osc get pod POD IP CONTAINER(S) IMAGE(S) HOST LABELS STATUS CREATED MESSAGE helloworld-3-1kcux ose3-node2.example.com/192.168.133.4 application=hell oworld,deployment=helloworld-3,deploymentConfig=helloworld,deploymentconfig=helloworld Pending About a minute helloworld 172.30.118.110:5000/eap/helloworld@sha256:b14a0003ef8ef111490838b8fdf76d5b8ec16d12b33313e9aecff0e2b8394f66 Waiting Image: 172.30.118.110:5000/eap/helloworld@sha256:b14a0003ef8ef111490838b8fdf76d5b8ec16d12b33 313e9aecff0e2b8394f66 is not ready on the node from Node2: Jun 08 23:21:32 ose3-node2.example.com docker[3931]: time="2015-06-08T23:21:32-04:00" level=info msg="GET /images/172.30.118.110:5000/eap/helloworld@sha256:b14a0003ef8ef111490838b8fdf76d5b8ec16d12b33313e9aecff0e 2b8394f66/json" Jun 08 23:21:32 ose3-node2.example.com docker[3931]: time="2015-06-08T23:21:32-04:00" level=info msg="+job image_inspect(172.30.118.110:5000/eap/helloworld@sha256:b14a0003ef8ef111490838b8fdf76d5b8ec16d12b33313e9 aecff0e2b8394f66)" Jun 08 23:21:32 ose3-node2.example.com docker[3931]: No such image: 172.30.118.110:5000/eap/helloworld@sha256:b14a0003ef8ef111490838b8fdf76d5b8ec16d12b33313e9aecff0e2b8394f66 Jun 08 23:21:32 ose3-node2.example.com docker[3931]: time="2015-06-08T23:21:32-04:00" level=info msg="-job image_inspect(172.30.118.110:5000/eap/helloworld@sha256:b14a0003ef8ef111490838b8fdf76d5b8ec16d12b33313e9 aecff0e2b8394f66) = ERR (1)" Jun 08 23:21:32 ose3-node2.example.com docker[3931]: time="2015-06-08T23:21:32-04:00" level=error msg="Handler for GET /images/{name:.*}/json returned error: No such image: 172.30.118.110:5000/eap/helloworld@sha 256:b14a0003ef8ef111490838b8fdf76d5b8ec16d12b33313e9aecff0e2b8394f66" Jun 08 23:21:32 ose3-node2.example.com docker[3931]: time="2015-06-08T23:21:32-04:00" level=error msg="HTTP Error: statusCode=404 No such image: 172.30.118.110:5000/eap/helloworld@sha256:b14a0003ef8ef111490838b8 fdf76d5b8ec16d12b33313e9aecff0e2b8394f66" On master: [root@ose3-master beta4]# osc get image | grep b14a0003ef8ef111490838b8 sha256:b14a0003ef8ef111490838b8fdf76d5b8ec16d12b33313e9aecff0e2b8394f66 172.30.118.110:5000/eap/helloworld@sha256:b14a0003ef8ef111490838b8fdf76d5b8ec16d12b33313e9aecff0e2b8394f66 Sooooo.... I'm not sure what's going on here...
Did you create the secret for the jbosseap pod? it can work well when related secret is available, you could try to create the secret with below file: https://github.com/jboss-openshift/application-templates/blob/master/eap/eap-app-secret.json Hope this help you.
Can you provide full recreate steps here? there's a lot of potential ways to do things with secrets, service accounts, etc. we'll also likely need Jordan, so CCing him in.
Andy, what does the docker registry return when access is denied, 404 or 403?
NOTE: the 404 in the Docker log from the bug description is the Daemon telling the client (OpenShift) that it can't find the image locally (essentially the client is doing a 'docker inspect'). This 404 is not from the registry. However... The registry returns a 401. The Docker daemon sees it and attempts to fall back to the v1 protocol against the registry. The registry doesn't support the v1 protocol, so when the it receives the v1 request from the daemon, it's for a route it doesn't support, so it returns a 404. What the client sees: $ docker pull 172.30.121.230:5000/andy/bob Pulling repository 172.30.121.230:5000/andy/bob FATA[0000] Error: image andy/bob:latest not found What Docker logs (this is from a Docker 1.7 dev version but the concept remains the same for 1.6): DEBU[0043] Calling POST /images/create INFO[0043] POST /v1.18/images/create?fromImage=172.30.121.230%3A5000%2Fandy%2Fbob%3Alatest DEBU[0043] pulling image from host "172.30.121.230:5000" with remote name "andy/bob" DEBU[0043] pinging registry endpoint https://172.30.121.230:5000/v0/ DEBU[0043] attempting v2 ping for registry endpoint https://172.30.121.230:5000/v2/ DEBU[0043] attempting v1 ping for registry endpoint https://172.30.121.230:5000/v1/ DEBU[0043] Error from registry "https://172.30.121.230:5000/v0/" marked as insecure: unable to ping registry endpoint https://172.30.121.230:5000/v0/ v2 ping attempt failed with error: Get https://172.30.121.230:5000/v2/: tls: oversized record received with length 20527 v1 ping attempt failed with error: Get https://172.30.121.230:5000/v1/_ping: tls: oversized record received with length 20527. Insecurely falling back to HTTP DEBU[0043] attempting v2 ping for registry endpoint http://172.30.121.230:5000/v2/ DEBU[0043] pulling v2 repository with local name "172.30.121.230:5000/andy/bob" DEBU[0043] pinging registry endpoint https://172.30.121.230:5000/v0/ DEBU[0043] attempting v2 ping for registry endpoint https://172.30.121.230:5000/v2/ DEBU[0043] attempting v1 ping for registry endpoint https://172.30.121.230:5000/v1/ DEBU[0043] Error from registry "https://172.30.121.230:5000/v0/" marked as insecure: unable to ping registry endpoint https://172.30.121.230:5000/v0/ v2 ping attempt failed with error: Get https://172.30.121.230:5000/v2/: tls: oversized record received with length 20527 v1 ping attempt failed with error: Get https://172.30.121.230:5000/v1/_ping: tls: oversized record received with length 20527. Insecurely falling back to HTTP DEBU[0043] attempting v2 ping for registry endpoint http://172.30.121.230:5000/v2/ DEBU[0043] Getting authorization for andy/bob [pull] DEBU[0043] Pulling tag from V2 registry: "latest" DEBU[0043] [registry] Calling "GET" http://172.30.121.230:5000/v2/andy/bob/manifests/latest ERRO[0043] Error from V2 registry: Authentication is required. DEBU[0043] image does not exist on v2 registry, falling back to v1 DEBU[0043] pulling v1 repository with local name "172.30.121.230:5000/andy/bob" DEBU[0043] [registry] Calling GET http://172.30.121.230:5000/v1/repositories/andy/bob/images It's this last line, "GET http://172.30.121.230:5000/v1/repositories/andy/bob/images", where the registry returns a 404 and Docker returns this to the client "Error: image andy/bob:latest not found".
Didn't mean to clear the needinfo from Erik :-)
1. install beta4 2. create a project for joe: osc new-project eap6 3. import the sti template: osc create -f eap6-basic-sti.json Here's the template: https://github.com/openshift/training/blob/master/beta4/eap6-basic-sti.json 4. create an instance of the template with the following values: EAP_RELEASE 6.4 APPLICATION_NAME helloworld APPLICATION_HOSTNAME helloworld.cloudapps.example.com GIT_URI https://github.com/jboss-developer/jboss-eap-quickstarts/ GIT_REF 6.4.x GIT_CONTEXT_DIR helloworld GITHUB_TRIGGER_SECRET (empty) (generated) GENERIC_TRIGGER_SECRET (empty) (generated) EAP_HTTPS_SECRET eap-app-secret EAP_HTTPS_KEYSTORE keystore.jks EAP_HTTPS_NAME (blank) EAP_HTTPS_PASSWORD (blank) 5. add image streams to eap6 project 6. hit start build button 7. wait for build to complete (watch build log) 8. pod shows "not ready" error: [joe@ose3-master beta4]$ osc get pod POD IP CONTAINER(S) IMAGE(S) HOST LABELS STATUS CREATED MESSAGE helloworld-1-ui2gy ose3-node1.example.com/192.168.133.3 application=helloworld,deployment=helloworld-1,deploymentConfig=helloworld,deploymentconfig=helloworld Pending About a minute helloworld 172.30.116.38:5000/eap6/helloworld@sha256:d884739e890e1b74718406baf014de1e0d8bb837e4f34d4c8c9d6b51aa6eac99 Waiting Image: 172.30.116.38:5000/eap6/helloworld@sha256:d884739e890e1b74718406baf014de1e0d8bb837e4f34d4c8c9d6b51aa6eac99 is not ready on the node helloworld-6-build ose3-master.example.com/192.168.133.2 application=helloworld,build=helloworld-6,buildconfig=helloworld,template=eap6-basic-sti Succeeded 15 minutes sti-build openshift3_beta/ose-sti-builder:v0.5.2.2 Terminated 15 minutes exit code 0 9. Docker shows 404 error: Jun 10 11:58:25 ose3-node1.example.com docker[3844]: time="2015-06-10T11:58:25-04:00" level=info msg="GET /images/172.30.116.38:5000/eap6/helloworld@sha256:d884739e890e1b74718406baf014de1e0d8bb837e4f34d4c8c9d6b5 1aa6eac99/json" Jun 10 11:58:25 ose3-node1.example.com docker[3844]: time="2015-06-10T11:58:25-04:00" level=info msg="+job image_inspect(172.30.116.38:5000/eap6/helloworld@sha256:d884739e890e1b74718406baf014de1e0d8bb837e4f34d4c 8c9d6b51aa6eac99)" Jun 10 11:58:25 ose3-node1.example.com docker[3844]: No such image: 172.30.116.38:5000/eap6/helloworld@sha256:d884739e890e1b74718406baf014de1e0d8bb837e4f34d4c8c9d6b51aa6eac99 Jun 10 11:58:25 ose3-node1.example.com docker[3844]: time="2015-06-10T11:58:25-04:00" level=info msg="-job image_inspect(172.30.116.38:5000/eap6/helloworld@sha256:d884739e890e1b74718406baf014de1e0d8bb837e4f34d4c 8c9d6b51aa6eac99) = ERR (1)" Jun 10 11:58:25 ose3-node1.example.com docker[3844]: time="2015-06-10T11:58:25-04:00" level=error msg="Handler for GET /images/{name:.*}/json returned error: No such image: 172.30.116.38:5000/eap6/helloworld@sha 256:d884739e890e1b74718406baf014de1e0d8bb837e4f34d4c8c9d6b51aa6eac99" Jun 10 11:58:25 ose3-node1.example.com docker[3844]: time="2015-06-10T11:58:25-04:00" level=error msg="HTTP Error: statusCode=404 No such image: 172.30.116.38:5000/eap6/helloworld@sha256:d884739e890e1b74718406ba f014de1e0d8bb837e4f34d4c8c9d6b51aa6eac99" Previous output is similar -- the image exists in the internal docker registry, etc.
Created attachment 1037351 [details] eap app build log
Erik, can you find the docker logs with entries similar to 'pulling image from host "172.30.121.230:5000" with remote name "andy/bob"' and whatever comes below that? What you've pasted is the 'docker inspect' log data. Can you also include the logs from the registry pod/container?
Worked with Erik on irc. The deployment config referenced a secret that hadn't been created yet. As soon as the secret was added, the deployment proceeded. Erik, if there are still issues, please reopen.