Closed Hubbitus closed 7 years ago
baude
commented
7 years ago It looks like you missed two steps:
$ sudo /var/run/setup-atomic-registry.sh [hostname_or_IP]
and
$ sudo systemctl restart docker.service
I ran through the instructions this morning and it worked nicely. I'm going to close this. Please re-open if you feel the atomic cli is failing here. But most likely any issue would be with the image and not the atomic cli.
Hubbitus
commented
7 years ago Ok. Ive start from 0:
[pasha@hubbitus ~]$ sudo atomic uninstall projectatomic/atomic-registry-install
docker run -i --rm --privileged -v /:/host --entrypoint /usr/bin/uninstall.sh projectatomic/atomic-registry-install
+ chroot /host systemctl stop atomic-registry-master.service
+ chroot /host systemctl disable atomic-registry-master.service
Removed /etc/systemd/system/multi-user.target.wants/atomic-registry-master.service.
Removed /etc/systemd/system/multi-user.target.wants/atomic-registry.service.
Removed /etc/systemd/system/multi-user.target.wants/atomic-registry-console.service.
+ set +x
+ chroot /host systemctl stop atomic-registry-console.service
+ chroot /host systemctl disable atomic-registry-console.service
+ set +x
+ chroot /host systemctl stop atomic-registry.service
+ chroot /host systemctl disable atomic-registry.service
+ set +x
Removing configuration files...
+ chroot /host rm -rf /etc/atomic-registry
+ set +x
+ chroot /host rm -rf /etc/sysconfig/atomic-registry-master
+ set +x
+ chroot /host rm -rf /etc/systemd/system/atomic-registry-master.service
+ set +x
+ chroot /host rm -rf /etc/sysconfig/atomic-registry
+ set +x
+ chroot /host rm -rf /etc/systemd/system/atomic-registry.service
+ set +x
+ chroot /host rm -rf /etc/sysconfig/atomic-registry-console
+ set +x
+ chroot /host rm -rf /etc/systemd/system/atomic-registry-console.service
+ set +x
+ chroot /host rm -rf /usr/bin/setup-atomic-registry.sh
+ set +x
Uninstallation complete.
Images have not been removed. To remove them manually run:
sudo docker rmi openshift/origin openshift/origin-docker-registry cockpit/kubernetes
[pasha@hubbitus ~]$
[pasha@hubbitus ~]$ sudo docker rmi openshift/origin openshift/origin-docker-registry cockpit/kubernetes
Untagged: openshift/origin:latest
Untagged: docker.io/openshift/origin@sha256:efd886659de2983b5e5e955946efcfb3256abf892aff79f82cd8f751ec5b35fa
Deleted: sha256:d28a6da25a6f716d24cc2da920961d14d900a9922ff0e6444bfc7a697e2854d0
Deleted: sha256:3094c0877da983836bb35e715c0d8aeb5fc14c24a79786edab35615a7d7b4497
Untagged: openshift/origin-docker-registry:latest
Untagged: docker.io/openshift/origin-docker-registry@sha256:1c1d97206d7ad80fcb4c725bf70455a46307be1756fccb00a6bd15f6149f9b7a
Deleted: sha256:6f6a0022f5284383b58a64fbff2e90399bc9dde00fd5eb63fa2e365cc299f13b
Deleted: sha256:8d4f3d5c8cdf03235291ef30cfc5deccb85b5c396a552d6020740ab2a18101e5
Deleted: sha256:3c61836b495e071977cd7df0853d4e5061ab8035a19fc76f253c1491d95b3a79
Deleted: sha256:45c6f47c669fe4b3bc783ef08060d9459acd08392abea97916e15006cc761bdb
Deleted: sha256:dc1e2dcdc7b6ff86d785fa16cf97464d263d04346a191c57b5ca8a66b4155861
Untagged: cockpit/kubernetes:latest
Untagged: docker.io/cockpit/kubernetes@sha256:d08dfd9f1619ada63e9ce370eade80f5475c25a9593b6505ab5550cc4f35029b
Deleted: sha256:604842f7801d7eee500de755e316b5bcd74ae4f0a14d2c34f5dbb27d103b3fab
Deleted: sha256:29cbacebc567527468535e44bfcc7867be2564bf8c57f69a7f0ebfb8ed5c82c9
Deleted: sha256:05144d6428f603b91e406996771d401d1fc6ac45173322273e04185581673646
Deleted: sha256:5144262411536851790d69fea18a7c040c2da620b0fd7a0ef2113c63d648f535
Deleted: sha256:53e6d99f7596f656354b326bd771a14ed68f0676f05793a9c3d3b799ae447977
[pasha@hubbitus ~]$
[pasha@hubbitus ~]$
[pasha@hubbitus ~]$ echo "Start from 0"
Start from 0
[pasha@hubbitus ~]$ sudo atomic install projectatomic/atomic-registry-install 127.0.0.5
