search

minishift / minishift-centos-iso

CentOS based ISO as an alternative for boot2docker ISO
GNU Lesser General Public License v3.0
40 stars 33 forks source link

OpenShift cannot pull images from registry.access.redhat.com #251

Closed agajdosi closed 6 years ago

agajdosi commented 6 years ago

There is missing certificate on Centos.iso, which blocks OpenShift to be able to pull images from registry.access.redhat.com:

Failed | Failed  to pull image  "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift@sha256:744915c2321f438c5af643600c487889e7169f238c96628a9c4f6efe36fbe09b":  rpc error: code = Unknown desc = open  /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such  file or directory

or

Cloning "https://github.com/jboss-developer/jboss-eap-quickstarts" ...
        Commit: d9281fa6c7ca7a498bdf95049c64bbbe41b989cf (Update POM versions for EAP 7.0.0.GA release)
        Author: Paul Gier <pgier@redhat.com>
        Date:   Thu May 19 13:36:55 2016 -0500
Pulling image "registry.access.redhat.com/jboss-eap-7/eap70-openshift@sha256:7a3acb825766a00fd865d9616bbd129fd747dd38b340704c835e47b9071de1d4" ...
pulling image error : open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
error: build error: unable to get registry.access.redhat.com/jboss-eap-7/eap70-openshift@sha256:7a3acb825766a00fd865d9616bbd129fd747dd38b340704c835e47b9071de1d4

This issue causes: https://github.com/minishift/minishift/issues/2450

gbraad commented 6 years ago

CentOS should not pull from registry.redhat.com I guess These certificates are available for the RHEL image

agajdosi commented 6 years ago

@gbraad By default docker pulls on CentOS go to docker hub. But developers can specify the full address of images in Dockerfiles or OpenShift application templates and thus download from registries which they choose. AFAIU Red Hat Container Catalog is valid source of robust container images and CentOS ISO should support it. (Boot2Docker ISO has no problem with image pulls from RHCC.)

hhellbusch commented 6 years ago

Running into this issue as well.

It looks like this was attempted to be fixed in https://github.com/minishift/minishift-centos-iso/pull/236

Current work around - copy contents of /etc/rhsm/ca/redhat-uep.pem from my host and create the file /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt

# on host machine
xclip -sel c < /etc/rhsm/ca/redhat-uep.pem
minishift ssh
sudo vi /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt
# paste clipboard contents
# save and quit, images will now pull OK on openshift

Running latest version - 

~/minishift-1.20.0-linux-amd64 9:21:18
$ ./minishift version
minishift v1.20.0+53c500a
[docker@minishift ~]$ cat /etc/*-release
CentOS Linux release 7.5.1804 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

VARIANT="minishift"
VARIANT_VERSION="1.10.0"
BUILD_ID="eab9f81-28052018131702-local"
CentOS Linux release 7.5.1804 (Core)
CentOS Linux release 7.5.1804 (Core)

looks like 1.10 didn't get published with the fix?

[docker@minishift ~]$ sudo yum list installed -y | grep python-rhsm-certificates
[docker@minishift ~]$ sudo yum list installed -y | grep rhsm             
subscription-manager-rhsm-certificates.x86_64

I see the commit (f0931db26228c6f92f08bbea82c6b5bf112272e9) is in tags 1.9 and 1.10

~/git/minishift/minishift-centos-iso on  master 9:35:33
$ git tag --contains f0931db26228c6f92f08bbea82c6b5bf112272e9           
v1.10.0
v1.9.0
soulmarus commented 6 years ago

Having the same issue with minishift 1.20 when using the centos 1.10 image, had to do the steps mentioned by @hhellbusch

gbraad commented 6 years ago

@praveenkumar perhaps we have a look into this...

On Sat, Jun 30, 2018, 05:12 soulmarus notifications@github.com wrote:

Having the same issue with minishift 1.20 when using the centos 1.10 image, had to do the steps mentioned by @hhellbusch https://github.com/hhellbusch

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/minishift/minishift-centos-iso/issues/251#issuecomment-401475312, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAHZn24z44vP32xsNc8OBHOu_uQ0oobks5uBpgqgaJpZM4Uiitj .

pschildkamp commented 6 years ago

I have exactly the same problem using minishift 1.20 with Centos7 1.10 image. My work around is by creating an empty redhat-uep.pem file.

minishift ssh
sudo su
cd /etc/rhsm/ca/
touch redhat-uep.pem

Though this fixes the issue for me at the moment I would prefer an actuale fix for this issue :)

praveenkumar commented 6 years ago

@pepijnschildkamp right we are working towards it, soon will do the fix.

xiwu commented 6 years ago

I guess @agajdosi is trying to build some rehat eap quickstart, if so, you can try to use the CDK, in build phase, it will build the image from RHEL image, all the certs are in the image.

LalatenduMohanty commented 6 years ago

Resolved via #255

bilalcaliskan commented 5 years ago

I have exactly the same problem using minishift 1.20 with Centos7 1.10 image. My work around is by creating an empty redhat-uep.pem file.

minishift ssh
sudo su
cd /etc/rhsm/ca/
touch redhat-uep.pem

Though this fixes the issue for me at the moment I would prefer an actuale fix for this issue :)

You are a life-saver! Thanks!