Bug 1292963
| Summary: | [RFE] You can't import images from authenticated repos today without pushing them into OpenShift. | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Ryan Howe <rhowe> |
| Component: | Image Registry | Assignee: | Michal Minar <miminar> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Wei Sun <wsun> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.1.0 | CC: | aos-bugs, bparees, ccoleman, haowang, jokerman, miminar, mmccomas, pep, pweil, rhowe, tdawson, wjiang, xtian, yinzhou |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1278974 | Environment: | |
| Last Closed: | 2016-09-07 21:02:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1267746, 1278974, 1289343, 1292962 | ||
|
Comment 3
Ben Parees
2016-01-08 03:26:51 UTC
If I'm not mistaken, this has been fixed by https://github.com/openshift/origin/pull/6288. Clayton, can you please confirm? Fixed by PRs #6288 #6800. Checked with devenv-rhel7_3467, private image on secure v2 registry work well now. Since we are not allowing insecure TLS connections due to https://bugzilla.redhat.com/show_bug.cgi?id=1302549#c3 , and also v1 registry due to https://bugzilla.redhat.com/show_bug.cgi?id=1308818#c1. So just have a check on secure TLS v2 registry, dockerhub. # oc secrets new-dockercfg hub --docker-username=wjiang --docker-password=xxxxxx --docker-email=wjiang # oc secrets add serviceaccount/default secrets/hub --for=pull # oc new-app wjiang/node:latest # oc get pod -n wjiang NAME READY STATUS RESTARTS AGE node-1-s9qaa 1/1 Running 0 3m https://bugzilla.redhat.com/show_bug.cgi?id=1310052 block this on OSE. Will have a check in OSE after the bug has been fixed. On OSE env :
openshift v3.1.1.905
kubernetes v1.2.0-alpha.7-703-gbc4550d
etcd 2.2.5
The issue still exist:
[root@zhouy roottest]# oc describe serviceaccount
Name: builder
Namespace: zhouy
Labels: <none>
Mountable secrets: builder-token-offls
builder-dockercfg-wy2eu
hubyinzhou1
Tokens: builder-token-fitue
builder-token-offls
Image pull secrets: builder-dockercfg-wy2eu
Name: default
Namespace: zhouy
Labels: <none>
Image pull secrets: default-dockercfg-ktza7
hubyinzhou1
Mountable secrets: default-token-cda1p
default-dockercfg-ktza7
Tokens: default-token-269cp
default-token-cda1p
Name: deployer
Namespace: zhouy
Labels: <none>
Image pull secrets: deployer-dockercfg-8dyy7
Mountable secrets: deployer-token-6kad3
deployer-dockercfg-8dyy7
Tokens: deployer-token-6kad3
deployer-token-ehgp5
[root@zhouy roottest]# oc describe secret hubyinzhou1
Name: hubyinzhou1
Namespace: zhouy
Labels: <none>
Annotations: <none>
Type: kubernetes.io/dockercfg
Data
====
.dockercfg: {"https://auth.docker.io":{"username":"zhouying7780","password":"xxxxxx","email":"yinzhou","auth":"emhvdXlpbmc3NzgwOmFuZHlsdnU5OQ=="}}
[root@zhouy roottest]# oc new-app --loglevel=5 docker.io/zhouying7780/deployment-example:latest
I0225 02:25:01.629951 24451 newapp.go:430] Docker client did not respond to a ping: Get http://unix.sock/_ping: dial unix /var/run/docker.sock: no such file or directory
I0225 02:25:01.630199 24451 imagestreamlookup.go:29] image streams must be of the form [<namespace>/]<name>[:<tag>|@<digest>], term "docker.io/zhouying7780/deployment-example:latest" did not qualify
I0225 02:25:06.610114 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610135 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610142 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610148 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610154 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610160 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610166 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610172 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610178 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610184 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610190 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610196 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610202 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610207 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610213 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610219 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610225 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610231 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610237 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610243 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610249 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610255 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610261 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610267 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610273 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610279 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610285 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610291 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610297 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610303 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610309 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610812 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610838 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610864 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610872 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610885 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610892 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610898 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610904 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610911 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610917 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610923 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610929 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610935 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610941 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610947 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610953 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610959 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610966 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610972 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610978 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610985 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610991 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610997 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611002 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611008 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611015 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611021 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611087 24451 dockerimagelookup.go:72] checking remote registry for "docker.io/zhouying7780/deployment-example:latest"
I0225 02:25:08.836425 24451 dockerimagelookup.go:238] Adding Docker image "docker.io/zhouying7780/deployment-example:latest" (tag "latest"), dda30c8, from docker.io, 5.503mb, author Clayton Coleman <ccoleman> as component match for "docker.io/zhouying7780/deployment-example:latest" with score 0
I0225 02:25:08.836477 24451 dockerimagelookup.go:78] Found remote match docker.io/zhouying7780/deployment-example:latest
I0225 02:25:08.836518 24451 newapp.go:1010] Code []
I0225 02:25:08.836537 24451 newapp.go:1011] Components [docker.io/zhouying7780/deployment-example:latest]
I0225 02:25:08.836569 24451 newapp.go:653] found group: docker.io/zhouying7780/deployment-example:latest
I0225 02:25:08.836583 24451 newapp.go:673] will include "docker.io/zhouying7780/deployment-example:latest"
--> Found Docker image dda30c8 (11 days old) from docker.io for "docker.io/zhouying7780/deployment-example:latest"
* An image stream will be created as "deployment-example:latest" that will track this image
* This image will be deployed in deployment config "deployment-example"
* Port 8080/tcp will be load balanced by service "deployment-example"
* Other containers can access this service through the hostname "deployment-example"
* WARNING: Image "deployment-example" runs as the 'root' user which may not be permitted by your cluster administrator
--> Creating resources with label app=deployment-example ...
imagestream "deployment-example" created
deploymentconfig "deployment-example" created
service "deployment-example" created
--> Success
Run 'oc status' to view your app.
