Bug 1592017

Summary: A pod failed to start with FailedCreatePodSandBox error in the disconnected environment
Product: OpenShift Container Platform Reporter: Takayoshi Tanaka <tatanaka>
Component: ContainersAssignee: Mrunal Patel <mpatel>
Status: CLOSED DUPLICATE QA Contact: DeShuai Ma <dma>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.9.0CC: amurdaca, aos-bugs, jkaur, jokerman, mmccomas, schoudha
Target Milestone: ---   
Target Release: 3.9.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-01 18:43:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Takayoshi Tanaka 2018-06-16 08:27:51 UTC 
Description of problem:
After installing OpenShift in the disconnected environment at a customer side, all pods are ContainerCreating status.

Version-Release number of selected component (if applicable):
3.19.14

How reproducible:
Always in a customer's side

Steps to Reproduce:
1. Install OpenShift in the disconnected environment

Actual results:
Containers are ContainerCreating status and we can see the following events.

Warning   DNSConfigForming         kubelet, <domain>   Search Line limits were exceeded, some search paths have been omitted, the applied search line is: openshift-web-console.svc.cluster.local svc.cluster.local cluster.local <customer_domain1> <customer_domain2> 

Warning   FailedCreatePodSandBox   kubelet, qomna03l.unix.anz   Failed create pod sandbox: rpc error: code = Unknown desc = error creating pod sandbox with name \"k8s_webconsole-11111111-11111_openshift-web-console_<uuid>_0\": Error determining manifest MIME type for docker://kubernetes/pause:latest: pinging docker registry returned: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on <customer_ip>:53: no such host", 

Expected results:
A container can be created without error

Additional info:
Will attach the customer's logs in private
Comment 3 Antonio Murdaca 2018-06-18 09:53:39 UTC 
is this Docker or CRI-O? it looks like everything is behaving as expected though, no network so if the pause image isn't on the host system, then the container runtime won't pull it. They should grab the pause image "somewhere", export it to a tarball, and import it on the disconnected host. I can't see how it could work otherwise.
Comment 6 Antonio Murdaca 2018-06-20 07:49:34 UTC 
What I've understood is that you guys installed CRI-O with OpenShift, but you have not setup everything for CRI-O. For instance, to block a registry in CRI-O you need to use /etc/crio/crio.conf, not /etc/sysconfig/docker.
The pre-pulled images in the "docker images" output are not in the CRI-O storage, you first need to populate the CRI-O storage in the air-gapped host.
Comment 8 Mrunal Patel 2018-08-01 18:43:14 UTC 

*** This bug has been marked as a duplicate of bug 1573693 ***