Hi Daniel,
I wish it was so simple. I might missing something simple but I don't see
this.
I specify my username, password and email, but I cannot connect.
I try to connect to the external one https://registry.hub.docker.com and
our local one https://docker.<mydomain>:8080
CLI:
External:
sudo -u foreman docker login https://registry.hub.docker.com
Username: <username>
Password:
Email: <email>
Login Succeeded
Local:
sudo -u foreman docker login https://docker.<mydomain>:8080
Username: <username>
Password:
Email: <email>
Login Succeeded
Foreman Web Dashboard:
For external one I press "Test Connection":
Unable to save
Expected([200, 201, 202, 203, 204, 304]) <=> Actual(503 Service Unavailable)
For local one I press "Test Connection":
Unable to save
Expected([200, 201, 202, 203, 204, 304]) <=> Actual(401 Unauthorized)
In log file I can see (for example, external one)
Processing by ComputeResourcesController#test_connection as /
Parameters: {"utf8"=>"✓", "authenticity_token"=>
"4v+dbIBqbG+QOCRcqYw5K0OWBIlXGZ+uzLur9wDWtNw=", "compute_resource"=>{"name"
=>"ext_docker", "description"=>"", "url"=>"https://registry.hub.docker.com",
"user"=>"<username>", "password"=>"[FILTERED]", "email"=>"<email>"},
"fakepassword"=>"[FILTERED]", "cr_id"=>"7"}
CR_ID IS 7
String does not start with the prefix 'encrypted-', so ForemanDocker::Docker
ext_docker was not decrypted
String does not start with the prefix 'encrypted-', so ForemanDocker::Docker
ext_docker was not decrypted
String does not start with the prefix 'encrypted-', so ForemanDocker::Docker
ext_docker was not decrypted
String does not start with the prefix 'encrypted-', so ForemanDocker::Docker
ext_docker was not decrypted
Rendered /opt/rh/ruby193/root/usr/share/gems/gems/foreman_docker-1.2.4/app
/views/compute_resources/form/_docker.html.erb (8.6ms)
Rendered compute_resources/_form.html.erb (36.4ms)
Completed 200 OK in 2961ms (Views: 41.9ms | ActiveRecord: 4.4ms)
Anyway I saved both Compute resources to run the encryption command:
foreman-rake db:compute_resources:encrypt --trace
** Invoke db:compute_resources:encrypt (first_time)
** Invoke environment (first_time)
** Execute environment
** Execute db:compute_resources:encrypt
String starts with the prefix 'encrypted-', so Foreman::Model::Vmware COLO
was not encrypted again
String is empty', so ForemanDocker::Docker ext_docker was not encrypted
String starts with the prefix 'encrypted-', so ForemanDocker::Docker
int_docker was not encrypted again
String starts with the prefix 'encrypted-', so Foreman::Model::Vmware
SafetyServices was not encrypted again
What I'm missing or doing wrong?
Thanks a lot!
···
On Tuesday, April 7, 2015 at 11:30:09 PM UTC-7, Daniel Lobato wrote:
>
> On 04/07, tyon wrote:
> > Hi Daniel,
> >
> > thanks a lot for your answer.
> >
> > Some information about my encryption key file:
> > ls -la /etc/foreman/encryption_key.rb
> > -rw-r-----. 1 root foreman 483 Dec 6 14:28
> /etc/foreman/encryption_key.rb
> >
> >
> > stat /etc/foreman/encryption_key.rb
> > File: `/etc/foreman/encryption_key.rb'
> > Size: 483 Blocks: 8 IO Block: 4096 regular file
> > Device: 803h/2051d Inode: 1454521 Links: 1
> > Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 493/ foreman)
> > Access: 2015-04-06 18:00:10.403951462 -0700
> > Modify: 2014-12-06 14:28:07.706155998 -0800
> > Change: 2015-03-26 15:42:43.089681437 -0700
> >
> > cat /etc/foreman/encryption_key.rb
> > # Be sure to restart your server when you modify this file.
