| Summary: | Fail to push a new OpenShift release image to docker.io due to authentication error via 'oc adm release new' command | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Johnny Liu <jialiu> |
| Component: | oc | Assignee: | Oleg Bulatov <obulatov> |
| Status: | CLOSED ERRATA | QA Contact: | Xingxing Xia <xxia> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.1.0 | CC: | aos-bugs, ccoleman, jokerman, mfojtik, mmccomas |
| Target Milestone: | --- | Flags: | jvallejo:
needinfo?
(ccoleman) |
| Target Release: | 4.1.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: `oc adm release new` obtains tokens only with the push scope
Consequence: for docker.io this token doesn't allow to push blobs
Fix: obtain token with the scopes push and pull
Result: new tokens are accepted by docker.io
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-04 10:41:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Johnny Liu
2018-12-26 06:02:16 UTC
Can you make sure that you are authenticated to both the docker.io registry as well as the "registry.svc.ci.openshift.org" registry (via the `docker login` command)? Adding Clayton for further information he may have. (In reply to Juan Vallejo from comment #2) > Can you make sure that you are authenticated to both the docker.io registry > as well as the "registry.svc.ci.openshift.org" registry (via the `docker > login` command)? I am sure I am authenticated to docker.io registry. But I have no auth for "registry.svc.ci.openshift.org". And because mirror command is passed, I do not think I have to authenticate "registry.svc.ci.openshift.org" registry, according to log, the issue might happen at authentication for "docker.io", but docker client have no any authentication issue. # docker push docker.io/jialiu/newtesting:2 The push refers to a repository [docker.io/jialiu/newtesting] 8a788232037e: Mounted from jialiu/my 2: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527 The fix was merged 3 days ago. Verified this bug with oc v4.0.0-0.177.0, and PASS. # oc adm release new --from-release=registry.svc.ci.openshift.org/openshift/origin-release:v4.0 --to-image=docker.io/jialiu/newtesting:3 info: Found 70 images in release info: Manifests will be extracted to /tmp/release-image-0.0.1-2019-02-21-091420559773594 <--SNIP--> Loading manifests from service-serving-cert-signer: sha256:a792c98d39e33a119c98300e4179891ffa593036213eda7fedb7625557cc0f8a ... Uploading ... 36.34kB/s Uploading 975B ... Uploading 75.83MB ... Uploading 471B ... Uploading 7.495MB ... Uploading 10.64MB ... Pushed image sha256:aa6e3f171ef96c149a5e128af247af7507bc214c08593735f14820ce93712cc4 to docker.io/jialiu/newtesting:3 Built release image from 26 operators Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758 |