Will do that. Still i think this should be handled by the playbooks given that I specifically disable internal registry and specify the oreg_url.
Thanks for your help Adam & Ben best Chris On Mon, Aug 13, 2018 at 5:46 PM Adam Kaplan <adam.kap...@redhat.com> wrote: > Those errors make sense, then. You can create a new > ImageStream+ImageStreamTag that points to the rhscl nodejs images, and > reference that in the build. > > On Mon, Aug 13, 2018 at 10:26 AM Sandrini, Christian < > christian.sandr...@bis.org> wrote: > >> Something interesting. The buildconfig tries to pull from >> (…/openshift/nodejs) >> >> >> >> >> nexus.bisinfo.org:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c >> >> >> >> This does not exist in nexus >> >> >> >> # docker pull nexus.bisinfo.org:8500/openshift/nodejs:latest >> >> Trying to pull repository nexus.bisinfo.org:8500/openshift/nodejs ... >> >> Pulling repository nexus.bisinfo.org:8500/openshift/nodejs >> >> Error: image openshift/nodejs:latest not found >> >> >> >> But nexus has the images in /rhcsl/nodejs. This is a snipped from the >> image stream nodejs. >> >> >> >> 8 (latest) >> >> tagged from nexus.bisinfo.org:8500/rhscl/nodejs-8-rhel7:latest >> >> prefer registry pullthrough when referencing this tag >> >> >> >> Build and run Node.js 8 applications on RHEL 7. For more information >> about using this builder image, including OpenShift considerations, see >> https://github.com/sclorg/s2i-nodejs-container. >> >> Tags: builder, nodejs >> >> Example Repo: https://github.com/openshift/nodejs-ex.git >> >> >> >> * >> nexus.bisinfo.org:8500/rhscl/nodejs-8-rhel7@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c >> >> 3 days ago >> >> >> >> >> >> Best >> >> Chris >> >> >> >> *From:* Ben Parees [mailto:bpar...@redhat.com] >> *Sent:* 13 August 2018 15:44 >> *To:* Sandrini, Christian <christian.sandr...@bis.org> >> *Cc:* Adam Kaplan <adam.kap...@redhat.com>; >> users@lists.openshift.redhat.com >> *Subject:* Re: Using an external registry for the cluster >> >> >> >> >> >> >> >> On Mon, Aug 13, 2018 at 9:32 AM, Sandrini, Christian < >> christian.sandr...@bis.org> wrote: >> >> Hi Adam >> >> >> >> Yes. I can actually manually pull it from nexus on any openshift node. >> Because we use an internally signed certificate I was wondering if it might >> have something to do it with? >> >> >> >> you'd see an error related to that if that where the issue. >> >> >> >> The node is able to pull because I put the certificates into /etc/pki. >> Not sure the builder image has that information. >> >> >> >> the builds use the host's docker socket to pull images, so if the host >> can pull it, the build should be able to. >> >> >> >> However the builds use their own credential mechanism for authenticating >> to do the pull. Are credentials required to pull the image in question? >> >> >> >> >> >> # crictl pull >> nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c >> >> W0808 08:53:09.780779 31667 util_unix.go:75] Using >> "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using >> full url format "unix:///var/run/crio/crio.sock". >> >> Image is update to date for >> nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c >> >> Best >> >> Chris >> >> >> >> *From:* Adam Kaplan [mailto:adam.kap...@redhat.com] >> *Sent:* 13 August 2018 15:29 >> >> >> *To:* Sandrini, Christian <christian.sandr...@bis.org> >> *Cc:* users@lists.openshift.redhat.com >> *Subject:* Re: Using an external registry for the cluster >> >> >> >> Have you pushed the nodejs s2i image to your nexus registry? The ansible >> playbook does not do this for you. >> >> >> >> If you haven't done so, you can manually pull the nodejs s2i image from >> registry.access.redhat.com, then push it to the nexus registry. >> >> >> >> On Mon, Aug 13, 2018 at 9:16 AM Sandrini, Christian < >> christian.sandr...@bis.org> wrote: >> >> Hi Adam >> >> >> >> This is the buildconfig >> >> >> >> # oc get buildconfig test -o yaml >> >> apiVersion: build.openshift.io/v1 >> >> kind: BuildConfig >> >> metadata: >> >> annotations: >> >> openshift.io/generated-by: OpenShiftWebConsole >> >> creationTimestamp: 2018-08-10T11:30:11Z >> >> labels: >> >> app: test >> >> name: test >> >> namespace: test >> >> resourceVersion: "11651" >> >> selfLink: /apis/build.openshift.io/v1/namespaces/test/buildconfigs/test >> >> uid: bdeacbd8-9c90-11e8-9f83-005056b28a97 >> >> spec: >> >> nodeSelector: null >> >> output: >> >> to: >> >> kind: ImageStreamTag >> >> name: test:latest >> >> postCommit: {} >> >> resources: {} >> >> runPolicy: Serial >> >> source: >> >> git: >> >> ref: master >> >> uri: ssh:// >> imstfs.bisinfo.org:22/tfs/DevBIS/Linux%20Team/_git/LinuxAPI >> >> sourceSecret: >> >> name: tfs >> >> type: Git >> >> strategy: >> >> sourceStrategy: >> >> from: >> >> kind: ImageStreamTag >> >> name: nodejs:8 >> >> namespace: openshift >> >> type: Source >> >> triggers: >> >> - generic: >> >> secret: 20d714198be8c14a >> >> type: Generic >> >> - github: >> >> secret: 7ee9ecd7d2bf955b >> >> type: GitHub >> >> - imageChange: >> >> lastTriggeredImageID: >> nexus.bisinfo.org:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c >> >> type: ImageChange >> >> - type: ConfigChange >> >> status: >> >> lastVersion: 4 >> >> >> >> best >> >> Chris >> >> >> >> *From:* Adam Kaplan [mailto:adam.kap...