> >
> >
> > # Your encryption key for encrypting and decrypting database fields.
> > # If you change this key, all encrypted data will NOT be able to be
> > decrypted by Foreman!
> > # Make sure the key is at least 32 bytes such as SecureRandom.hex(20)
> >
> >
> > # You can use `rake security:generate_encryption_key` to regenerate this
> > file.
> >
> >
> > module EncryptionKey
> > ENCRYPTION_KEY = ENV['ENCRYPTION_KEY'] || ''
> > end
> >
> > I run:
> >
> > foreman-rake db:compute_resources:encrypt--trace
> > ** Invoke db:compute_resources:encrypt (first_time)
> > ** Invoke environment (first_time)
> > ** Execute environment
> > ** Execute db:compute_resources:encrypt
> > String starts with the prefix 'encrypted-', so Foreman::Model::Vmware
> COLO
> > was not encrypted again
> > String is empty', so ForemanDocker::Docker ext_docker was not encrypted
> > String starts with the prefix 'encrypted-', so Foreman::Model::Vmware
> > SafetyServices was not encrypted again
> >
> >
> > As far as i understand it is looking for particular string which is
> empty.
> > But my key in /etc/foreman/encryption_key.rb is not empty. I tried to
> > export my key in environment variable ENCRYPTION_KEY but it didn't help
> as
> > well.
> > What string is it looking for?
>
> Oh I see, that's just fine. It's skipping the encryption because you
> didn't specify a Docker hub username, password and email.
>
> I'd recommend you to do so as it allows you to search in the Hub. The
> password
> will be automatically encrypted if you've setup your key as I saw before.
>
> > My other compute resources are fine (2 instance of Vmware recources).
> >
> > I'm not running nightlies. I'm running stable version of Foreman 1.7.
> > Everything was installed through OS package manager.
> > Just in case if it can help:
> > rpm -qa |grep foreman
> > ruby193-rubygem-foreman_salt-1.1.1-1.el6.noarch
> > ruby193-rubygem-foreman-tasks-0.6.4-1.el6.noarch
> > foreman-selinux-1.7.4-1.el6.noarch
> > foreman-postgresql-1.7.4-1.el6.noarch
> > foreman-proxy-1.7.4-1.el6.noarch
> > rubygem-foreman_api-0.1.11-1.el6.noarch
> > ruby193-rubygem-foreman_docker-1.2.4-1.fm1_7.el6.noarch
> > foreman-compute-1.7.4-1.el6.noarch
> > foreman-vmware-1.7.4-1.el6.noarch
> > ruby193-rubygem-foreman_salt-doc-1.1.1-1.el6.noarch
> > ruby193-rubygem-foreman_templates-1.5.0-1.el6.noarch
> > foreman-1.7.4-1.el6.noarch
> > foreman-release-1.7.4-1.el6.noarch
> > foreman-installer-1.7.4-1.el6.noarch
> >
> > Thanks again.
> > I really appreciate your help.
> >
> > On Monday, April 6, 2015 at 11:32:04 PM UTC-7, Daniel Lobato wrote:
> > >
> > > On 04/02, tyon wrote:
> > > > I was able to solve half of the problem. Now the command*
> foreman-rake
> > > > test:docker *can be executed without errors.
