Bug 1676438
Summary: | Can't import jenkins imagestream from payload automaticly | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | XiuJuan Wang <xiuwang> |
Component: | ImageStreams | Assignee: | Gabe Montero <gmontero> |
Status: | CLOSED ERRATA | QA Contact: | XiuJuan Wang <xiuwang> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.1.0 | CC: | adam.kaplan, aos-bugs, bparees, jokerman, mmccomas, wzheng, xiuwang |
Target Milestone: | --- | ||
Target Release: | 4.1.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | beta2blocker | ||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: |
undefined
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-04 10:44:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
XiuJuan Wang
2019-02-12 10:01:13 UTC
Can you run "oc import-image jenkins --all --confirm -n openshift" and see if it imports successfully? i'd like to understand if the credentials are invalid, or if we just had a timing issue. ah, i missed this at the top: Can't import jenkins imagestream from payload automaticly due to 'secrets "coreos-pull-secret" is forbidden: User "system:serviceaccount:openshift-cluster-samples-operator:cluster-samples-operator" cannot get resource "secrets" in API group "" in the namespace "kube-system"' that would imply the operator failed to copy the creds correctly, so that would cause the import failure. We'll have to double check the RBAC roles. Also, if you are running a level with https://github.com/openshift/cluster-samples-operator/pull/98 you should see credentials the samples registry credentials in the openshift namespace (we copy the coreos pull secret by default with that change ... you don't have to manually create the credential in the operator namespace If you see that secret, then yeah, the pull secret is invalid as Ben speculated If you do not see that secret, we'll want you to retry once https://github.com/openshift/cluster-samples-operator/pull/98 has made it into a cluster you can try. ah missed that too we could double check, but we are also changing the RBAC with https://bugzilla.redhat.com/show_bug.cgi?id=1675135 closing this as dup of that might make sense then Ben is investigating how we can get an OCP based installed, but in the interim, XiuJuan, can you run: oc get roles cluster-samples-operator-kube-system-edit -n kube-system -o yaml and report back what you get? sorry, that is oc get rolebinding cluster-samples-operator-kube-system-edit -n kube-system -o yaml I was able to duplicate with the origin install .... we figured out the manifests need to be re-ordered PR has merged Jenkins imagestream could be imported automaticly. $ oc describe is jenkins -n openshift Name: jenkins Namespace: openshift Created: 45 minutes ago Labels: samples.operator.openshift.io/managed=true Annotations: openshift.io/display-name=Jenkins samples.operator.openshift.io/version=v4.0.0-0.171.0.1-f15a89623 Image Repository: image-registry.openshift-image-registry.svc:5000/openshift/jenkins Image Lookup: local=false Unique Images: 1 Tags: 2 2 (latest) tagged from quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:946d88f4c19ce9952f3fc44fcab7fdd15015dc91a57f7788fdfb0546046db90c prefer registry pullthrough when referencing this tag Provides a Jenkins 2.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md. Tags: jenkins * quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:946d88f4c19ce9952f3fc44fcab7fdd15015dc91a57f7788fdfb0546046db90c 45 minutes ago $ oc get secret -n openshift NAME TYPE DATA AGE builder-dockercfg-qmwqs kubernetes.io/dockercfg 1 46m builder-token-h75lf kubernetes.io/service-account-token 3 46m builder-token-l29qq kubernetes.io/service-account-token 3 46m default-dockercfg-kgdjc kubernetes.io/dockercfg 1 46m default-token-4fkgf kubernetes.io/service-account-token 3 49m default-token-z5hlq kubernetes.io/service-account-token 3 46m deployer-dockercfg-2mdjc kubernetes.io/dockercfg 1 46m deployer-token-vlfg6 kubernetes.io/service-account-token 3 46m deployer-token-xjk8s kubernetes.io/service-account-token 3 46m samples-registry-credentials kubernetes.io/dockerconfigjson 1 46m $oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.0.0-0.nightly-2019-02-13-204401 True False 43m Cluster version is 4.0.0-0.nightly-2019-02-13-204401 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758 |