Ingress

No able to login to registry :

pulp 3:

Error

Error: authenticating creds for “artifacts.test.tech”: Get “http://pulp-api-svc.pulp.svc.cluster.local:24817/token/?account=admin&service=artifacts.test.tech”: dial tcp: lookup pulp-api-svc.pulp.svc.cluster.local on 10.10.12.11:53: no such host***

I am using istio as service mesh

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: pulp-vs
namespace: pulp
spec:
gateways:

• istio-system/istiogateway
  hosts:
• artifacts.abc.tech
  http:
• match:
  • uri:
    prefix: /pulp/content/
    route:
  • destination:
    host: pulp-content-svc
    port:
    number: 24816
• match:
  • uri:
    prefix: /pulp/api/v3/
  • uri:
    prefix: /auth/login/
  • uri:
    prefix: /
  • uri:
    prefix: /pulp_ansible/galaxy/
  • uri:
    prefix: /v2/
  • uri:
    prefix: /extensions/v2/
  • uri:
    prefix: /token/
  • uri:
    prefix: /pypi/
    route:
  • destination:
    host: pulp-api-svc
    port:
    number: 24817

Hi @chethan! Would you mind specifying more details? What are you trying to accomplish? Are you using pulp_container? Which commands have you tried to execute?

@lubosmj
i am trying to use pulp as docker hub, I want to push my image to pulp, so i ran podman login command

The token server is usually exposed at the very same endpoint (e.g., registry.io/token/) as the registry itself. Would you mind sharing the Pulp settings file?

When you manually send a GET request at “http://localhost:24817/v2/” (replace the registry URL if needed), by default, the registry returns the WWW-Authenticate header with the information required to authenticate. If you send another GET request to the token server, like “http://localhost:24817/token/?service=pulp3-source-fedora31.localhost.example.com”, it returns the token that can be used for pulling content. Could you paste here the headers and responses for the respective GET requests?

Learn more at Authentication — Pulp Container Support 2.14.3 documentation.

Try to check your ingress configuration. Also, verify your DNS settings: lookup pulp-api-svc.pulp.svc.cluster.local on 10.10.12.11:53: no such host.

Hi @chethan,

From the pulp-api-svc.pulp.svc.cluster.local hostname I suspect this is a k8s installation, right?

If so, in addition to lubosmj questions can you please do the following steps and send us the outputs so that we can have more information on the cluster status:

• verify if the api pod is fine and its status

$ kubectl -npulp exec deployment/pulp-api -- curl -sL localhost:24817/pulp/api/v3/status/
$ kubectl -npulp exec deployment/pulp-api -- curl -sL pulp-api-svc.pulp.svc.cluster.local:24817/pulp/api/v3/status/

• verify the svc endpoints

$ kubectl -npulp get ep pulp-api-svc

• try to reach the svc by forwarding the requests

$ kubectl -npulp port-forward svc/pulp-api-svc 24817:24817 &
$ echo 127.0.0.1  pulp-api-svc.pulp.svc.cluster.local | sudo tee -a /etc/hosts
$ podman login .... (the same test you were doing before)

Screenshot 2023-03-01 at 5.18.23 PM1711×993 373 KB

kubectl -npulp exec deployment/pulp-api – curl -sL pulp-api-svc.pulp.svc.cluster.local:24817/pulp/api/v3/status/

{“versions”:[{“component”:“core”,“version”:“3.22.2”,“package”:“pulpcore”},{“component”:“rpm”,“version”:“3.18.10”,“package”:“pulp-rpm”},{“component”:“python”,“version”:“3.8.0”,“package”:“pulp-python”},{“component”:“deb”,“version”:“2.20.1”,“package”:“pulp_deb”},{“component”:“container”,“version”:“2.14.3”,“package”:“pulp-container”},{“component”:“file”,“version”:“1.11.3”,“package”:“pulp-file”},{“component”:“certguard”,“version”:“1.5.6”,“package”:“pulp-certguard”},{“component”:“ansible”,“version”:“0.16.0”,“package”:“pulp-ansible”},{“component”:“maven”,“version”:“0.3.3”,“package”:“pulp-maven”}],“online_workers”:[{“pulp_href”:"/pulp/api/v3/workers/fb13d2d4-c955-4dd9-b7b8-60d919cd1d5d/",“pulp_created”:“2023-02-03T06:07:32.574968Z”,“name”:“1@pulp-worker-75b8d47f7b-b84qd”,“last_heartbeat”:“2023-03-01T11:39:07.449013Z”,“current_task”:null}],“online_content_apps”:[{“name”:“16@pulp-content-fb68c7bb-8mctw”,“last_heartbeat”:“2023-03-01T11:39:08.140097Z”},{“name”:“15@pulp-content-fb68c7bb-8mctw”,“last_heartbeat”:“2023-03-01T11:39:06.061035Z”}],“database_connection”:{“connected”:true},“redis_connection”:{“connected”:false},“storage”:null,“content_settings”:{“content_origin”:“http://pulp-web-svc.pulp.svc.cluster.local:24880”,“content_path_prefix”:"/pulp/content/"}}%

