Bug 1508561

David, Javier,

Can you help me understand what all has been done to the environment to necessistate this change? Upgraded environments should not switch to push via dns yet.  Just trying to make a decision as to whether or not we call this a 3.9 or 3.10 target release.

https://github.com/openshift/openshift-ansible/pull/6851 WIP

This has been fixed by checking for a cert that lacks the proper signing and regenerating it if needed so that we can complete the transition to push via DNS.

Fixed.
openshift-ansible-3.9.0-0.38.0.git.0.57e1184.el7.noarch

Steps:
1. setup OCP v3.5 cluster
2. upgrade to OCP v3.6
3. migrate etcd
4. upgrade to OCP v3.7
5. upgrade to OCP v3.9
6. check imagestream
# oc new-project test1
# oc new-app nodejs-mongodb-example
# oc describe imagestreams/nodejs-mongodb-example | grep Docker
before fix
Docker Pull Spec:	172.31.14.93:5000/wmeng39/nodejs-mongodb-example
after fixed
Docker Pull Spec:	docker-registry.default.svc:5000/wmeng39/nodejs-mongodb-example

Got same error.
Pushing image docker-registry.default.svc:5000/wmeng391/nodejs-mongodb-example:latest ...
Registry server Address: 
Registry server User Name: serviceaccount
Registry server Email: serviceaccount
Registry server Password: <<non-empty>>
error: build error: Failed to push image: Get https://docker-registry.default.svc:5000/v1/_ping: x509: certificate is valid for docker-registry-default.apps.0206-meb.qe.rhcloud.com, docker-registry.default.svc.cluster.local, 172.31.112.208, not docker-registry.default.svc

Steps:
1. setup OCP v3.5 cluster
2. upgrade to OCP v3.6
3. migrate etcd
4. upgrade to OCP v3.7
5. upgrade to OCP v3.9
6. check build log
# oc new-project wmeng391
# oc new-app nodejs-mongodb-example
# oc logs po/nodejs-mongodb-example-1-build

https://github.com/openshift/openshift-ansible/pull/7121 fixed this and it merged a few days ago

Not fixed.
openshift-ansible-3.9.0-0.51.0.git.0.e26400f.el7.noarch

Steps:
1. setup OCP v3.5 cluster
2. upgrade to OCP v3.6
3. migrate etcd
4. upgrade to OCP v3.7
5. upgrade to OCP v3.9
6. check build log
# oc new-project wmeng39051
# oc new-app nodejs-mongodb-example
# oc logs po/nodejs-mongodb-example-1-build

Pushing image docker-registry.default.svc:5000/wmeng39051/nodejs-mongodb-example:latest ...
Registry server Address: 
Registry server User Name: serviceaccount
Registry server Email: serviceaccount
Registry server Password: <<non-empty>>
error: build error: Failed to push image: Get https://docker-registry.default.svc:5000/v1/_ping: x509: certificate is valid for docker-registry-default.apps.0224-l86.qe.rhcloud.com, docker-registry.default.svc.cluster.local, 172.31.92.27, not docker-registry.default.svc

Proposed fix: https://github.com/openshift/openshift-ansible/pull/7314

Fixed.
openshift-ansible-3.9.2-1.git.0.1a855b3.el7.noarch

Steps:
1. setup OCP v3.5 cluster
2. upgrade to OCP v3.6
3. migrate etcd
4. upgrade to OCP v3.7
5. upgrade to OCP v3.9
6. check build log
# oc new-project wmeng392
# oc new-app nodejs-mongodb-example
# oc logs po/nodejs-mongodb-example-1-build

Pushing image docker-registry.default.svc:5000/wmeng392/nodejs-mongodb-example:latest ...
Pushed 0/6 layers, 2% complete
Pushed 1/6 layers, 27% complete
Pushed 2/6 layers, 44% complete
Pushed 3/6 layers, 58% complete
Pushed 4/6 layers, 71% complete
Pushed 4/6 layers, 100% complete
Pushed 5/6 layers, 100% complete
Pushed 6/6 layers, 100% complete
Push successful

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0489