Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenShift cannot pull images from registry.access.redhat.com #251

Closed
agajdosi opened this issue Jun 11, 2018 · 10 comments

Comments

Projects
None yet
9 participants
@agajdosi
Copy link
Member

commented Jun 11, 2018

There is missing certificate on Centos.iso, which blocks OpenShift to be able to pull images from registry.access.redhat.com:

Failed | Failed  to pull image  "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift@sha256:744915c2321f438c5af643600c487889e7169f238c96628a9c4f6efe36fbe09b":  rpc error: code = Unknown desc = open  /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such  file or directory

or

Cloning "https://github.com/jboss-developer/jboss-eap-quickstarts" ...
        Commit: d9281fa6c7ca7a498bdf95049c64bbbe41b989cf (Update POM versions for EAP 7.0.0.GA release)
        Author: Paul Gier <pgier@redhat.com>
        Date:   Thu May 19 13:36:55 2016 -0500
Pulling image "registry.access.redhat.com/jboss-eap-7/eap70-openshift@sha256:7a3acb825766a00fd865d9616bbd129fd747dd38b340704c835e47b9071de1d4" ...
pulling image error : open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
error: build error: unable to get registry.access.redhat.com/jboss-eap-7/eap70-openshift@sha256:7a3acb825766a00fd865d9616bbd129fd747dd38b340704c835e47b9071de1d4

This issue causes: minishift/minishift#2450

@gbraad

This comment has been minimized.

Copy link
Member

commented Jun 11, 2018

@agajdosi

This comment has been minimized.

Copy link
Member Author

commented Jun 13, 2018

@gbraad By default docker pulls on CentOS go to docker hub. But developers can specify the full address of images in Dockerfiles or OpenShift application templates and thus download from registries which they choose. AFAIU Red Hat Container Catalog is valid source of robust container images and CentOS ISO should support it. (Boot2Docker ISO has no problem with image pulls from RHCC.)

@hhellbusch

This comment has been minimized.

Copy link

commented Jun 29, 2018

Running into this issue as well.

It looks like this was attempted to be fixed in #236

Current work around - copy contents of /etc/rhsm/ca/redhat-uep.pem from my host and create the file /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt

# on host machine
xclip -sel c < /etc/rhsm/ca/redhat-uep.pem
minishift ssh
sudo vi /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt
# paste clipboard contents
# save and quit, images will now pull OK on openshift

Running latest version -

~/minishift-1.20.0-linux-amd64 9:21:18
$ ./minishift version
minishift v1.20.0+53c500a
[docker@minishift ~]$ cat /etc/*-release
CentOS Linux release 7.5.1804 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

VARIANT="minishift"
VARIANT_VERSION="1.10.0"
BUILD_ID="eab9f81-28052018131702-local"
CentOS Linux release 7.5.1804 (Core)
CentOS Linux release 7.5.1804 (Core)

looks like 1.10 didn't get published with the fix?

[docker@minishift ~]$ sudo yum list installed -y | grep python-rhsm-certificates
[docker@minishift ~]$ sudo yum list installed -y | grep rhsm             
subscription-manager-rhsm-certificates.x86_64

I see the commit (f0931db) is in tags 1.9 and 1.10

~/git/minishift/minishift-centos-iso on  master 9:35:33
$ git tag --contains f0931db26228c6f92f08bbea82c6b5bf112272e9           
v1.10.0
v1.9.0
@soulmarus

This comment has been minimized.

Copy link

commented Jun 29, 2018

Having the same issue with minishift 1.20 when using the centos 1.10 image, had to do the steps mentioned by @hhellbusch

@gbraad

This comment has been minimized.

Copy link
Member

commented Jun 30, 2018

@pepijnschildkamp

This comment has been minimized.

Copy link

commented Jul 6, 2018

I have exactly the same problem using minishift 1.20 with Centos7 1.10 image.
My work around is by creating an empty redhat-uep.pem file.

minishift ssh
sudo su
cd /etc/rhsm/ca/
touch redhat-uep.pem

Though this fixes the issue for me at the moment I would prefer an actuale fix for this issue :)

@praveenkumar

This comment has been minimized.

Copy link
Collaborator

commented Jul 6, 2018

@pepijnschildkamp right we are working towards it, soon will do the fix.

@xiwu

This comment has been minimized.

Copy link

commented Jul 9, 2018

I guess @agajdosi is trying to build some rehat eap quickstart, if so, you can try to use the CDK, in build phase, it will build the image from RHEL image, all the certs are in the image.

praveenkumar added a commit to praveenkumar/minishift-centos-iso that referenced this issue Jul 9, 2018

praveenkumar added a commit to praveenkumar/minishift-centos-iso that referenced this issue Jul 9, 2018

praveenkumar added a commit to praveenkumar/minishift-centos-iso that referenced this issue Jul 9, 2018

@LalatenduMohanty

This comment has been minimized.

Copy link
Member

commented Jul 10, 2018

Resolved via #255

@bilalcaliskan

This comment has been minimized.

Copy link

commented Oct 13, 2018

I have exactly the same problem using minishift 1.20 with Centos7 1.10 image.
My work around is by creating an empty redhat-uep.pem file.

minishift ssh
sudo su
cd /etc/rhsm/ca/
touch redhat-uep.pem

Though this fixes the issue for me at the moment I would prefer an actuale fix for this issue :)

You are a life-saver! Thanks!

ryannix123 added a commit to ryannix123/odo that referenced this issue Dec 31, 2018

Update getting-started.md
I was getting a cert error when running odo create openjdk18 --git https://github.com/openshift-evangelists/Wild-West-Backend. Evidently, it's related to this: minishift/minishift-centos-iso#251
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.