| Summary: | [devexp_public_430]Can't pull source image using pullsecret or sourcesecret | ||
|---|---|---|---|
| Product: | OKD | Reporter: | XiuJuan Wang <xiuwang> |
| Component: | Build | Assignee: | Ben Parees <bparees> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Wenjing Zheng <wzheng> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.x | CC: | aos-bugs, bparees, haowang, xiuwang |
| Target Milestone: | --- | Flags: | xiuwang:
needinfo-
|
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-05-12 17:14:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 1296135 | ||
You indicate you ran:
oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json
to create the secret.
I think you need to run:
oc secrets new pull .dockercfg=${HOME}/.docker/config.json
The key within the secret needs to be named ".dockercfg" and not ".dockerconfigjson".
Can you please try that and report back?
@Ben
After add secret as 'oc secrets new pull .dockercfg=${HOME}/.docker/config.json',still can't pull private source image.
$oc get secret pull -o yaml
apiVersion: v1
data:
.dockercfg: ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImVHbDFkMkZ1WnpweVp.....
$oc build-logs ruby22-sample-build-1
Command "build-logs" is deprecated, use "oc logs build/<build-name>" instead.
F0128 03:00:14.449107 1 builder.go:185] Error: build error: error pulling image docker.io/xiuwang/jenkins-1-centos7:latest: Error: image xiuwang/jenkins-1-centos7:latest not found
Turns out our pull secret logic only supported the ".dockercfg" file format and not the newer config.json format. fixing here: https://github.com/openshift/origin/pull/6887 Even with this fix, you will still need to specify the key as ".dockercfg" per my comment. Ben
I still can't pull private sourceimage in devenv-rhel7_3315, the fixed code has merged.Any wrong with my steps?
$oc secrets new pull .dockercfg=${HOME}/.docker/config.json
$oc secrets add serviceaccount/builder secrets/pull
$oc get secrets pull -o yaml
apiVersion: v1
data:
.dockercfg: ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImVHbDFkMkZ1WnpweVpXUm9ZWFJrYjJOclpYST0iLAoJCQkiZW1haWwiOiAieGl1d2FuZ0ByZWRoYXQuY29tIgoJCX0KCX0KfQ==
kind: Secret
#oc get bc
source:
git:
uri: https://github.com/openshift/ruby-hello-world.git
images:
- from:
kind: DockerImage
name: docker.io/xiuwang/jenkins-1-centos7:latest
paths:
- destinationDir: xiuwangs2i
sourcePath: /opt/openshift
pullSecret:
name: pull
secrets: null
type: Git
# oc build-logs ruby22-sample-build-1
Command "build-logs" is deprecated, use "oc logs build/<build-name>" instead.
I0203 06:45:44.601698 1 docker.go:286] Image "registry.access.redhat.com/rhscl/ruby-22-rhel7:latest" not available locally, pulling ...
F0203 06:46:00.532611 1 builder.go:194] Error: build error: error pulling image docker.io/xiuwang/jenkins-1-centos7:latest: Error: image xiuwang/jenkins-1-centos7:latest not found
Yes there's something wrong w/ your secret creation step
this:
oc secrets new pull .dockercfg=${HOME}/.docker/config.json
should be:
oc secrets new pull ${HOME}/.docker/config.json
or
oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json
When you use ".dockercfg" as the key, you must provide a ".dockercfg" file, not a ".docker/config.json" file. They are formatted differently.
devenv-rhel7_3325
Could pull private sourceimage with this two apporachs to create secrets
oc secrets new pull ${HOME}/.docker/config.json
or
oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json
Thanks
Move to bug to verified.
|
Description of problem: After adding pullsecret or sourcesecret, still can't pull a private docker image as source image. Version-Release number of selected component (if applicable): devenv-rhel7_3250 oc v1.1.1-182-ga57296f kubernetes v1.1.0-origin-1107-g4c8e6f4 How reproducible: always Steps to Reproduce: 1.Prepare a private docker image, and make sure no this image in node or master. 2.Create a secret $docker login // to generate $HOME/.docker/config.json $oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json $oc secrets add serviceaccount/builder secrets/pull 3.Edit template json to use this secret. $wget https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/build/ruby22rhel7-template-sti.json "source": { "type": "Git", "git": { "uri": "https://github.com/openshift/ruby-hello-world.git" }, "images": [ { "from": { "kind": "DockerImage", "name": "docker.io/xiuwang/jenkins-1-centos7:latest" }, "pullSecret": { "name": "pull" }, "paths": [ { "sourcePath": "/opt/openshift", "destinationDir": "xiuwangs2i" } ] } ] }, 4.Create app using this template 5.Check builds 6.Add this secret as sourcesecret, trigger new build, check builds Actual results: 5.$oc build-logs ruby22-sample-build-1 Command "build-logs" is deprecated, use "oc logs build/<build-name>" instead. F0127 09:25:08.413053 1 builder.go:185] Error: build error: error pulling image docker.io/xiuwang/jenkins-1-centos7:latest: Error: image xiuwang/jenkins-1-centos7:latest not found 6.same with step 5. Expected results: Could pull source image using secret. Additional info: After pull private image to instance manually, trigger new build,the build could complete.And the files could be copied to destination dir. The build-logs error behaves as not login when pull private image manaully.