Need to authenticate for docker registry #22
Description
The “The Registry" chapter seems to assume a registry with no authentication.
With registry.access.redhat.com/openshift3/ose-docker-registry , already the first curl sanity check fails with
< HTTP/1.1 401 Unauthorized
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< Www-Authenticate: Basic realm=openshift,error="authorization header with basic token required"
< Date: Mon, 10 Aug 2015 16:35:17 GMT
< Content-Length: 114
<
{"errors":[{"code":"UNAUTHORIZED","message":"access to the requested resource is not authorized","detail":null}]}
which makes sense, because registry.access.redhat.com/openshift3/ose-docker-registry image 1bfb53ecd402 contains
auth:
openshift:
realm: openshift
in /config.yml.
With this registry, a simple “docker push $REGISTRY/openshift/ruby-hello-world” as root does not work. Root / system:admin perhaps has the permissions, but docker authentication needs an openshift OAuth token, and I don’t know how system:admin can get one. (Just adding system:admin to htpasswd won’t work because : is a field separator in htpasswd.)
I had to
- oadm policy add-role-to-user admin alice -n openshift
(perhaps “edit” would suffice?) - (su - alice), then (oc whoami -t)
- As root, (docker login $REGISTRY) as alice, with the token above as password, and random e-mail
- Then the push worked.