docker run -i --rm --privileged --net=host -v /etc/atomic-registry/:/etc/atomic-registry/ -v /var/lib/atomic-registry/:/var/lib/atomic-registry/ -v /:/host -e REGISTRYPORT -e MASTERPORT -e CONSOLEPORT -e REGISTRYIMAGE -e MASTERIMAGE -e CONSOLEIMAGE -e REGISTRYTAG -e MASTERTAG -e CONSOLETAG --entrypoint /usr/bin/install.sh projectatomic/atomic-registry-install 127.0.0.5
Installing using hostname 127.0.0.5
Wrote master config to: /etc/atomic-registry/master/master-config.yaml
Copy files to host
+ mkdir -p /etc/atomic-registry/master/site
+ mkdir -p /etc/atomic-registry/registry
+ mkdir -p /etc/atomic-registry/serviceaccount
+ mkdir -p /host/var/lib/atomic-registry/registry
+ cp /exports/unit_files/atomic-registry-console.service /exports/unit_files/atomic-registry-master.service /exports/unit_files/atomic-registry.service /host/etc/systemd/system/
+ cp /exports/config/atomic-registry /exports/config/atomic-registry-console /exports/config/atomic-registry-master /host/etc/sysconfig/
+ cp /exports/oauthclient.yaml /etc/atomic-registry/master/
+ cp /exports/setup-atomic-registry.sh /host/var/run/
+ cp /exports/registry-login-template.html /host/etc/atomic-registry/master/site/
+ chown -R 1001:root /host/var/lib/atomic-registry/registry
+ chown -R 1001:root /etc/atomic-registry/registry
+ set +x
Add serviceaccount token and certificate to registry configuration
Update custom ports, images and tags
Updating login template
Files updated
/host/etc/sysconfig/atomic:
# Specify the tools package to be used for missing commands
# A missing command on an atomic host platform will execute
# atomic run ${TOOLSIMG} COMMAND
# If the TOOLSIMG is defined
# export TOOLSIMG=
/host/etc/sysconfig/atomic-registry:
REGISTRY_HTTP_NET=tcp
KUBERNETES_PORT_8443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=8443
KUBERNETES_PORT_8443_TCP_ADDR=localhost
KUBERNETES_PORT_8443_TCP=tcp://localhost:8443
REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA=false
##
# To secure the registry, copy the certificates to these paths, uncomment and restart service
##
#REGISTRY_HTTP_TLS_CERTIFICATE=/etc/atomic-registry/registry/registry.crt
#REGISTRY_HTTP_TLS_KEY=/etc/atomic-registry/registry/registry.key
REGISTRY_HTTP_SECRET=C1kKjZ/m4XXiaroo+S6A0sclBHhrDoYw7tGqTi78NsTbQkeOeLupuqWk6UQ61swS2+OBR12IjoWyF09XsuSZ7A==
DOCKER_REGISTRY_SERVICE_PORT=5000
REGISTRY_HTTP_ADDR=:5000
DOCKER_REGISTRY_SERVICE_HOST=127.0.0.5
REGISTRYPORT=5000
REGISTRYIMAGE=openshift/origin-docker-registry
REGISTRYTAG=latest
KUBERNETES_SERVICE_HOST=127.0.0.5
KUBERNETES_SERVICE_PORT=8443
/host/etc/sysconfig/atomic-registry-console:
# Uncomment to enable debug messages
#G_MESSAGES_DEBUG=cockpit-ws,cockpit-wrapper,cockpit-bridge
REGISTRY_ONLY=true
OPENSHIFT_OAUTH_CLIENT_ID=cockpit-oauth-client
# Set to false to use your own SSL certificates
KUBERNETES_INSECURE=true
OPENSHIFT_OAUTH_PROVIDER_URL=https://127.0.0.5:8443
REGISTRY_HOST=127.0.0.5:5000
CONSOLEPORT=9090
CONSOLEIMAGE=cockpit/kubernetes
CONSOLETAG=latest
KUBERNETES_SERVICE_HOST=127.0.0.5
KUBERNETES_SERVICE_PORT=8443
/host/etc/sysconfig/atomic-registry-master:
# loglevel 1-5
OPTIONS=--loglevel=1
CONFIG_FILE=/etc/atomic-registry/master/master-config.yaml
KUBECONFIG=/etc/atomic-registry/master/admin.kubeconfig
MASTERPORT=8443
MASTERIMAGE=openshift/origin
MASTERTAG=latest
Optionally edit configuration file authentication /etc/atomic-registry/master/master-config.yaml,
and/or add certificates to /etc/atomic-registry/master,
then enable and start services:
sudo systemctl enable --now atomic-registry-master.service
Once all 3 containers are running (docker ps), run the setup script
(you can run it again if it is run early and fails)
sudo /var/run/setup-atomic-registry.sh
[pasha@hubbitus ~]$
[pasha@hubbitus ~]$ sudo systemctl enable --now atomic-registry-master.service
Created symlink /etc/systemd/system/multi-user.target.wants/atomic-registry-master.service → /etc/systemd/system/atomic-registry-master.service.
