Bug 1476779
| Summary: | [3.6][Backport] oadm prune command fails with TLS issues after adding --confirm | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Michal Minar <miminar> |
| Component: | Image Registry | Assignee: | Michal Minar <miminar> |
| Status: | CLOSED ERRATA | QA Contact: | Dongbo Yan <dyan> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 3.6.1 | CC: | aos-bugs, bparees, dyan, erjones, geliu, maszulik, mfojtik, miminar, misalunk, wsun |
| Target Milestone: | --- | Keywords: | Unconfirmed |
| Target Release: | 3.6.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: Neither documentation nor cmd help talked about insecure connections to the secured registry. Errors used to be hard to decipher when user attempted to prune secured registry with bad CA certificate.
Consequence: Users had troubles running image prune against (in)secured registries.
Fix: Errors are now printed with hints, cmd help has been updated, new flags have been provided to allow for insecure fall-back.
Result: User can now easily enforce both secure and insecure connection. He will also be able to understand https errors and what to do when he hits them.
|
Story Points: | --- |
| Clone Of: | 1448595 | Environment: | |
| Last Closed: | 2017-10-25 13:04:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1448595 | ||
| Bug Blocks: | 1474446, 1475306 | ||
|
Comment 1
Michal Minar
2017-07-31 12:52:57 UTC
backport merged to origin-3.6 here, per our current process for 3.6 (fixes are cherry-picked from there back to ose-3.6): https://github.com/openshift/origin/pull/16138 wait for available puddle Verified $ ./oc version oc v3.6.173.0.49 kubernetes v1.6.1+5115d708d7 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://:8443 openshift v3.6.173.0.49 kubernetes v1.6.1+5115d708d7 # oadm prune images --certificate-authority=ca.crt --keep-younger-than=10m --registry-url=docker-registry-default.com --confirm Deleting registry layer blobs ... BLOB sha256:738f6e7aa7ede099687a772a73a6b9799e697e55c4d82baa97738bbb1e20e0c3 sha256:3cf6e1c0e04c09e1fe810f0eaeecc8c450a4618f159dd7eb70c6a17c5fb4561b Deleting images from server ... IMAGE sha256:e589ee56651301057afce5f99651e32ec30a3d79d641999491b79979d59177e6 move to verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3049 |