> > > >
> > > > I installed ruby193-rubygem-sqlite3 and
> ruby193-rubygem-foreman-tasks
> > > > packages and run *foreman-rake apipie:cache* and* foreman-rake
> > > db:migrate*
> > > >
> > > > foreman-rake test:docker --trace
> > > > ** Invoke test:docker (first_time)
> > > > ** Invoke db:test:prepare (first_time)
> > > > ** Invoke db:abort_if_pending_migrations (first_time)
> > > > ** Invoke environment (first_time)
> > > > ** Execute environment
> > > > ** Invoke db:load_config (first_time)
> > > > ** Execute db:load_config
> > > > ** Execute db:abort_if_pending_migrations
> > > > ** Execute db:test:prepare
> > > > ** Invoke db:test:load (first_time)
> > > > ** Invoke db:test:purge (first_time)
> > > > ** Invoke environment
> > > > ** Invoke db:load_config
> > > > ** Execute db:test:purge
> > > > ** Execute db:test:load
> > > > ** Invoke db:test:load_schema (first_time)
> > > > ** Invoke db:test:purge
> > > > ** Execute db:test:load_schema
> > > > ** Invoke db:schema:load (first_time)
> > > > ** Invoke environment
> > > > ** Invoke db:load_config
> > > > ** Execute db:schema:load
> > > > ** Execute test:docker
> > > > ** Invoke docker_test_task (first_time)
> > > > ** Execute docker_test_task
> > > > /opt/rh/ruby193/root/usr/bin/ruby -I
> > > >
> > >
> "lib:test:/opt/rh/ruby193/root/usr/share/gems/gems/foreman_docker-1.2.4/test"
>
> > >
> > > > -I"/opt/rh/ruby193/root/usr/share/gems/gems/rake-0.9.2.2/lib"
> > > >
> > >
> "/opt/rh/ruby193/root/usr/share/gems/gems/rake-0.9.2.2/lib/rake/rake_test_loader.rb"
>
> > >
> > > >
> > >
> "/opt/rh/ruby193/root/usr/share/gems/gems/foreman_docker-1.2.4/test/**/*_test.rb"
>
> > >
> > > >
> > > >
> > > > But I still see the following error when I try aad a new Docker
> compute
> > > > recourse:
> > > >
> > > > CR_ID IS null
> > > > String does not start with the prefix 'encrypted-', so
> > > ForemanDocker::Docker
> > > > docker.com was not decrypted
> > > > String does not start with the prefix 'encrypted-', so
> > > ForemanDocker::Docker
> > > > docker.com was not decrypted
> > > > String does not start with the prefix 'encrypted-', so
> > > ForemanDocker::Docker
> > > > docker.com was not decrypted
> > >
> > > That last bit suggests your compute resource was created at a time
> when
> > > you didn't have an encryption key (check the content of
> > > /etc/foreman/encryption_key), or if you are running nightlies you
> might
> > > have hit http://projects.theforeman.org/issues/9775 which is now
> solved.
> > >
> > > You can run foreman-rake db:compute_resources:encrypt to re-encrypt
> it,
> > > it will NOT re-encrypt other compute resources that are already
> > > encrypted.
> > >
> > > We have recently documented this in the manual:
> > > http://www.theforeman.org/manuals/1.8/#5.2.10PasswordEncryption
> > >
> > > Let us know if that helped, you can also find us on #theforeman-dev
> and
> > > #theforeman on IRC if you want live help.
> > > >
> > > > I'd appreciate any help.