@redhat.com] >> *Sent:* 13 August 2018 15:07 >> *To:* Sandrini, Christian <christian.sandr...@bis.org> >> *Cc:* users@lists.openshift.redhat.com >> *Subject:* Re: Using an external registry for the cluster >> >> >> >> Hi Chris, >> >> >> >> I'm with the developer experience team - can you please provide a snippet >> of the build config that is breaking? We'd like to see which image streams >> are being used in the build. >> >> >> >> Thank You, >> >> Adam >> >> >> >> On Wed, Aug 8, 2018 at 2:58 AM Sandrini, Christian < >> christian.sandr...@bis.org> wrote: >> >> Hi >> >> >> >> I was wondering if it is supported to use a completely external registry >> (Nexus) to pull and push images? Ideally I would like to have multiple >> clusters pointing to the same external registry. >> >> >> >> I have setup a test cluster “enterprise 3.10.14-1” and specified the >> following settings in the ansible inventory >> >> >> >> openshift_hosted_manage_registry=false >> >> oreg_url=nexus.example.com:8500/openshift3/ose-${component}:${version} >> <http://nexus.example.com:8500/openshift3/ose-$%7Bcomponent%7D:$%7Bversion%7D> >> >> openshift_examples_modify_imagestreams=true >> >> >> >> This seems to work fine for installing the cluster. Next step I tried to >> create a new app from nodejs which failed as the image streams tried to >> pull from an internal registry which does not exist >> >> >> >> NAME DOCKER >> REPO >> TAGS UPDATED >> >> dotnet >> docker-registry.default.svc:5000/openshift/dotnet 1.0,1.1,2.0 + 2 >> more... 17 hours ago >> >> dotnet-runtime >> docker-registry.default.svc:5000/openshift/dotnet-runtime >> 2.0,2.1,latest 17 hours ago >> >> httpd >> docker-registry.default.svc:5000/openshift/httpd >> latest,2.4 17 hours ago >> >> >> >> The master-config.yaml points to the internal registry >> >> >> >> imagePolicyConfig: >> >> internalRegistryHostname: docker-registry.default.svc:5000 >> >> >> >> I tried to change that to nexus.example.com:8500 but am getting an error >> when trying to pull an image >> >> >> >> # oc logs api-4-build >> >> pulling image error : unknown blob >> >> error: build error: unable to get >> nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c >> >> >> >> Manually pulling from that registry on the node works though >> >> >> >> # crictl pull >> nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c >> >> W0808 08:53:09.780779 31667 util_unix.go:75] Using >> "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using >> full url format "unix:///var/run/crio/crio.sock". >> >> Image is update to date for >> nexus.example.com:8500/openshift/nodejs@sha256:7b26a9d8ace47e939a9fcdca61620dbe47d1b936e68983e252cca50991704c7c >> >> >> >> Any help would be greatly appreciated. >> >> >> >> Best >> >> Chris >> >> >> >> >> >> >> >> Disclaimer >> >> This e-mail message and any attachments (“message”) may contain >> confidential, privileged or proprietary information and is intended solely >> for the use of the named recipient(s). If you are not the intended >> recipient, you may not disclose, copy, distribute or retain any part of >> this message. If you have received this message in error, please inform the >> sender immediately by return e-mail and delete this message from your >> system. The BIS is not liable for any error in the content of this message >> and does not represent that it is uncorrupted and/or free of viruses. Views >> expressed in this message are those of the author and may not reflect those >> of the BIS. >> >> By exchanging e-mails with the BIS it is understood that the BIS may >> collect, store and further use e-mail addresses and other personal >> information which may be provided therein. The BIS will treat such >> information as confidential. >> >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >> >> >> -- >> >> *ADAM KAPLAN* >> >> SENIOR SOFTWARE ENGINEER - OPENSHIFT >> >> Red Hat <https://www.redhat.com/> >> >> 100 E Davie St Raleigh, NC 27601 USA >> >> adam.kap...@redhat.com T: +1-919-754-4843 <(919)%20754-4843> >> IM: adambkaplan >> >> <https://red.ht/sig> >> >> >> >> >> >> >> -- >> >> *ADAM KAPLAN* >> >> SENIOR SOFTWARE ENGINEER - OPENSHIFT >> >> Red Hat <https://www.redhat.com/> >> >> 100 E Davie St Raleigh, NC 27601 USA >> >> adam.kap...@redhat.com T: +1-919-754-4843 <(919)%20754-4843> >> IM: adambkaplan >> >> <https://red.ht/sig> >> >> >> >> >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >> >> >> -- >> >> Ben Parees | OpenShift >> > > > -- > > ADAM KAPLAN > > SENIOR SOFTWARE ENGINEER - OPENSHIFT > > Red Hat <https://www.redhat.com/> > > 100 E Davie St Raleigh, NC 27601 USA > > adam.kap...@redhat.com T: +1-919-754-4843 IM: adambkaplan > <https://red.ht/sig> > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users