Created symlink /etc/systemd/system/multi-user.target.wants/atomic-registry.service → /etc/systemd/system/atomic-registry.service.
Created symlink /etc/systemd/system/multi-user.target.wants/atomic-registry-console.service → /etc/systemd/system/atomic-registry-console.service.
[pasha@hubbitus ~]$
[pasha@hubbitus ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4ad260074003 gitlab/gitlab-runner:alpine "/usr/bin/dumb-ini..." 4 weeks ago Up 13 hours gitlab-runner
[pasha@hubbitus ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4ad260074003 gitlab/gitlab-runner:alpine "/usr/bin/dumb-ini..." 4 weeks ago Up 13 hours gitlab-runner
[pasha@hubbitus ~]$ LANG=date
[pasha@hubbitus ~]$ LANG=C date
Thu Jun 29 13:32:40 MSK 2017
[pasha@hubbitus ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4ad260074003 gitlab/gitlab-runner:alpine "/usr/bin/dumb-ini..." 4 weeks ago Up 13 hours gitlab-runner
[pasha@hubbitus ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
189283b47d53 openshift/origin-docker-registry:latest "/bin/sh -c 'DOCKE..." 17 minutes ago Up 17 minutes atomic-registry
e03ebfb386ce cockpit/kubernetes:latest "/usr/libexec/cock..." 18 minutes ago Up 18 minutes 0.0.0.0:9090->9090/tcp atomic-registry-console
33fe8df362e5 openshift/origin:latest "/usr/bin/openshif..." 21 minutes ago Up 21 minutes 53/tcp, 0.0.0.0:8443->8443/tcp atomic-registry-master
4ad260074003 gitlab/gitlab-runner:alpine "/usr/bin/dumb-ini..." 4 weeks ago Up 14 hours gitlab-runner
[pasha@hubbitus ~]$ sudo /var/run/setup-atomic-registry.sh 127.0.0.5
--> Creating registry registry ...
serviceaccount "registry" created
clusterrolebinding "registry-registry-role" created
deploymentconfig "docker-registry" created
service "docker-registry" created
--> Success
error: timed out waiting for the condition
++ docker exec atomic-registry-master oc get sa registry --template '{{ range .secrets}} {{ println .name }} {{ end }}'
++ grep registry-token
+ TOKEN_NAME=' registry-token-v3r3r'
+ base64 -d
+ docker exec atomic-registry-master oc get secret registry-token-v3r3r --template '{{ .data.token }}'
+ docker exec atomic-registry cat /config.yml
+ echo REGISTRY_CONFIGURATION_PATH=/etc/atomic-registry/registry/config.yml
+ docker exec atomic-registry-master oc new-app --file=/etc/atomic-registry/master/oauthclient.yaml --param=COCKPIT_KUBE_URL=https://127.0.0.5:9090
--> Deploying template "default/cockpit-openshift-template" for "/etc/atomic-registry/master/oauthclient.yaml" to project default
* With parameters:
* COCKPIT_KUBE_URL=https://127.0.0.5:9090
* OPENSHIFT_OAUTH_CLIENT_SECRET=userbQ2wu2OaBHEMHxAMtAfFLe1NbgcEG2AeWJu7cPbTantb6aJGqxYwOHjK02MnaeH7 # generated
* OPENSHIFT_OAUTH_CLIENT_ID=cockpit-oauth-client
--> Creating resources ...
oauthclient "cockpit-oauth-client" created
--> Success
Run 'oc status' to view your app.