kubectl -npulp get ep pulp-api-svc

NAME ENDPOINTS AGE
pulp-api-svc 192.*.170.208:24817 42d

echo 127.0.0.1 pulp-api-svc.pulp.svc.cluster.local | sudo tee -a /etc/hosts
Password:

@chethan, it looks like Pulp is running without any problems. What was the result of executing podman login .... (the same test you were doing before), as @hyagi suggested?

Hi @chethan,

Thank you for the outputs. It seems like Pulp is running fine, but you didn’t send us the output from the podman login (or podman push tests that you were trying to do).

Since Pulp is running and the service is answering the requests, maybe the problem is with your VirtualService configuration, but this is just a guess (my knowledge of service mesh is very limited). Did you configure the Destination Rules for pulp-api-svc?

@lubosmj @hyagi
This is the command i am running
podman login -u admin -p ZN3C85JoxCWapBr3JZmDAL2CffDxrzRu https://artifacts.abc.tech
Error
Error: authenticating creds for “artifacts.bac.tech”: Get “http://pulp-api-svc.pulp.svc.cluster.local:24817/token/?account=admin&service=artifacts.314ecorp.tech”: dial tcp: lookup pulp-api-svc.pulp.svc.cluster.local on 10.10.12.11:53: no such host

Thanks for attaching the outputs.

Would you mind also give us answers to the following questions as well?

1. Did you configure the Destination Rules for pulp-api-svc?

2. When you manually send a GET request at “http://localhost:24817/v2/” (replace the registry URL if needed), by default, the registry returns the WWW-Authenticate header with the information required to authenticate. If you send another GET request to the token server, like “http://localhost:24817/token/?service=pulp3-source-fedora31.localhost.example.com”, it returns the token that can be used for pulling content. Could you paste here the headers and responses for the respective GET requests?

@lubosmj Seems some issue was on configuration file which i used for pulp cli.
i am able to resole that

Can I have some documentation about how to use pulp as docker registry.
I need to some basic operation like
docker push abc.abc.com/my_image:my_tag
docker pull abc.abc.com/my_image:my_tag

Like this features
`A Docker registry is a server-side application that stores and manages Docker images. A private Docker registry allows you to host and manage your own Docker images, which can be useful for keeping proprietary code or sensitive information secure.

To set up a private Docker registry, you can use Docker’s official open-source registry software called “Docker Registry”. This can be installed on a server or a cloud service such as Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure. Alternatively, you can use a third-party service such as Docker Hub or GitLab Container Registry that offers private Docker registry hosting.

Once your private Docker registry is set up, you can push Docker images to it using the docker push command and pull images from it using the docker pull command. You can also configure access control to restrict who can push and pull images from the registry, which is important for keeping your images secure.

Overall, a private Docker registry provides a convenient and secure way to store and manage your Docker images, allowing you to easily share them with your team or deploy them to production environments.`

I see this documentation but it making me to understand difficult,
https://docs.pulpproject.org/pulp_container/

You can begin by vising the following workflows:

1. (docker push) - Push content to a Repository — Pulp Container Support 2.14.5 documentation
2. (docker pull) - Host and Consume a Container Repository — Pulp Container Support 2.14.5 documentation

To manage restricted pulling, take a look at: Role-based Access Control — Pulp Container Support 2.14.5 documentation.

What makes the documentation difficult to understand?