On Mon, Aug 13, 2018 at 9:32 AM, Sandrini, Christian < christian.sandr...@bis.org> wrote:
> Hi Adam > > > > Yes. I can actually manually pull it from nexus on any openshift node. > Because we use an internally signed certificate I was wondering if it might > have something to do it with? > you'd see an error related to that if that where the issue. > The node is able to pull because I put the certificates into /etc/pki. Not > sure the builder image has that information. > the builds use the host's docker socket to pull images, so if the host can pull it, the build should be able to. However the builds use their own credential mechanism for authenticating to do the pull. Are credentials required to pull the image in question? > # crictl pull nexus.example.com:8500/openshift/nodejs@sha256: > 7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c > > W0808 08:53:09.780779 31667 util_unix.go:75] Using > "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using > full url format "unix:///var/run/crio/crio.sock". > > Image is update to date for nexus.example.com:8500/ > openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620d > be47d1b936e68983e252cca50991704c7c > > Best > > Chris > > > > *From:* Adam Kaplan [mailto:adam.kap...@redhat.com] > *Sent:* 13 August 2018 15:29 > > *To:* Sandrini, Christian <christian.sandr...@bis.org> > *Cc:* users@lists.openshift.redhat.com > *Subject:* Re: Using an external registry for the cluster > > > > Have you pushed the nodejs s2i image to your nexus registry? The ansible > playbook does not do this for you. > > > > If you haven't done so, you can manually pull the nodejs s2i image from > registry.access.redhat.com, then push it to the nexus registry. > > > > On Mon, Aug 13, 2018 at 9:16 AM Sandrini, Christian < > christian.sandr...@bis.org> wrote: > > Hi Adam > > > > This is the buildconfig > > > > # oc get buildconfig test -o yaml > > apiVersion: build.openshift.io/v1 > > kind: BuildConfig > > metadata: > > annotations: > > openshift.io/generated-by: OpenShiftWebConsole > > creationTimestamp: 2018-08-10T11:30:11Z > > labels: > > app: test > > name: test > > namespace: test > > resourceVersion: "11651" > > selfLink: /apis/build.openshift.io/v1/namespaces/test/buildconfigs/test > > uid: bdeacbd8-9c90-11e8-9f83-005056b28a97 > > spec: > > nodeSelector: null > > output: > > to: > > kind: ImageStreamTag > > name: test:latest > > postCommit: {} > > resources: {} > > runPolicy: Serial > > source: > > git: > > ref: master > > uri: ssh://imstfs.bisinfo.org:22/tfs/DevBIS/Linux%20Team/_git/ > LinuxAPI > > sourceSecret: > > name: tfs > > type: Git > > strategy: > > sourceStrategy: > > from: > > kind: ImageStreamTag > > name: nodejs:8 > > namespace: openshift > > type: Source > > triggers: > > - generic: > > secret: 20d714198be8c14a > > type: Generic > > - github: > > secret: 7ee9ecd7d2bf955b > > type: GitHub > > - imageChange: > > lastTriggeredImageID: nexus.bisinfo.org:8500/ > openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620d > be47d1b936e68983e252cca50991704c7c > > type: ImageChange > > - type: ConfigChange > > status: > > lastVersion: 4 > > > > best > > Chris > > > > *From:* Adam Kaplan [mailto:adam.kap...@redhat.com] > *Sent:* 13 August 2018 15:07 > *To:* Sandrini, Christian <christian.sandr...@bis.org> > *Cc:* users@lists.openshift.redhat.com > *Subject:* Re: Using an external registry for the cluster > > > > Hi Chris, > > > > I'm with the developer experience team - can you please provide a snippet > of the build config that is breaking? We'd like to see which image streams > are being used in the build. > > > > Thank You, > > Adam > > > > On Wed, Aug 8, 2018 at 2:58 AM Sandrini, Christian < > christian.sandr...@bis.org> wrote: > > Hi > > > > I was wondering if it is supported to use a completely external registry > (Nexus) to pull and push images? Ideally I would like to have multiple > clusters pointing to the same external registry. > > > > I have setup a test cluster “enterprise 3.10.14-1” and specified the > following settings in the ansible inventory > > > > openshift_hosted_manage_registry=false > > oreg_url=nexus.example.com:8500/openshift3/ose-${component}:${version} > <http://nexus.example.com:8500/openshift3/ose-$%7Bcomponent%7D:$%7Bversion%7D> > > openshift_examples_modify_imagestreams=true > > > > This seems to work fine for installing the cluster. Next step I tried to > create a new app from nodejs which failed as the image streams tried to > pull from an internal registry which does not exist > > > > NAME DOCKER REPO > TAGS UPDATED > > dotnet docker-registry.default.svc: > 5000/openshift/dotnet 1.0,1.1,2.0 + 2 more... 17 hours ago > > dotnet-runtime docker-registry.default.svc: > 5000/openshift/dotnet-runtime 2.0,2.1,latest 17 hours ago > > httpd docker-registry.default.svc: > 5000/openshift/httpd latest,2.4 17 hours ago > > > > The master-config.yaml points to the internal registry > > > > imagePolicyConfig: > > internalRegistryHostname: docker-registry.default.svc:5000 > > > > I tried to change that to nexus.example.com:8500 but am getting an error > when trying to pull an image > > > > # oc logs api-4-build > > pulling image error : unknown blob > > error: build error: unable to get nexus.example.com:8500/ > openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620d > be47d1b936e68983e252cca50991704c7c > > > > Manually pulling from that registry on the node works though > > > > # crictl pull nexus.example.com:8500/openshift/nodejs@sha256: > 7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c > > W0808 08:53:09.780779 31667 util_unix.go:75] Using > "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using > full url format "unix:///var/run/crio/crio.sock". > > Image is update to date for nexus.example.com:8500/ > openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620d > be47d1b936e68983e252cca50991704c7c > > > > Any help would be greatly appreciated. > > > > Best > > Chris > > > > > > > > Disclaimer > > This e-mail message and any attachments (“message”) may contain > confidential, privileged or proprietary information and is intended solely > for the use of the named recipient(s). If you are not the intended > recipient, you may not disclose, copy, distribute or retain any part of > this message. If you have received this message in error, please inform the > sender immediately by return e-mail and delete this message from your > system. The BIS is not liable for any error in the content of this message > and does not represent that it is uncorrupted and/or free of viruses. Views > expressed in this message are those of the author and may not reflect those > of the BIS. > > By exchanging e-mails with the BIS it is understood that the BIS may > collect, store and further use e-mail addresses and other personal > information which may be provided therein. The BIS will treat such > information as confidential. > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > > > -- > > *ADAM KAPLAN* > > SENIOR SOFTWARE ENGINEER - OPENSHIFT > > Red Hat <https://www.redhat.com/> > > 100 E Davie St Raleigh, NC 27601 USA > > adam.kap...@redhat.com T: +1-919-754-4843 IM: adambkaplan > > <https://red.ht/sig> > > > > > > > -- > > *ADAM KAPLAN* > > SENIOR SOFTWARE ENGINEER - OPENSHIFT > > Red Hat <https://www.redhat.com/> > > 100 E Davie St Raleigh, NC 27601 USA > > adam.kap...@redhat.com T: +1-919-754-4843 IM: adambkaplan > > <https://red.ht/sig> > > > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > -- Ben Parees | OpenShift
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