> > > > Thanks
> > > >
> > > >
> > > > On Monday, March 30, 2015 at 4:03:35 PM UTC-7, tyon wrote:
> > > > >
> > > > > A bit more details. When I'm trying to create a new Docker compute
> > > > > recourse, I see in the log file /var/log/foreman/production.log :
> > > > >
> > > > > Started PUT "/compute_resources/test_connection" for
> xxx.xxx.xxx.xxx
> > > at
> > > > > 2015-03-30 15:49:10 -0700
> > > > > Processing by ComputeResourcesController#test_connection as */*
> > > > > Parameters: {"utf8"=>"✓", "authenticity_token"=>
> > > > > "NBG0GHu2K8mT5lYMLas6Lv7TPsvHP/zUueqLi6JoUUI=",
> "compute_resource"=>{
> > > > > "name"=>"Our docker", "provider"=>"Docker", "description"=>"",
> > > "url"=>"
> > > > > https://docker.domain:8080", "user"=>"username",
> > > "password"=>"[FILTERED]",
> > > > > "email"=>""}, "fakepassword"=>"[FILTERED]", "cr_id"=>"null"}
> > > > > CR_ID IS null
> > > > > String does not start with the prefix 'encrypted-', so
> ForemanDocker::
> > > > > Docker Our docker was not decrypted
> > > > > String does not start with the prefix 'encrypted-', so
> ForemanDocker::
> > > > > Docker Our docker was not decrypted
> > > > > String does not start with the prefix 'encrypted-', so
> ForemanDocker::
> > > > > Docker Our docker was not decrypted
> > > > > String does not start with the prefix 'encrypted-', so
> ForemanDocker::
> > > > > Docker Our docker was not decrypted
> > > > > Rendered
> > > /opt/rh/ruby193/root/usr/share/gems/gems/foreman_docker-1.2.4/
> > > > > app/views/compute_resources/form/_docker.html.erb (4.9ms)
> > > > > Rendered compute_resources/_form.html.erb (13.9ms)
> > > > > Completed 200 OK in 344ms (Views: 14.9ms | ActiveRecord: 1.6ms)
> > > > >
> > > > >
> > > > > I see people have the same problem with different types of
> Computing
> > > > > Resources (EC2
> > > > >
> http://comments.gmane.org/gmane.linux.redhat.fedora.foreman.user/2102
> > > and
> > > > > Xen http://projects.theforeman.org/issues/9374)
> > > > > But I cannot find a solution. I tried with disabled and enforcing
> > > selinux.
> > > > >
> > > > > Anybody?
> > > > >
> > > > > On Thursday, March 26, 2015 at 12:30:09 PM UTC-7, tyon wrote:
> > > > >>
> > > > >> I am still troubleshooting my problem.
> > > > >>
> > > > >> I set up a local docker repository on another machine then my
> > > > >> Puppet/Foreman server following this article
> > > > >>
> > >
> https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04
> > > > >>
> > > > >> I'm able to connect from my Puppet/Foreman server to my Docker
> > > registry
> > > > >> from the command line interface. To be able to do it I added
> foreman
> > > user
> > > > >> to the docker group
> > > > >> https://bugzilla.redhat.com/show_bug.cgi?id=1190059
> > > > >>
> > > > >> sudo -u foreman docker login https://docker_hostname:8080
> > > > >> Username: my_username
> > > > >> Password: my_password
> > > > >> Email: whatever
> > > > >> Login Succeeded
> > > > >>
> > > > >> But I keep having problems connecting from Foreman web-interface:
> > > > >>
> > > > >> Unable to save
> > > > >> Expected([200, 201, 202, 203, 204, 304]) <=> Actual(401
> Unauthorized)
> > > > >>
> > > > >> It's a different error now, but still no joy.
> > > > >>
> > > > >> Has anyone had the same issue?
> > > > >>
> > > > >> Thanks!
> > > > >>
> > > > >> On Monday, March 23, 2015 at 2:49:17 PM UTC-7, tyon wrote:
> > > > >>>
> > > > >>> Hello all,
> > > > >>>
> > > > >>> I'd like to provision and manage Docker containers in my Foreman
> > > > >>> installation. I found this plugin
> > > > >>> https://github.com/theforeman/foreman-docker
> > > > >>>
> > > > >>> I have CentOS release 6.6, foreman-1.7.3-1.el6.noarch and I
> instaled
> > > > >>> plugin ruby193-rubygem-foreman_docker-1.2.3-1.fm1_7.el6.noarch
> > > > >>>
> > > > >>> When I try to test it I get the following error:
> > > > >>>
> > > > >>> # pwd
> > > > >>> /usr/share/foreman
> > > > >>> [root@puppet foreman]# rake test:docker --trace
> > > > >>> rake aborted!
