Created
June 30, 2016 14:45
-
-
Save miminar/1297c1f087767c7b46de3d423dcd3ff0 to your computer and use it in GitHub Desktop.
Debug dev-int preview instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| thank you for cooperation. Here's what I'd like to get/see: | |
| 1. exact version of docker-registry image being run | |
| - the output of: oc describe dc/docker-registry | grep -i image | |
| 2. the output of curl on blob from inside of cluster: | |
| 1. inside a cluster, `oc login` with a user that can have a token | |
| 2. login to the registry using this token: | |
| https://docs.openshift.org/latest/install_config/install/docker_registry.html#access-logging-in-to-the-registry | |
| 3. pick-up an image that is tagged into one of users namespace and is managed by openshift | |
| To get a list of imagestream imates, you can: | |
| $ oc get is -o go-template=$'{{range $i, $is := .items}}{{range .status.tags}}{{range .items}}{{printf "%s@%s" $is.metadata.name .dockerImageReference}}\n{{end}}{{end}}{{end}}' | \ | |
| sed 's/\([^ @\]\+\)@[^ @]\+@\([^ @]\+\)/\1@\2/g' | |
| hello-openshift@sha256:bf70a0c785fb64a3b2782b88bed4dd3874275c58e601c8f2c498dd6a7659ebfe | |
| tmp@sha256:1d4237c78b23d35cc37f44fdc9f45f3821f51ddca62c2bc4fcc27c7bb3e39d4d | |
| The results are <image stream name>@<image name>. | |
| Following command will return true if given image is manged: | |
| $ oc get -o yaml isimage "<image stream name>@<image name>" -o go-template=$'{{index .image.metadata.annotations "openshift.io/image.managed" }}\n' | |
| true | |
| If there's no such image, tag one using docker and push it to the registry. | |
| Then list its layers: | |
| $ oc get -o yaml isimage "<image stream name>@<image name>" -o go-template=$'{{if index .image.metadata.annotations "openshift.io/image.managed" }}{{range .image.dockerImageLayers}}{{.name}}\n{{end}}{{end}}\n' | |
| Choose one ($BLOBDIGEST) and try to curl it from the cluster: | |
| $ curl -O -v -u "joe:$token" "http://${INTERNAL_REGISTRY_IP}:5000/v2/$NAMESPACE/$IMAGESTREAMNAME/blobs/$BLOBDIGEST" | |
| You can see output similar to below if the retistry doesn't redirect (note HTTP/1.1 200 OK line) | |
| * About to connect() to 172.30.241.183 port 5000 (#0) | |
| * Trying 172.30.241.183... | |
| * Server auth using Basic with user 'joe' | |
| > GET /v2/s3/hello-openshift/blobs/sha256:5594792b81eb33747af6e7939d8e2ee1841621a3417acd995e815d7c2bd7334f HTTP/1.1 | |
| > Authorization: Basic am9lOmJTS3FDT0pza0t1aXBiVnI0NlJzVWJ4ZmpyWXhaYWZIZ1llYmw4ZXduYnc= | |
| > User-Agent: curl/7.29.0 | |
| > Host: 172.30.241.183:5000 | |
| > Accept: */* | |
| > | |
| < HTTP/1.1 200 OK | |
| < Accept-Ranges: bytes | |
| < Cache-Control: max-age=31536000 | |
| < Content-Length: 2234230 | |
| < Content-Type: application/octet-stream | |
| < Docker-Content-Digest: sha256:5594792b81eb33747af6e7939d8e2ee1841621a3417acd995e815d7c2bd7334f | |
| < Docker-Distribution-Api-Version: registry/2.0 | |
| < Etag: "sha256:5594792b81eb33747af6e7939d8e2ee1841621a3417acd995e815d7c2bd7334f" | |
| < Date: Wed, 29 Jun 2016 09:42:52 GMT | |
| < | |
| { [data not shown] | |
| ... | |
| If it redirects, you'll see line `HTTP/1.1 307 Temporary Redirect` instead. | |
| Paste me the output please. | |
| 3. obtain a curl output for the same $NAMESPACE/$IMAGESTREAMNAME/$BLOBDIGEST with the public registry url from inside of cluster: | |
| $ curl -O -v -u "joe:$token" "https://registry.preview.openshift.com/v2/$NAMESPACE/$IMAGESTREAMNAME/blobs/$BLOBDIGEST" | |
| 3. obtain a curl output for the same $NAMESPACE/$IMAGESTREAMNAME/$BLOBDIGEST with the public registry url from outside of cluster | |
| If you hit some problem, ping me on irc (#aos, #openshift, ...). | |
| Thank you in advance! | |
| Michal |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment