Allow for pull from pulp container pullthrough distribution

Support
#1

Problem: after following docs to create pull-through distribution for pulp container registry I have no access to it

Expected outcome: once pulp container distribution is set private=False - allow for users to access it

Pulpcore version: 3.71.2

Pulp plugins installed and their versions:
“deb”: “3.5.1”,
“npm”: “0.2.0”,
“rpm”: “3.28.0”,
“file”: “3.71.2”,
“maven”: “0.9.0”,
“ostree”: “2.4.6”,
“python”: “3.13.2”,
“ansible”: “0.24.1”,
“certguard”: “3.71.2”,
“container”: “2.24.0”

Operating system - distribution and version: Kubernetes deployment

Other relevant data:
API pod log:

api pulp [e643ef5888ad46d2b965ef52dc5b15e6]: django.request:WARNING: Unauthorized: 
/v2/base-images/python/manifests/latest

docker cli log:

Error response from daemon: pull access denied for <pulp base URL>/base-images/python, 
repository does not exist or may require 'docker login'
#2

The first pull requires authentication - see https://github.com/pulp/pulp_container/issues/1959 for details, and the RFE that is asking for a change there.

3 Likes
#3

here is my working example notes… not sure if i am using the correct rbac but hey it works

make user

pulp user create --username “newuser” --password thisisnotapass123

REMOTE_HREF=$(http -a admin:$PULP_PASS --verify no ${BASE_ADDR}/pulp/api/v3/remotes/container/pull-through/ name=docker-cache url=https://registry-1.docker.io | jq -r “.pulp_href”)

http -a admin:$PULP_PASS --verify no ${BASE_ADDR}/pulp/api/v3/distributions/container/pull-through/ remote=${REMOTE_HREF} name=docker-cache base_path=docker-cache

Get client access working for pullthrough

(create user as above)

pulp container namespace role add --role container.containernamespace_owner --user newuser --name docker-cache

docker login -u newuser -p thisisnotapass123 ${BASE_ADDR}

2 Likes
#4

hey everyone, thank you for your answers! authenticating for the first pull eliminated error above, but I stumbled upon another one:

I’ve created pull-through remote and distribution as per @nicokruger answer, but getting error

From docker pull ${BASE_ADDR}/docker-cache/library/busybox

Error response from daemon: failed to resolve reference "artifacts.culab.ru/docker-cache/library/busybox:latest": artifacts.culab.ru/docker-cache/library/busybox:latest: not found

From API pod:

django.request:WARNING: Not Found: /v2/docker-cache/library/busybox/manifests/latest

Also tried to pull without /library/ prefix - still no luck

Can you please help me on this one here or do I need to create a new support thread for this?

#5

@Pyro_Gun When I follow the exact same commands it works for me. Can you perform a sync of busybox normally? It might be your connection to dockerhub.