Bug 1309195
Summary: | Cannot import image tag to imagestream | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Wenjing Zheng <wzheng> |
Component: | Image Registry | Assignee: | Maciej Szulik <maszulik> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Wang Haoran <haowang> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 3.2.0 | CC: | aos-bugs, bleanhar, haowang, maszulik, sdodson, sgraf, tdawson, twaugh, wsun, xtian |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause:
When pinging the remote registry through https first we returned wrong error message to the caller.
Consequence:
When importing images from certain registries the import would fail due to not falling back properly to http.
Fix:
The image importer code currently returns appropriate code when it fails pinging remote registry.
Result:
When importing images the fallback path to http works as expected.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-22 22:37:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Comment 7
Maciej Szulik
2016-02-19 17:45:36 UTC
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/18f055cbd4771cdbfa332bb13a8803c01d36d5c7 Bug 1309195 - Return ErrNotV2Registry when falling back to http backend Here are the steps needed to work with the repository Brenton mentioned. Since this is secured repository with authentication we need to mark the registry as insecure (this will bypass checking certificate) and provide secrets to satisfy the authentication. Here are the steps to do so: 1. create the secret: a) oc login following instructions at https://api.qe.openshift.com/oauth/token/request b) get token with oc whoami -t c) docker login -u username -e email -p token registry.qe.openshift.com (in my case both username and email where my rh email, if in doubt check oc whoam i) d) oc secrets new mysecret .dockerconfigjson=$HOME/.docker/config.json 2. create the image stream: apiVersion: v1 kind: ImageStream metadata: name: myis annotations: openshift.io/image.insecureRepository: "true" spec: dockerImageRepository: registry.qe.openshift.com/openshift3/php-55-rhel7 This should do the trick of importing images. Maciej, Is there no way to specify a CA file today? It seems like we should create a card for that if that's the case. Brenton, I'm not sure this is the right way to go. I'd rather admins deal with repos with self-signed certs at the operating system level by importing appropriate company-wide CA used for issuing those certs. Importing metadata will only allow seeing the image, for docker push/pull operation the CA needs to be on a node still. Based on previous comment and the fact that I was able to access all the repos mentioned in this issue I'm moving this to QA. |