Open eriknelson opened 6 years ago
@jonnyfiveiq @tcunning closed #236 in favor of opening an issue specifically tracking this.
@eriknelson When I tried looking at the docker logs I see the following error message
time="2018-03-09T19:43:22.900485289Z" level=error msg="OpenShift access denied: User \"system:anonymous\" cannot update imagestreams/layers.image.openshift.io in project \"openshift\"" go.version=go1.9.2 http.request.host="172.30.1.1:5000" http.request.id=e9ecc76a-97fd-49f2-85df-c84f3caf38d4 http.request.method=POST http.request.remoteaddr="192.168.65.2:43878" http.request.uri=/v2/openshift/mytest-apb/blobs/uploads/ http.request.useragent="docker/17.06.0-ce go/go1.8.3 git-commit/02c1d87 kernel/4.9.36-moby os/linux arch/amd64 UpstreamClient(docker-sdk-python/2.7.0)" instance.id=9d8ce13f-2322-47c5-b290-94b0a265f1f3 openshift.auth.user=anonymous vars.name=openshift/mytest-apb
time="2018-03-09T19:43:22.90054332Z" level=error msg="error authorizing context: access denied" go.version=go1.9.2 http.request.host="172.30.1.1:5000" http.request.id=e9ecc76a-97fd-49f2-85df-c84f3caf38d4 http.request.method=POST http.request.remoteaddr="192.168.65.2:43878" http.request.uri=/v2/openshift/mytest-apb/blobs/uploads/ http.request.useragent="docker/17.06.0-ce go/go1.8.3 git-commit/02c1d87 kernel/4.9.36-moby os/linux arch/amd64 UpstreamClient(docker-sdk-python/2.7.0)" instance.id=9d8ce13f-2322-47c5-b290-94b0a265f1f3 vars.name=openshift/mytest-apb
192.168.65.2 - - [09/Mar/2018:19:43:22 +0000] "POST /v2/openshift/mytest-apb/blobs/uploads/ HTTP/1.1" 401 242 "" "docker/17.06.0-ce go/go1.8.3 git-commit/02c1d87 kernel/4.9.36-moby os/linux arch/amd64 UpstreamClient(docker-sdk-python/2.7.0)"
@mkanoor Do you mind printing the version of the APB tool you are using? Also, it appears you are logged in as "system:anonymous", can you ensure that oc whoami -t
returns a token and that the logged in user has access to the images?
To test this you can do: oc get images
. If that succeeds then I wouldn't expect to see this error.
This might be a dupe because I think I made this issue previously but...
The docker client's push does not throw an Exception on a failed push. I am not sure if there is a better way to detect an error case, but you can open a pipe and read docker's output, parsing for an error. This is not ideal at all, so we should:
This is the specific call in question: https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/src/apb/engine.py#L968