Bug 1302255 - [devexp_public_430]Can't pull source image using pullsecret or sourcesecret
[devexp_public_430]Can't pull source image using pullsecret or sourcesecret
Status: CLOSED CURRENTRELEASE
Product: OpenShift Origin
Classification: Red Hat
Component: Build (Show other bugs)
3.x
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Ben Parees
Wenjing Zheng
:
Depends On:
Blocks: 1296135
  Show dependency treegraph
 
Reported: 2016-01-27 05:12 EST by XiuJuan Wang
Modified: 2016-05-12 13:14 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-12 13:14:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
xiuwang: needinfo-


Attachments (Terms of Use)

  None (edit)
Description XiuJuan Wang 2016-01-27 05:12:44 EST
Description of problem:
After adding pullsecret or sourcesecret, still can't pull a private docker image as source image.

Version-Release number of selected component (if applicable):
devenv-rhel7_3250
oc v1.1.1-182-ga57296f
kubernetes v1.1.0-origin-1107-g4c8e6f4

How reproducible:
always

Steps to Reproduce:
1.Prepare a private docker image, and make sure no this image in node or master.
2.Create a secret
$docker login  // to generate $HOME/.docker/config.json
$oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json
$oc secrets add serviceaccount/builder secrets/pull
3.Edit template json to use this secret.
$wget https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/build/ruby22rhel7-template-sti.json

        "source": {
          "type": "Git",
          "git": {
            "uri": "https://github.com/openshift/ruby-hello-world.git"
          },
          "images": [
          {
          "from": {
          "kind": "DockerImage",
          "name": "docker.io/xiuwang/jenkins-1-centos7:latest"
          },
          "pullSecret": { "name": "pull" },
          "paths": [
          {
          "sourcePath": "/opt/openshift",
          "destinationDir": "xiuwangs2i"
          }
          ]
          }
          ]
        },

4.Create app using this template
5.Check builds
6.Add this secret as sourcesecret, trigger new build, check builds

Actual results:
5.$oc  build-logs ruby22-sample-build-1
Command "build-logs" is deprecated, use "oc logs build/<build-name>" instead.
F0127 09:25:08.413053       1 builder.go:185] Error: build error: error pulling image docker.io/xiuwang/jenkins-1-centos7:latest: Error: image xiuwang/jenkins-1-centos7:latest not found
6.same with step 5.

Expected results:
Could pull source image using secret.

Additional info:
After pull private image to instance manually, trigger new build,the build could complete.And the files could be copied to destination dir.

The build-logs error behaves as not login when pull private image manaully.
Comment 1 Ben Parees 2016-01-27 09:54:38 EST
You indicate you ran: 
oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json

to create the secret.

I think you need to run:
oc secrets new pull .dockercfg=${HOME}/.docker/config.json

The key within the secret needs to be named ".dockercfg" and not ".dockerconfigjson".


Can you please try that and report back?
Comment 2 XiuJuan Wang 2016-01-27 22:05:12 EST
@Ben 
After add secret as 'oc secrets new pull .dockercfg=${HOME}/.docker/config.json',still can't pull private source image.
 
$oc get secret pull -o yaml 
apiVersion: v1
data:
  .dockercfg: ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImVHbDFkMkZ1WnpweVp.....


$oc build-logs ruby22-sample-build-1
Command "build-logs" is deprecated, use "oc logs build/<build-name>" instead.
F0128 03:00:14.449107       1 builder.go:185] Error: build error: error pulling image docker.io/xiuwang/jenkins-1-centos7:latest: Error: image xiuwang/jenkins-1-centos7:latest not found
Comment 3 Ben Parees 2016-01-28 15:22:30 EST
Turns out our pull secret logic only supported the ".dockercfg" file format and not the newer config.json format.  fixing here:
https://github.com/openshift/origin/pull/6887

Even with this fix, you will still need to specify the key as ".dockercfg" per my comment.
Comment 4 XiuJuan Wang 2016-02-03 01:54:16 EST
Ben
I still can't pull private sourceimage in devenv-rhel7_3315, the fixed code has merged.Any wrong with my steps?

$oc secrets new pull .dockercfg=${HOME}/.docker/config.json
$oc secrets add serviceaccount/builder secrets/pull
$oc  get  secrets pull -o yaml 
apiVersion: v1
data:
  .dockercfg: ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImVHbDFkMkZ1WnpweVpXUm9ZWFJrYjJOclpYST0iLAoJCQkiZW1haWwiOiAieGl1d2FuZ0ByZWRoYXQuY29tIgoJCX0KCX0KfQ==
kind: Secret

#oc  get bc
  source:
    git:
      uri: https://github.com/openshift/ruby-hello-world.git
    images:
    - from:
        kind: DockerImage
        name: docker.io/xiuwang/jenkins-1-centos7:latest
      paths:
      - destinationDir: xiuwangs2i
        sourcePath: /opt/openshift
      pullSecret:
        name: pull
    secrets: null
    type: Git

# oc build-logs ruby22-sample-build-1
Command "build-logs" is deprecated, use "oc logs build/<build-name>" instead.
I0203 06:45:44.601698       1 docker.go:286] Image "registry.access.redhat.com/rhscl/ruby-22-rhel7:latest" not available locally, pulling ...
F0203 06:46:00.532611       1 builder.go:194] Error: build error: error pulling image docker.io/xiuwang/jenkins-1-centos7:latest: Error: image xiuwang/jenkins-1-centos7:latest not found
Comment 5 Ben Parees 2016-02-03 15:53:26 EST
Yes there's something wrong w/ your secret creation step

this:
oc secrets new pull .dockercfg=${HOME}/.docker/config.json

should be:
oc secrets new pull ${HOME}/.docker/config.json

or
oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json


When you use ".dockercfg" as the key, you must provide a ".dockercfg" file, not a ".docker/config.json" file.  They are formatted differently.
Comment 6 XiuJuan Wang 2016-02-03 21:46:18 EST
devenv-rhel7_3325
Could pull private sourceimage with this two apporachs to create secrets

oc secrets new pull ${HOME}/.docker/config.json
or
oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json

Thanks
Move to bug to verified.

Note You need to log in before you can comment on or make changes to this bug.