Hi Adam Yes. I can actually manually pull it from nexus on any openshift node. Because we use an internally signed certificate I was wondering if it might have something to do it with? The node is able to pull because I put the certificates into /etc/pki. Not sure the builder image has that information. # crictl pull nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c> W0808 08:53:09.780779 31667 util_unix.go:75] Using "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/crio/crio.sock". Image is update to date for nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c> Best Chris
From: Adam Kaplan [mailto:adam.kap...@redhat.com] Sent: 13 August 2018 15:29 To: Sandrini, Christian <christian.sandr...@bis.org> Cc: users@lists.openshift.redhat.com Subject: Re: Using an external registry for the cluster Have you pushed the nodejs s2i image to your nexus registry? The ansible playbook does not do this for you. If you haven't done so, you can manually pull the nodejs s2i image from registry.access.redhat.com<http://registry.access.redhat.com>, then push it to the nexus registry. On Mon, Aug 13, 2018 at 9:16 AM Sandrini, Christian <christian.sandr...@bis.org<mailto:christian.sandr...@bis.org>> wrote: Hi Adam This is the buildconfig # oc get buildconfig test -o yaml apiVersion: build.openshift.io/v1<http://build.openshift.io/v1> kind: BuildConfig metadata: annotations: openshift.io/generated-by<http://openshift.io/generated-by>: OpenShiftWebConsole creationTimestamp: 2018-08-10T11:30:11Z labels: app: test name: test namespace: test resourceVersion: "11651" selfLink: /apis/build.openshift.io/v1/namespaces/test/buildconfigs/test<http://build.openshift.io/v1/namespaces/test/buildconfigs/test> uid: bdeacbd8-9c90-11e8-9f83-005056b28a97 spec: nodeSelector: null output: to: kind: ImageStreamTag name: test:latest postCommit: {} resources: {} runPolicy: Serial source: git: ref: master uri: ssh://imstfs.bisinfo.org:22/tfs/DevBIS/Linux%20Team/_git/LinuxAPI<http://imstfs.bisinfo.org:22/tfs/DevBIS/Linux%20Team/_git/LinuxAPI> sourceSecret: name: tfs type: Git strategy: sourceStrategy: from: kind: ImageStreamTag name: nodejs:8 namespace: openshift type: Source triggers: - generic: secret: 20d714198be8c14a type: Generic - github: secret: 7ee9ecd7d2bf955b type: GitHub - imageChange: lastTriggeredImageID: nexus.bisinfo.org:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.bisinfo.org:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c> type: ImageChange - type: ConfigChange status: lastVersion: 4 best Chris From: Adam Kaplan [mailto:adam.kap...@redhat.com<mailto:adam.kap...@redhat.com>] Sent: 13 August 2018 15:07 To: Sandrini, Christian <christian.sandr...@bis.org<mailto:christian.sandr...@bis.org>> Cc: users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com> Subject: Re: Using an external registry for the cluster Hi Chris, I'm with the developer experience team - can you please provide a snippet of the build config that is breaking? We'd like to see which image streams are being used in the build. Thank You, Adam On Wed, Aug 8, 2018 at 2:58 AM Sandrini, Christian <christian.sandr...@bis.org<mailto:christian.sandr...@bis.org>> wrote: Hi I was wondering if it is supported to use a completely external registry (Nexus) to pull and push images? Ideally I would like to have multiple clusters pointing to the same external registry. I have setup a test cluster “enterprise 3.10.14-1” and specified the following settings in the ansible inventory openshift_hosted_manage_registry=false oreg_url=nexus.example.com:8500/openshift3/ose-${component}:${version}<http://nexus.example.com:8500/openshift3/ose-$%7Bcomponent%7D:$%7Bversion%7D> openshift_examples_modify_imagestreams=true This seems to work fine for installing the cluster. Next step I tried to create a new app from nodejs which failed as the image streams tried to pull from an internal registry which does not exist NAME DOCKER REPO TAGS UPDATED dotnet docker-registry.default.svc:5000/openshift/dotnet 1.0,1.1,2.0 + 2 more... 17 hours ago dotnet-runtime docker-registry.default.svc:5000/openshift/dotnet-runtime 2.0,2.1,latest 17 hours ago httpd docker-registry.default.svc:5000/openshift/httpd latest,2.4 17 hours ago The master-config.yaml points to the internal registry imagePolicyConfig: internalRegistryHostname: docker-registry.default.svc:5000 I tried to change that to nexus.example.com:8500<http://nexus.example.com:8500> but am getting an error when trying to pull an image # oc logs api-4-build pulling image error : unknown blob error: build error: unable to get nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c> Manually pulling from that registry on the node works though # crictl pull nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c> W0808 08:53:09.780779 31667 util_unix.go:75] Using "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/crio/crio.sock". Image is update to date for nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c<http://nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c> Any help would be greatly appreciated. Best Chris Disclaimer This e-mail message and any attachments (“message”) may contain confidential, privileged or proprietary information and is intended solely for the use of the named recipient(s). If you are not the intended recipient, you may not disclose, copy, distribute or retain any part of this message. If you have received this message in error, please inform the sender immediately by return e-mail and delete this message from your system. The BIS is not liable for any error in the content of this message and does not represent that it is uncorrupted and/or free of viruses. Views expressed in this message are those of the author and may not reflect those of the BIS. By exchanging e-mails with the BIS it is understood that the BIS may collect, store and further use e-mail addresses and other personal information which may be provided therein. The BIS will treat such information as confidential. _______________________________________________ users mailing list users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com> http://lists.openshift.redhat.com/openshiftmm/listinfo/users -- ADAM KAPLAN SENIOR SOFTWARE ENGINEER - OPENSHIFT Red Hat<https://www.redhat.com/> 100 E Davie St Raleigh, NC 27601 USA adam.kap...@redhat.com<mailto:adam.kap...@redhat.com> T: +1-919-754-4843 IM: adambkaplan [https://www.redhat.com/files/brand/email/sig-redhat.png]<https://red.ht/sig> -- ADAM KAPLAN SENIOR SOFTWARE ENGINEER - OPENSHIFT Red Hat<https://www.redhat.com/> 100 E Davie St Raleigh, NC 27601 USA adam.kap...@redhat.com<mailto:adam.kap...@redhat.com> T: +1-919-754-4843<javascript:void(0);> IM: adambkaplan [https://www.redhat.com/files/brand/email/sig-redhat.png]<https://red.ht/sig>
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users