Created attachment 1211521 [details] cmds and logs Description of problem: Importing an image from a remote registry that is insecure, the "pull-through" capability does not work. With an argument "--insecure=true", the import command is misleading. Version-Release number of selected component (if applicable): v3.3.0 How reproducible: always Steps to Reproduce: 1. oc import-image MYIMG --from REMOTE_IMAGE --insecure 2. docker pull MYIMG Actual results: Docker reports "Retrying..." layer download Expected results: Download image from REMOTE_IMAGE registry. Additional info: See commands and log output attached
Accessing insecure registries is very common and the default for atomic registry is pull-through; this impacts Satellite-6 integration. If this bz could be raised in priority, that would be appreciated.
Right now allowed to deal only with secure servers (HTTPS only). I think we can make it configurable. https://github.com/openshift/origin/pull/11690
PR landed. Now "docker pull" will work if you use --insecure flag.
Verified on ose 3.4 env: [root@openshift-127 master]# openshift version openshift v3.4.0.23+24b1a58 kubernetes v1.4.0+776c994 etcd 3.1.0-rc.0 [root@openshift-127 master]# [root@dhcp-137-141 /]# oc import-image myis --from=docker.io/openshift/mysql-55-centos7 --insecure=true --confirm The import completed successfully. Name: myis Created: 1 seconds ago Labels: <none> Annotations: openshift.io/image.dockerRepositoryCheck=2016-11-10T06:45:32Z Docker Pull Spec: 172.30.151.249:5000/lgproj/myis Tag Spec Created PullSpec Image latest docker.io/openshift/mysql-55-centos7 ! 1 seconds ago docker.io/openshift/mysql-55-centos7@sha256:2db2122537676f... <same> ! tag is insecure and can be imported over HTTP or self-signed HTTPS [root@dhcp-137-141 /]# docker pull docker.io/openshift/mysql-55-centos7 Using default tag: latest Trying to pull repository docker.io/openshift/mysql-55-centos7 ... latest: Pulling from docker.io/openshift/mysql-55-centos7 8d30e94188e7: Already exists 7d8ba3c583ed: Pull complete 74b7e339f70d: Pull complete d3c3f6da0310: Pull complete 7c51c206a5fd: Pull complete Digest: sha256:2db2122537676f12d2d6d7d4a0659a6ed8bd2c91019fbf9e3adcae918186c421 Status: Downloaded newer image for docker.io/openshift/mysql-55-centos7:latest [root@dhcp-137-141 /]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0066