Logs below:
time="2018-05-22T22:05:55.649683785Z" level=error msg="error authorizing
context: authorization header required" go.version=go1.9.2
http.request.host="docker-registry.default.svc:5000"
http.request.id=3528f4c9-f729-4bcc-abf4-ef5a271399ff
http.request.method=GET http.request.remoteaddr="10.128.2.1:42438"
http.request.uri=/v2/ http.request.useragent="docker/1.13.1 go/go1.8.3
kernel/3.10.0-862.2.3.el7.x86_64 os/linux arch/amd64
UpstreamClient(go-dockerclient)"
instance.id=be8746aa-b85c-40fb-978f-040a25b6c1d1
time="2018-05-22T22:05:55.720645637Z" level=error msg="OpenShift access
denied: User \"system:serviceaccount:slimmelden-dev:builder\" cannot get
imagestreams/layers.image.openshift.io in project \"generic\""
go.version=go1.9.2 http.request.host="docker-registry.default.svc:5000"
http.request.id=8f5bacf4-7d34-448a-8f9b-12cb65499f5b
http.request.method=GET http.request.remoteaddr="10.128.2.1:42442"
http.request.uri="/v2/generic/ot-builder-npm-is/manifests/sha256:9efdf954ec62e662e67d3f1c71f9d46faf9c82c76f8513338c2a4b19b6f318b5"
http.request.useragent="docker/1.13.1 go/go1.8.3
kernel/3.10.0-862.2.3.el7.x86_64 os/linux arch/amd64
UpstreamClient(go-dockerclient)"
instance.id=be8746aa-b85c-40fb-978f-040a25b6c1d1
openshift.auth.user="system:serviceaccount:slimmelden-dev:builder"
vars.name=generic/ot-builder-npm-is
vars.reference="sha256:9efdf954ec62e662e67d3f1c71f9d46faf9c82c76f8513338c2a4b19b6f318b5"
time="2018-05-22T22:05:55.720783744Z" level=error msg="error authorizing
context: access denied" go.version=go1.9.2
http.request.host="docker-registry.default.svc:5000"
http.request.id=8f5bacf4-7d34-448a-8f9b-12cb65499f5b
http.request.method=GET http.request.remoteaddr="10.128.2.1:42442"
http.request.uri="/v2/generic/ot-builder-npm-is/manifests/sha256:9efdf954ec62e662e67d3f1c71f9d46faf9c82c76f8513338c2a4b19b6f318b5"
http.request.useragent="docker/1.13.1 go/go1.8.3
kernel/3.10.0-862.2.3.el7.x86_64 os/linux arch/amd64
UpstreamClient(go-dockerclient)"
instance.id=be8746aa-b85c-40fb-978f-040a25b6c1d1
vars.name=generic/ot-builder-npm-is
vars.reference="sha256:9efdf954ec62e662e67d3f1c71f9d46faf9c82c76f8513338c2a4b19b6f318b5"
time="2018-05-22T22:05:55.924000499Z" level=error msg="error authorizing
context: authorization header required" go.version=go1.9.2
http.request.host="docker-registry.default.svc:5000"
http.request.id=5ac69bd6-f5f1-40cc-8f20-7bd3ed5dfb98
http.request.method=GET http.request.remoteaddr="10.128.2.1:42444"
http.request.uri=/v2/ http.request.useragent="docker/1.13.1 go/go1.8.3
kernel/3.10.0-862.2.3.el7.x86_64 os/linux arch/amd64
UpstreamClient(go-dockerclient)"
instance.id=be8746aa-b85c-40fb-978f-040a25b6c1d1
time="2018-05-22T22:05:55.997011922Z" level=error msg="OpenShift access
denied: User \"system:serviceaccount:slimmelden-dev:builder\" cannot get
imagestreams/layers.image.openshift.io in project \"generic\""
go.version=go1.9.2 http.request.host="docker-registry.default.svc:5000"
http.request.id=a5327070-a760-441f-98b3-704cf181692c
http.request.method=GET http.request.remoteaddr="10.128.2.1:42448"
http.request.uri="/v2/generic/ot-builder-npm-is/manifests/sha256:9efdf954ec62e662e67d3f1c71f9d46faf9c82c76f8513338c2a4b19b6f318b5"
http.request.useragent="docker/1.13.1 go/go1.8.3
kernel/3.10.0-862.2.3.el7.x86_64 os/linux arch/amd64
UpstreamClient(go-dockerclient)"
instance.id=be8746aa-b85c-40fb-978f-040a25b6c1d1
