I am trying to push a docker image to eu.gcr.io and I am getting 403 Forbidden
gcloud docker push eu.gcr.io/<projectname>/<image>:latest
The push refers to a repository [eu.gcr.io/<projectname>/<image>] (len: 1)
663cd9de01fe: Preparing
Post https://eu.gcr.io/v2/w<projectname>/<image>/blobs/uploads/: token auth attempt for registry: https://eu.gcr.io/v2/token?account=_token&scope=repository%3A<projectname>%2F<image>3Apush%2Cpull&service=eu.gcr.io request failed with status: 403 Forbidden
I have checked
curl https://eu.gcr.io/v1/_ping => works
gcloud config list => project id is setup
Storage api is enabled in console
if I use the project name in the url I get 403 Forbidden
if I use the project id in the url I get "Repository does not exist"
gcloud auth list => shows the owner as active
gcloud components update => All components are up to date.
I had faced the same issue, to resolve it in order I done.
Rename the images as told
Add the user to docker group (important for the docker login)
Use docker login token https://cloud.google.com/container-registry/docs/auth
docker login -e 1234#5678.com -u _token -p "$(gcloud auth print-access-token)" https://gcr.io
(If using sudo docker, the token will be stored with the root account.)
Then use docker push gcr.io/projetc_id/imagename according to How to push a docker image to a private repository
Looks like the problem is that the (local) docker tag was incorrect, the tag was the "project name" instead of "gcloud project id" so by changing the tag to contain the project the push works.
Related
I am trying to deploy Gitlab source code OpenShift. But I am facing an issue. Though in Gitlab pipeline it is successful. It keeps talking about the unauthorized error.
My expected output is to have deployment on OpenShift [Error message] (https://i.stack.imgur.com/CBBzO.png)
The error indicates that the Deployment Pod is unable to pull the specified image.
It appears your Deployment is in the namespace roks-test-demo-project while the image your are trying to pull is in the oc-custom-dev namespace. In order for a Deployment in one namespace to pull an image from another, the Deployment's service account must be authorized to do so.
See the OpenShift documentation for how to achieve this.
In your case, assuming your Deployment is running as the default service account:
$ oc policy add-role-to-user \
system:image-puller system:serviceaccount:roks-test-demo-project:default \
--namespace=oc-custom-dev
If your Deployment is running as a non-default service account, replace default with that service account name in the above command.
I'm trying to build a new app by using a docker image from the book Devops With OpenShift
so as per the content from the book page 19
the command is
oc new-app devopswithopenshift/welcome:latest --name=myapp
so the devopswithopenshift/welcome:latest needs to be firstly built and pushed to the docker hub.
I pulled the GIT code from https://github.com/devops-with-openshift/welcome
and ran the command C:\Docker\welcome\foo>docker build -t welcome .
Here is the response
failed to solve with frontend dockerfile.v0: failed to create LLB definition: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
When i looked into the Dockerfile
It has FROM welcome/ops:latest
so it is trying to pull welcome/ops which is not there in the registry can the authors help resolve this
Thanks
K.ThulsiDoss
Thanks for the response .Here is what i did to get going so that users can benefit from the clarifications.
1.My env is windows (client ) and open shift is on RHEL cluster .In my win env i have Git ,OC client installed & docker (win10 ) installed
2.Downloaded the book code into my git dir
3.The important thing is that i logged onto docker with my credentials on the terminal
'''
e.g docker login -- --password on the terminal where i had extracted the code.
'''
4.I then logged onto the OC cluster e.g
'''
oc login --token= --server=https://xyzopenshift.os.fyre.ibm.com:6443
I am trying to push my code from a protected Git repo via Azure CLI, but I am getting the below error:
az webapp deployment source config --branch *** --manual-integration --name **** --repo-url ***** --resource-group ****
Error
The server name or address could not be resolved
If you want to deploy code from local Git, please make sure you have installed the Git, then follow the steps below.
1.Login and configure a deployment user
az login
az webapp deployment user set --user-name 'joyw1' --password 'Password01!'
2.Get the deployment URL
az webapp deployment source config-local-git -g <group-name> -n <webapp-name>
3.Open a local terminal window to your local Git repository.
4.Add an Azure remote, replace the with the one in step 2.
git remote add azure <url>
Then run the command to push to Azure, it will let you to input the username and password, just input them that you set in the step 1.
git push azure master
For more details, you could refer to this doc - Local Git deployment to Azure App Service.
I'm trying to migrate from OpenShift 2 to OpenShift 3.
I have created a new app on OpenShift 3 but I'm struggling to clone my BitBucket private git repository to it. (I had no problem with OpenShift 2).
I have tried setting secrets (SSH or Basic Authentication) in Build/Advanced Options but without luck.
Here is the error message :
Cloning "git#bitbucket.org:(myusername)/(myrepository).git" ... error:
build error: Host key verification failed. fatal: Could not read from
remote repository. Please make sure you have the correct access rights
and the repository exists.
The steps if working from the command line are as follows:
1) Create a new SSH key pair for use with the repository. This cannot have a passphrase.
ssh-keygen -C "openshift-source-builder/repo#bitbucket" -f repo-at-bitbucket -N ''
This will generate files:
repo-at-bitbucket
repo-at-bitbucket.pub
being the private and public key files.
2) Go to Settings->Access keys for the repository on BitBucket, select Add key and in the popup window enter the key name openshift-source-builder and paste in the contents of the public key file. In this case repo-at-bitbucket.pub. Confirm creation by clicking on Add key on the popup window.
3) Create a secret in OpenShift for the key by running:
oc secrets new-sshauth repo-at-bitbucket --ssh-privatekey=repo-at-bitbucket
4) Enable access to the secret from the builder service account.
oc secrets link builder repo-at-bitbucket
5) In order that OpenShift knows the secret is for this specific private Git repository and automatically uses it, annotate the secret with the SSH URI for the repository.
oc annotate secret/repo-at-bitbucket \
'build.openshift.io/source-secret-match-uri-1=ssh://bitbucket.org/yourusername/private-repo.git'
Very important here is the form of the URI. In the BitBucket web interface it will show it as:
git#bitbucket.org:yourusername/private-repo.git
Do not use that. You need to use the SSH form of the URI here.
6) We can then deploy the application from the private Git repository.
oc new-app httpd~git#bitbucket.org:yourusername/private-repo.git --name mysite
Okay to use git#bitbucket.org:yourusername/private-repo.git here, or could also use the SSH form of the URI.
You can also do all this from the web console instead. Important if creating the secret as a separate step in web console to link the builder service account when doing that. If create the source secret when deploying, then it will automatically link the builder service account.
Note that if the OpenShift instance has a firewall between it and BitBucket and SSH connections are blocked, this will not work. In that case you need to fall back to using a personal access token (app password) over a SSH connection using HTTP basic authentication.
These details are now much better explained by the blog post series starting with:
https://blog.openshift.com/private-git-repositories-part-1-best-practices/
I have created a new account with openshift online and have created my first app. I have rhc installed on my local machine. I setup ssh keys for the first time using rhc setup -l loginname
i used git clone to clone the remote repo and it worked fine. Then however after changes and tring to do a git push gave me the following error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
I tried a couple of solutions provided in this forum like using ssh-add etc. but this did not work.I then made sure that all existing ssh keys under .ssh directory and from my openshift online account were deleted and all identities managed by ssh-agent were also deleted. I then launched rhc setup again This created the default ssh keys again and asked me if it could upload the public key which I selected yes to.
However then it gives me the following error:
An SSH connection could not be established to appname-domain-name.rhcloud.com.
Your SSH configuration may not be correct, or the application may not be
responding. connection closed by remote host (Net::SSH::Disconnect)
Kindly help.
I had the same problem while trying to clone from command line...
C:\> git clone GIT_URL DIRECTORY_TO_CREATE
Finally, cloning from the GIT UI solved the problem. Go to menu item All Programs --> GIT --> Git GUI and select "Clone existing repository".