Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1385855 - Cannot pull-through insecure imagestream
Cannot pull-through insecure imagestream
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Image Registry (Show other bugs)
3.3.0
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Alexey Gladkov
ge liu
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-17 15:47 EDT by Aaron Weitekamp
Modified: 2017-03-08 13 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Importing an Docker image from a remote registry that is insecure, the "pull-through" capability is now working properly.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-01-18 07:43:10 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
cmds and logs (62.56 KB, text/plain)
2016-10-17 15:47 EDT, Aaron Weitekamp 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0066 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.4 RPM Release Advisory 2017-01-18 12:23:26 EST

  None (edit)
Description Aaron Weitekamp 2016-10-17 15:47:10 EDT 
Created attachment 1211521 [details]
cmds and logs

Description of problem:
Importing an image from a remote registry that is insecure, the "pull-through" capability does not work. With an argument "--insecure=true", the import command is misleading.

Version-Release number of selected component (if applicable):
v3.3.0

How reproducible:
always

Steps to Reproduce:
1. oc import-image MYIMG --from REMOTE_IMAGE --insecure
2. docker pull MYIMG

Actual results:
Docker reports "Retrying..." layer download

Expected results:
Download image from REMOTE_IMAGE registry.

Additional info:
See commands and log output attached
Comment 1 Tom McKay 2016-10-20 08:59:52 EDT 
Accessing insecure registries is very common and the default for atomic registry is pull-through; this impacts Satellite-6 integration. If this bz could be raised in priority, that would be appreciated.
Comment 3 Alexey Gladkov 2016-11-01 09:52:21 EDT 
Right now allowed to deal only with secure servers (HTTPS only). I think we can  make it configurable.

https://github.com/openshift/origin/pull/11690
Comment 5 Alexey Gladkov 2016-11-09 07:08:33 EST 
PR landed. Now "docker pull" will work if you use --insecure flag.
Comment 6 ge liu 2016-11-10 01:49:07 EST 
Verified on ose 3.4 env:

[root@openshift-127 master]# openshift version
openshift v3.4.0.23+24b1a58
kubernetes v1.4.0+776c994
etcd 3.1.0-rc.0
[root@openshift-127 master]# 


[root@dhcp-137-141 /]# oc import-image myis --from=docker.io/openshift/mysql-55-centos7 --insecure=true --confirm
The import completed successfully.

Name:			myis
Created:		1 seconds ago
Labels:			<none>
Annotations:		openshift.io/image.dockerRepositoryCheck=2016-11-10T06:45:32Z
Docker Pull Spec:	172.30.151.249:5000/lgproj/myis

Tag	Spec					Created		PullSpec							Image
latest	docker.io/openshift/mysql-55-centos7 !	1 seconds ago	docker.io/openshift/mysql-55-centos7@sha256:2db2122537676f...	<same>

  ! tag is insecure and can be imported over HTTP or self-signed HTTPS

[root@dhcp-137-141 /]# docker pull docker.io/openshift/mysql-55-centos7
Using default tag: latest
Trying to pull repository docker.io/openshift/mysql-55-centos7 ... 
latest: Pulling from docker.io/openshift/mysql-55-centos7
8d30e94188e7: Already exists 
7d8ba3c583ed: Pull complete 
74b7e339f70d: Pull complete 
d3c3f6da0310: Pull complete 
7c51c206a5fd: Pull complete 
Digest: sha256:2db2122537676f12d2d6d7d4a0659a6ed8bd2c91019fbf9e3adcae918186c421
Status: Downloaded newer image for docker.io/openshift/mysql-55-centos7:latest
[root@dhcp-137-141 /]#
Comment 8 errata-xmlrpc 2017-01-18 07:43:10 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0066
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.