> > > > >>> no such file to load -- apipie/middleware/checksum_in_headers
> > > > >>> /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
> > > > >>> `gem_original_require'
> > > > >>> /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
> > > `require'
> > > > >>> /usr/share/foreman/config/application.rb:2
> > > > >>> /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
> > > > >>> `gem_original_require'
> > > > >>> /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
> > > `require'
> > > > >>> /usr/share/foreman/Rakefile:1
> > > > >>>
> > > /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/lib/rake/rake_module.rb:25:in
> `
> > > > >>> load'
> > > > >>>
> > > /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/lib/rake/rake_module.rb:25:in
> > > > >>> `load_rakefile'
> > > > >>>
> > > /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/lib/rake/application.rb:589:in
> > > > >>> `raw_load_rakefile'
> > > > >>>
> > > /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/lib/rake/application.rb:89:in
> `
> > > > >>> load_rakefile'
> > > > >>>
> > > /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/lib/rake/application.rb:160:in
> > > > >>> `standard_exception_handling'
> > > > >>>
> > > /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/lib/rake/application.rb:88:in
> > > > >>> `load_rakefile'
> > > > >>>
> > > /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/lib/rake/application.rb:72:in
> `
> > > > >>> run'
> > > > >>>
> > > /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/lib/rake/application.rb:160:in
> > > > >>> `standard_exception_handling'
> > > > >>>
> > > /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/lib/rake/application.rb:70:in
> > > > >>> `run'
> > > > >>> /usr/lib/ruby/gems/1.8/gems/rake-10.0.4/bin/rake:33
> > > > >>> /usr/bin/rake:19:in `load'
> > > > >>> /usr/bin/rake:19
> > > > >>>
> > > > >>> But the file exists:
> > > > >>> locate apipie/middleware/checksum_in_headers
> > > > >>>
> > >
> /opt/rh/ruby193/root/usr/share/gems/gems/apipie-rails-0.2.6/lib/apipie/
> > > > >>> middleware/checksum_in_headers.rb
> > > > >>>
> > > > >>> When I try to connect to Docker registry from Foreman web
> interface
> > > > >>> Go to *Infrastructure > Compute Resources* and click on "New
> Compute
> > > > >>> Resource".
> > > > >>>
> > > > >>> Choose the *Docker provider*, and fill in all the fields: Url:
> > > > >>> https://registry.hub.docker.com/ My username on the docker
> site
> > > and my
> > > > >>> password.
> > > > >>> I see the following error:
> > > > >>> Unable to save
> > > > >>> Expected([200, 201, 202, 203, 204, 304]) <=> Actual(503 Service
> > > > >>> Unavailable)
> > > > >>>
> > > > >>> In the log /var/log/foreman/production.log file I can see:
> > > > >>> Error has occurred while listing VMs on docker.com (Docker):
> > > Expected([
> > > > >>> 200, 201, 202, 203, 204, 304]) <=> Actual(503 Service
> Unavailable)
> > > > >>>
> > > > >>> Do I need to install or configure anything else? Is there any
> good
> > > > >>> solution for provisioning and managing Docker containers in
> Foreman?
> > > > >>>
> > > > >>> Thanks a lot.
> > > > >>>
> > > > >>
> > > >
> > > > --
> > > > You received this message because you are subscribed to the Google
> > > Groups "Foreman users" group.
> > > > To unsubscribe from this group and stop receiving emails from it,
> send
> > > an email to foreman-user...@googlegroups.com .
> > > > To post to this group, send email to forema...@googlegroups.com
> > > .
> > > > Visit this group at http://groups.google.com/group/foreman-users.
> > > > For more options, visit https://groups.google.com/d/optout.
> > >
> > >
> > > --
> > > Daniel Lobato Garcia
> > >
> > > @eLobatoss
> > > blog.daniellobato.me
> > > daniellobato.me
> > >
> > > GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30=