+ systemctl restart atomic-registry.service
+ set +x
Launch web console in browser at https://127.0.0.5:9090
By default, ANY username and ANY password will successfully authenticate.Go to https://127.0.0.5:9090 in browser, get error of certificate as expected:
NET::ERR_CERT_AUTHORITY_INVALID
Subject: e03ebfb386ce
Issuer: e03ebfb386ce
Expires on: 5 июн. 2117 г.
Current date: 29 июн. 2017 г.
PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIDWTCCAkGgAwIBAgIJAIBF5YqU7qJcMA0GCSqGSIb3DQEBCwUAMEIxKTAnBgNV
BAoMIDA2NDgwNzQxMjAxYTRkMmRiNGI2NWVmNTE4ODhkYWM3MRUwEwYDVQQDDAxl
MDNlYmZiMzg2Y2UwIBcNMTcwNjI5MTA0MjA5WhgPMjExNzA2MDUxMDQyMDlaMEIx
KTAnBgNVBAoMIDA2NDgwNzQxMjAxYTRkMmRiNGI2NWVmNTE4ODhkYWM3MRUwEwYD
VQQDDAxlMDNlYmZiMzg2Y2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCwUv2vNV+MsCj3Scq6NiBLvtKqQ6GC5zpkc/YRKqp3d96MCWU3tlw1y9NIj35h
xkvYl+EoWrvdtLC8GG7JE2qt0dnRgEYo3PEYyh5TNQQcDE7obFEbTN1OoyRSfD2M
9L+5mSSnYf1DEMAyTiY1+HEyUblh62D/XWHwHYUdfgwIMVgWnM0Qkre51TtbMdkW
UXxtsayqaNsplIvyI6QU89butfgFW6c4pQ19EasbqWcwTOFqAmxrDwFX9VRsRnio
PvknGqlXZWtYCD1ow0xkKixllk5v52OYtCD7BM0cIxBQroxd5a6eE6J4oPBxPdpz
KewNT23L1uetMSsPf1U/hTszAgMBAAGjUDBOMB0GA1UdDgQWBBRP4OM3p6CGl+Y8
dRI0XjzTWPuxKDAfBgNVHSMEGDAWgBRP4OM3p6CGl+Y8dRI0XjzTWPuxKDAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAbEniB8Cw4lZRPTUYiIljOhhFC
eA+EfsDZV3fxb3JoQL3tO7xb85hRk56Zr/ZmWyb4oftmg+fEZwBkyhngt1eO1zDQ
Q9lHD0zdqREDLwQFUx36fI3s8WILFaKlLzGedeeYGqkr0h3f73k/xGZQQUrrMMjk
if0OjFlg+4o2Z2mZMzZ3x0vlr0OxwE15iiYKklJZRNFgVRBO8h5GhlB7Z6fE9n5l
469Bn+MjDnBNuKK6cFwX2NAlbGldR09RAr1dtI3ZgaAEv7K0okkk7vyoe97iFnP0
6v4PSKj0/nsH0NLcDDJxH1Pd4CDmEVfwZKFdrYL610/ABhOfMjeTO9aCJZij
-----END CERTIFICATE-----accept it, continue and on: https://127.0.0.5:9090/#access_token=BQ0pKGCBNiDdnIXLvwRUlDG-Ph80g3Ae17pEuhJRWbk&expires_in=86400&scope=user%3Afull&token_type=Bearer get:
Authentication failed: internal-error: Couldn%27t connect to the api: Get https:%2F%2F127.0.0.5:8443%2Fapi: dial tcp 127.0.0.5:8443: getsockopt: connection refused
I follow to http://docs.projectatomic.io/registry/latest/registry_quickstart/administrators/index.html#registry-quickstart-administrators-index on Fedora 25 host:
Containers run:
But going to http://127.0.0.5:9090 redirects to https://127.0.0.5:8443/oauth/authorize?client_id=cockpit-oauth-client&response_type=token&redirect_uri=https%3A%2F%2Flocalhost%3A9090%2F with error:
Screenshot: