FYI # curl https://jiazha:redhat@sso.redhat.com/auth/realms/rhc4tp/protocol/docker-v2/auth\?service\=docker-registry -X GET -I HTTP/1.1 500 Internal Server Error Cache-Control: no-store, must-revalidate, max-age=0 X-Powered-By: Undertow/1 Server: JBoss-EAP/7 X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-src 'self' X-Content-Type-Options: nosniff Content-Type: text/html;charset=utf-8 Content-Length: 1997 Date: Mon, 18 Dec 2017 09:55:12 GMT Connection: keep-alive Set-Cookie: KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNWU4MmIyZmQtYzUwMC00MWExLTk1ZGMtMTFlMTkxNTY1ZjVhIn0.eyJjcyI6ImVlZjRlMWMwLTQ1YmEtNGJiMC05ZWRkLTYxZWNmZGRkMTU3ZiIsImNpZCI6ImRvY2tlci1yZWdpc3RyeSIsInB0eSI6ImRvY2tlci12MiIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNlcnZpY2UiOiJkb2NrZXItcmVnaXN0cnkiLCJzY29wZSI6bnVsbCwiZG9ja2VyLmlzcyI6Imh0dHBzOi8vc3NvLnJlZGhhdC5jb20vYXV0aC9yZWFsbXMvcmhjNHRwIiwiYWNjb3VudCI6bnVsbH19.n92AfvfIcfnZrROMiFCFlmsi8eEdI8cvRdhabLZ0WBo; Version=1; Path=/auth/realms/rhc4tp; HttpOnly Set-Cookie: BIGipServer~prod~keycloak-webssl-https=610731274.64288.0000; path=/; Httponly; Secure Set-Cookie: sso_origin_dc=origin-sso-phx2.redhat.com; path=/; domain=sso.redhat.com; secure; HttpOnly Set-Cookie: sso_origin_dc=novalue; expires=Thu, 21-Dec-1990 11:59:00 GMT; path=/; domain=sso.redhat.com; secure; HttpOnly And no idea if the authURL still available.
Jian, I see one problem with your registry config. You are using the URL registry.connect.redhat.com (which is correct in this instance when using the openshift registry adapter. However, the image `openshift3/postgresql-apb` does not exist on this registry. That image exists in RHCC at registry.access.redhat.com. To use that image you would use the `rhcc` registry adapter. Weiwei, I will investigate if the authUrl has changed. First step should be to change the image to one that exists in the ISV registry. I would use `rocketchat/rocketchat-apb`. (https://access.redhat.com/containers/?tab=overview#/registry.connect.redhat.com/rocketchat/rocketchat-apb)
Zhang & Jian, I apologize I didn't respond sooner this was lost in the shutdown. The host is no longer active and I am still unable to reproduce this on my local machine using your credentials. Is it possible that you are dealing with a proxy that cannot talk to registry.connect.redhat.com? I'm happy to look at another host if you can reproduce. Thanks.
Jian, Thank you for setting up another host. I have confirmed that this issue is present in the ansible-service-broker image on the aws registry which you are using. I tested on your host with our latest upstream image and saw success using your credentials. I cannot track down what specific change to the adapter your image is built on but I can confirm it is fixed in the latest builds upstream so I will ensure this fix is in RHCC. I will move the bug to ON_QA when it is built and ready to be tested again.
Jian, Thank you for the clarification! You are right this problem does exist in the 3.7 image. I have figured out what it is causing this. We have a bug if the user does not set `auth_type` in the broker config. To workaround this, in the registry config you can set `auth_type` to `config`. This will then use your proper credentials. I am also going to post a PR to set the user/pass if auth_type isn't set.
Previous PR link was invalid: https://github.com/openshift/ansible-service-broker/pull/635 This will not be fixed in 3.7.x I will be filing a docs bug to ensure the user is setting auth_type in the registry config.
https://bugzilla.redhat.com/show_bug.cgi?id=1535026 Associated documentation bug.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489