我尝试使用以下yaml在OpenShift Origin中编写的nodejs应用程序的简单构建:
kind: "BuildConfig"
apiVersion: "v1"
metadata:
name: "dyn-kickstart"
spec:
triggers:
- type: "GitHub"
github:
secret: "secret101"
source:
git:
uri: git@bitbucket.org:serverninja02/dynamic-kickstart.git
sourceSecret:
name: "github"
strategy:
type: Docker
dockerStrategy:
dockerfilePath: .
forcePull: true
noCache: true
output:
to:
kind: "DockerImage"
name: "docker-registry-default.apps.reedfamily.local/serverninja/dynamic-kickstart:v0.0.1
我正在运行以创建构建的命令:
$ cat dynamic-kickstart.yml | oc create -f -
我遇到的是构建服务帐户似乎无法访问要克隆的github网址:
Cloning "git@bitbucket.org:serverninja02/dynamic-kickstart.git" ...
error: build error: Warning: Permanently added 'bitbucket.org,192.168.1.81' (ECDSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
我按照创建ssh-privatekey秘密的说明,放入秘密商店,并链接到构建sa。我还仔细检查了该密钥并通过ssh转发测试,我可以登录到OpenShift节点和ssh git@bitbucket.org。
我不确定我做错了什么,但即使使用http git url并将其作为公共回购,它仍然无法正常工作,因为它抱怨对等证书不是可信:
Cloning "https://serverninja02@bitbucket.org/serverninja02/dynamic-kickstart.git" ...
error: build error: fatal: unable to access 'https://serverninja02@bitbucket.org/serverninja02/dynamic-kickstart.git/': Peer's certificate issuer has been marked as not trusted by the user.
此时,由于OpenShift Origin似乎并不打算从git作为源代码构建任何东西,所以我不确定该去哪里。
非常感谢任何帮助或建议!
OpenShift版本:1.3.0 OpenShift Kubernetes版本:v1.3.0 + 52492b4
这是路由器后面的扁平网络。 DNS位于Active Directory上,带有* .apps.reedfamily.local的通配符条目。
这是.local域中的测试床环境。但是,我使用这个版本来构建这个版本作为我公司托管OpenShift的POC。
答案 0 :(得分:1)
我找到了问题的答案!所以我将分享:
当我运行openshift-ansible时,在构建我的OpenShift节点期间自动配置了/etc/resolv.conf。不幸的是,在/etc/resolv.conf中放置了一个必然导致问题的搜索域。
# Generated by NetworkManager
search apps.reedfamily.local
nameserver 192.168.1.40
一旦我删除"搜索apps.reedfamily.local",就可以在下一次构建时立即解决问题!