Bug 1473810
| Summary: | Cannot authenticate against registry.connect.redhat.com | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Aaron Weitekamp <aweiteka> |
| Component: | openshift-controller-manager | Assignee: | Michal Fojtik <mfojtik> |
| Status: | CLOSED DUPLICATE | QA Contact: | zhou ying <yinzhou> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.6.0 | CC: | aos-bugs, bcook, peasters, pweil, tohughes, tpfromme |
| Target Milestone: | --- | ||
| Target Release: | 3.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-07-28 14:23:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Aaron Weitekamp
2017-07-21 17:47:04 UTC
Workaround to land image on a node: create a secret using a .docker/config.json file.
$ cat /root/.docker/config.json
{
"auths": {
"registry.connect.redhat.com": {
"auth": "YXdlaXRla2FA...b3JlZGhhdA=="
}
}
}
$ oc secret new rhconnectauths .dockerconfigjson=/root/.docker/config.json
$ oc secrets link default rhconnectauths --for=pull
$ oc run haproxy --image registry.connect.redhat.com/haproxytech/haproxy
It appears there's something with the
import-image still does not work with this config.
It looks like this is related to a GitHub issue on OpenShift Origin as well: https://github.com/openshift/origin/issues/9584 (there's a PR linked to it as well) Because authentication is handled at sso.redhat.com, OpeShift isn't matching the registry.connect.redhat.com secre The simplest workaround appears to be creating 2 image pull secrets: one for registry.connect.redhat.com and another for sso.redhat.com $ oc secret new-dockercfg --docker-server=registry.connect.redhat.com --docker-username=peasters --docker-password=SSO_PASSWORD --docker-email=whatev connect secret/connect $ oc secret new-dockercfg --docker-server=sso.redhat.com --docker-username=peasters --docker-password=SSO_PASSWORD --docker-email=whatev connect-sso secret/connect-sso $ oc import-image crunchy --from registry.connect.redhat.com/crunchydata/crunchy-postgres --confirm The import completed successfully. Name: crunchy Namespace: myproject Created: Less than a second ago Labels: <none> Annotations: openshift.io/image.dockerRepositoryCheck=2017-07-28T12:50:46Z Docker Pull Spec: 172.30.1.1:5000/myproject/crunchy Unique Images: 1 Tags: 1 latest tagged from registry.connect.redhat.com/crunchydata/crunchy-postgres * registry.connect.redhat.com/crunchydata/crunchy-postgres@sha256:21d826baa73fc09bda9e86f617e1c6d18ddf201db8468ccb13934f59f83aead5 Less than a second ago *** This bug has been marked as a duplicate of bug 1462606 *** |