search

projectatomic / atomic

Atomic Run Tool for installing/running/managing container images.
Other
524 stars 139 forks source link

atomic pull fails with KeyError: 'Registries' #1232

Closed bfutterleib closed 6 years ago

bfutterleib commented 6 years ago

I have a small network of five virtual machines using Red Hat OS 7.4, atomic 1.20.1, Docker 17.06.2-ee-6 on four nodes with one node running Docker 17.12.1-ce for testing purposes.

My manager/server node is running a container image of Docker distribution (registry) which i have created TLS keys for and distributed to all nodes in the /etc/certs.d/redhat.repo:443 directory so standard docker push pull works fine.

After following the Red Hat documentation i was able to tag an image then sign and push it successfully atomic push redhat.repo:443/app-1:1.0

However when i try to do a atomic pull on my other nodes atomic pull redhat.repo:443/app-1:1.0 i end up with the following debug output. This happens on nodes with both versions of Docker whether i try a pull using the public key to verify or just do an insecure pull (add registry redhat.repo:443 as insecureAcceptAnything).

My VM work environment is air gapped and i had to write this out by hand so hopefully there's no errors in there. Im fairly new to everything linux so please go easy if i have done something obviously silly, thankyou

Namespace(_class=<class 'Atomic.pull.Pull'>, assumeyes=False, debug=True, func='pull_image', ignore=False, image='redhat.repo:443/app-1:1.0, profile=False, reg_type=None, src_creds=None, storage=None) 'Registries' Traceback File "/bin/atomic", line 185, in sys.exit(_func()) File "/usr/lib/python2.7/site-packages/Atomic/pull.py", line 54, in pull_image remote_image_obj = be.make_remote_image(self.args.image) File "/usr/lib/python2.7/site-packages/Atomic/backends/_docker.py", line 271, in make_remote_image img_obj.populate_remote_inspect_info() File "/usr/lib/python2.7/site-packages/Atomic/objects/image.py", line 157, in populate_remote_inspect_info File "/usr/lib/python2.7/site-packages/Atomic/objects/image.py", line 173, in remote_inspect tag=self.tag, digest=self.digest, orig_input=self.input_name) # on a side note no opening bracket? File "/usr/lib/python2.7/site-packages/Atomic/discovery.py", line 16, in init self.registries = util.get_registries() File "/usr/lib/python2.7/site-packages/Atomic/util.py", line 115, in get_registries search_regs = [x['Name'] for x in dconf['Registries']] KeyError: 'Registries'

rhatdan commented 6 years ago

@baude Ideas?

baude commented 6 years ago

does "redhat.repo" resolve? like with ping? does it pull with straight docker correctly?

the more i look at the output, it looks like you might be missing or have a bad /etc/containers/registries.conf ?

bfutterleib commented 6 years ago

yes all hosts on my network can ping each other by hostname as i added these to the /etc/hosts and standard docker push pull all work fine.

like you said though i am missing the /etc/containers/registries.conf file, did not mention this file in the Red Hat docs i read here https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/managing_containers/signing_container_images.

I found the registries.conf file on your github and added it at the given location /etc/containers/, i added my details as such

# registries to be searched
[registries.search]
registries = ['redhat.repo']

# add insecure registries here
[registries.insecure]
registries = ['redhat.repo']

# registries to be blocked`
[registries.block]
registries = []

Still no good however, i tried restarting my system and removing and reinstalling atomic it does not seem to recognize this registries.conf file though, thoughts? ie. atomic pull redhat.repo/my-image still fails with KeyError: 'Registries' as before

Also in case you are wondering why my registry is just redhat.repo instead of redhat.repo:443 like it was above i realized the port number extensions were unnecessary and i thought maybe atomic didnt play nice with this, so i retagged all my images and changed all my scripts so i can push pull using just the hostname redhat.repo (realizing that it's https and port 443 by default anyway).

bfutterleib commented 6 years ago

ok so the issue is a simple matter of package dependencies. I am testing out Docker but installed it by rpm not via yum.

This process meant that the atomic-registries package was not installed even when i installed the atomic package via yum to test out image signing. Long story short, messing about with Openshift on a new VM I installed everything via the provided Red Hat packages and the missing dependency was pretty obvious.

Atomic pull works correctly as of now, Please close this issue, thankyou.