[root@zhouy roottest]# oc get pods
NAME READY STATUS RESTARTS AGE
deployment-example-1-deploy 1/1 Running 0 12h
deployment-example-1-xb5pj 0/1 ContainerCreating 0 12h
[root@zhouy roottest]# oc describe pod deployment-example-1-xb5pj
Name: deployment-example-1-xb5pj
Namespace: zhouy
Image(s): docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6
Node: openshift-149.lab.sjc.redhat.com/10.14.6.149
Start Time: Wed, 24 Feb 2016 13:27:11 -0500
Labels: app=deployment-example,deployment=deployment-example-1,deploymentconfig=deployment-example
Status: Pending
Reason:
Message:
IP: 10.2.1.9
Controllers: ReplicationController/deployment-example-1
Containers:
deployment-example:
Container ID:
Image: docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6
Image ID:
QoS Tier:
cpu: BestEffort
memory: BestEffort
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready False
Volumes:
default-token-cda1p:
Type: Secret (a secret that should populate this volume)
SecretName: default-token-cda1p
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
12h 12h 1 {default-scheduler } Normal Scheduled Successfully assigned deployment-example-1-xb5pj to openshift-149.lab.sjc.redhat.com
12h 12h 1 {kubelet openshift-149.lab.sjc.redhat.com} spec.containers{deployment-example} Normal BackOff Back-off pulling image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6"
12h 12h 1 {kubelet openshift-149.lab.sjc.redhat.com} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "deployment-example" with ImagePullBackOff: "Back-off pulling image \"docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6\""
12h 12h 2 {kubelet openshift-149.lab.sjc.redhat.com} spec.containers{deployment-example} Normal Pulling pulling image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6"
12h 12h 2 {kubelet openshift-149.lab.sjc.redhat.com} spec.containers{deployment-example} Warning Failed Failed to pull image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6": image pull failed for docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6, this may be because there are no credentials on this request. details: (unauthorized: access to the requested resource is not authorized)
12h 12h 2 {kubelet openshift-149.lab.sjc.redhat.com} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "deployment-example" with ErrImagePull: "image pull failed for docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6, this may be because there are no credentials on this request. details: (unauthorized: access to the requested resource is not authorized)"
See my comment [1] in related bz#1278974. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1278974#c16 Confirmed on latest puddle:
[root@openshift-107 ~]# openshift version
openshift v3.1.1.908
kubernetes v1.2.0-alpha.7-703-gbc4550d
etcd 2.2.5
The issue has fixed.
[root@zhouy ~]# oc get pods
NAME READY STATUS RESTARTS AGE
deployment-example-1-94qfs 1/1 Running 0 12h
[root@zhouy ~]# oc describe pod deployment-example-1-94qfs
Name: deployment-example-1-94qfs
Namespace: zhouy
Image(s): docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6
Node: openshift-106.lab.sjc.redhat.com/10.14.6.106
Start Time: Mon, 29 Feb 2016 21:59:39 -0500
Labels: app=deployment-example,deployment=deployment-example-1,deploymentconfig=deployment-example
Status: Running
Reason:
Message:
IP: 10.1.0.4
Controllers: ReplicationController/deployment-example-1
Containers:
deployment-example:
Container ID: docker://29610407d262421e5e80d314d32b92031ea2fc96f5f1b64b8af624e7e460a75f
Image: docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6
Image ID: docker://4081774424e9315432a46596c26ad3ccba86ceb14c71f2090784a9770194f230
QoS Tier:
cpu: BestEffort
memory: BestEffort
State: Running
Started: Mon, 29 Feb 2016 21:59:50 -0500
Ready: True
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready True
Volumes:
default-token-v96fk:
Type: Secret (a secret that should populate this volume)
SecretName: default-token-v96fk
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
12h 12h 1 {default-scheduler } Normal Scheduled Successfully assigned deployment-example-1-94qfs to openshift-106.lab.sjc.redhat.com
12h 12h 1 {kubelet openshift-106.lab.sjc.redhat.com} spec.containers{deployment-example} Normal Pulling pulling image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6"
12h 12h 1 {kubelet openshift-106.lab.sjc.redhat.com} spec.containers{deployment-example} Normal Pulled Successfully pulled image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6"
12h 12h 1 {kubelet openshift-106.lab.sjc.redhat.com} spec.containers{deployment-example} Normal Created Created container with docker id 29610407d262
12h 12h 1 {kubelet openshift-106.lab.sjc.redhat.com} spec.containers{deployment-example} Normal Started Started container with docker id 29610407d262
|