Bug 1475306
| Summary: | [3.4]oadm prune command fails with TLS issues after adding --confirm | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Michal Minar <miminar> |
| Component: | Image Registry | Assignee: | Michal Minar <miminar> |
| Status: | CLOSED ERRATA | QA Contact: | Dongbo Yan <dyan> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 3.4.1 | CC: | aos-bugs, bparees, dyan, erjones, geliu, maszulik, mfojtik, miminar, misalunk, pweil, wsun |
| Target Milestone: | --- | Keywords: | Unconfirmed |
| Target Release: | 3.4.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: Neither documentation nor cmd help talked about insecure connections to the secured registry. Errors used to be hard to decipher when user attempted to prune secured registry with bad CA certificate.
Consequence: Users had troubles running image prune against (in)secured registries.
Fix: Errors are now printed with hints, cmd help has been updated, new flags have been provided to allow for insecure fall-back.
Result: User can now easily enforce both secure and insecure connection. He will also be able to understand https errors and what to do when he hits them.
|
Story Points: | --- |
| Clone Of: | 1448595 | Environment: | |
| Last Closed: | 2017-10-25 13:04:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1448595, 1476779 | ||
| Bug Blocks: | 1474446 | ||
|
Comment 1
Michal Minar
2017-07-26 12:22:58 UTC
backport has merged, moving to modified. $ ./oc version oc v3.4.1.44.26 kubernetes v1.4.0+776c994 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://:8443 openshift v3.4.1.44.26 kubernetes v1.4.0+776c994 $ ./oc adm prune images --certificate-authority=ca.crt --keep-younger-than=0 --registry-url=docker-registry-default.apps.com --confirm Deleting registry layer blobs ... BLOB sha256:617487c08245d78cb7f11598627eef6fa764c62a32aa230423042d580c278feb sha256:26e5ed6899dbf4b1e93e0898255e8aaf43465cecd3a24910f26edb5d43dafa3c sha256:942c243a101c449d8f375cc6edf46b89ddf32ae890549435984cb4aa7a715569 sha256:8c5d133c9f1ad399a845427a5e7bb7089402a2037acefdc5d4c1ab5d6a4d1bad sha256:02e0bb2359901cef798f81c6c05df929f8ee0318a1399f5eafac888018924291 sha256:66dbe984a319ca6d40dc10c2c561821128a0bd8967e0cbd8cc2a302736041ffb Deleting images from server ... IMAGE sha256:8d9a0eb12d4cdc262a79e89cd0da120e23f6402377e80f0d295d3a5b99c3e4a4 move this bug to verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3049 |