openshift.auth.user="system:serviceaccount:slimmelden-dev:builder"
vars.name=generic/ot-builder-npm-is
vars.reference="sha256:9efdf954ec62e662e67d3f1c71f9d46faf9c82c76f8513338c2a4b19b6f318b5"
time="2018-05-22T22:05:55.997142473Z" level=error msg="error authorizing
context: access denied" go.version=go1.9.2
http.request.host="docker-registry.default.svc:5000"
http.request.id=a5327070-a760-441f-98b3-704cf181692c
http.request.method=GET http.request.remoteaddr="10.128.2.1:42448"
http.request.uri="/v2/generic/ot-builder-npm-is/manifests/sha256:9efdf954ec62e662e67d3f1c71f9d46faf9c82c76f8513338c2a4b19b6f318b5"
http.request.useragent="docker/1.13.1 go/go1.8.3
kernel/3.10.0-862.2.3.el7.x86_64 os/linux arch/amd64
UpstreamClient(go-dockerclient)"
instance.id=be8746aa-b85c-40fb-978f-040a25b6c1d1
vars.name=generic/ot-builder-npm-is
vars.reference="sha256:9efdf954ec62e662e67d3f1c71f9d46faf9c82c76f8513338c2a4b19b6f318b5"
On 22.05.2018 19:49, Ben Parees wrote:
On Tue, May 22, 2018 at 11:46 AM, Dan Pungă <dan.pu...@gmail.com
<mailto:dan.pu...@gmail.com>> wrote:
Hello all!
I'm experiencing a problem when trying to pull an image from
Openshift's container registry.
I've recently installed OpenshiftOrigin 3.9 with docker-registry
deployed.
I'm using 2 projects, one where "generic" images are built and one
for "applications". When running a build in the "application"
project that is based on an image from the "generic" project, the
build process fails at times with errors such:
Pulling image
docker-registry.default.svc:5000/generic/ot-builder-maven-is@sha256:ff3a7e558a44adc6212bd86dc3c0799537afd47f05be5678b0b986f7c7e3398c
...
Checking for Docker config file for PULL_DOCKERCFG_PATH in path
/var/run/secrets/openshift.io/pull <http://openshift.io/pull>
Using Docker config file
/var/run/secrets/openshift.io/pull/.dockercfg
<http://openshift.io/pull/.dockercfg>
Step 1/11 : FROM
docker-registry.default.svc:5000/generic/ot-builder-maven-is@sha256:ff3a7e558a44adc6212bd86dc3c0799537afd47f05be5678b0b986f7c7e3398c
Trying to pull repository
docker-registry.default.svc:5000/generic/ot-builder-maven-is ...
error: build error: unauthorized: authentication required
The imagestream is there and the sha is the right one. This seems
to happen at random and it goes away if I pause between build
tries....so random.
it might be enlightening to look at the logs from the registry pod(or
pods if you're running multiple replica instances) to see if it's
getting errors talking to the api server.
I haven't done some through tests to see if it's the same
behaviour for source imageStreams inside the same project...
Any idea what to try?
Not sure if this is related, but I was trying to login to the
registry and trying to this from outside the cluster, I get
Error response from daemon: Get
https://docker-registry-default......:5000/v2/
<https://docker-registry-default......:5000/v2/>: net/http:
request canceled while waiting for connection (Client.Timeout
exceeded while awaiting headers)
This looks like timeout config/networking issues and I wonder if
it's what causing the initial problem(even though the registry
storage node, the registry pod and the application node where the
build is executed are inside the same subnet).
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
<http://lists.openshift.redhat.com/openshiftmm/listinfo/users>
--
Ben Parees | OpenShift
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
