Bug 1722569
Summary: | [4.1] Increase the limit on the number of signatures in openshift.io/image-signature-import controller | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Oleg Bulatov <obulatov> |
Component: | ImageStreams | Assignee: | Oleg Bulatov <obulatov> |
Status: | CLOSED ERRATA | QA Contact: | Wenjing Zheng <wzheng> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.11.0 | CC: | aos-bugs, jokerman, mmccomas, sponnaga, wsun, wzheng, xiuwang |
Target Milestone: | --- | ||
Target Release: | 4.1.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | 4.1.8 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: importer can import up to 3 signatures, but the registry.redhat.io often has more than 3 signatures
Consequence: signatures can't be imported
Fix: increase the limit
Result: signatures can be imported
|
Story Points: | --- |
Clone Of: | 1722568 | Environment: | |
Last Closed: | 2019-07-31 02:44:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1722568 | ||
Bug Blocks: |
Description
Oleg Bulatov
2019-06-20 16:25:50 UTC
The fix is merged to 4.1.0-0.nightly-2019-07-24-051320 ,please check if we could verify it. Verified this bug in 4.1.0-0.nightly-2019-07-24-213555 version. Verified steps: 1.Change openshift-controller-manager-operator to unmanaged state $oc patch openshiftcontrollermanagers.operator.openshift.io/cluster -p '{"spec":{"managementState": "Unmanaged"}}' --type=merge 2.Create configmap under openshift-controller-manager project $oc create cm sigstore-config --from-file=$PATH/registry.access.redhat.com.yaml -n openshift-controller-manager 3.Configure controller-manager to load this configmap $oc set volume ds/controller-manager --add --type=configmap --configmap-name=sigstore-config -m /etc/containers/registries.d/ --name=sigstore-config 4.Wait pods restart, import istag. $oc import-image registry.access.redhat.com/openshift3/ose:latest --confirm $ oc describe istag ose:latest | grep -A3 Sig Image Signatures: Name: sha256:196cd6d1761d270bcaf3aa72666b6526585b4fe8271e2e5463078490b56e60c7@0d5a0afb4af55b5992c0d02e85f8dba1a4269c38614d6fa4da4b2b92fa08dd4a Type: AtomicImageV1 Status: Unverified Image Signatures: Name: sha256:196cd6d1761d270bcaf3aa72666b6526585b4fe8271e2e5463078490b56e60c7@5819adcad7b3d6484886630a95f8c0480af9529edb2686fe03ff0fe123df0520 Type: AtomicImageV1 Status: Unverified Image Signatures: Name: sha256:196cd6d1761d270bcaf3aa72666b6526585b4fe8271e2e5463078490b56e60c7@fed589ab8275118b9cb4ef16685d05cd13b58f9bf3eb1cf8b0567a1310e18997 Type: AtomicImageV1 Status: Unverified Image Signatures: Name: sha256:196cd6d1761d270bcaf3aa72666b6526585b4fe8271e2e5463078490b56e60c7@3b9cc3c19092d5cfef87f0852ef8197ec955546e2692348b981f103cc5bbbfa3 Type: AtomicImageV1 Status: Unverified Image Signatures: Name: sha256:196cd6d1761d270bcaf3aa72666b6526585b4fe8271e2e5463078490b56e60c7@5686d0246cd09f2a009e889cc17c76a3eadd4018c3d421745cd9d21bc67c3d04 Type: AtomicImageV1 Status: Unverified Image Signatures: Name: sha256:196cd6d1761d270bcaf3aa72666b6526585b4fe8271e2e5463078490b56e60c7@379079c97c068abb32c672f0d8f2cdae5b967db6b732cd0d5fc670d55147455f Type: AtomicImageV1 Status: Unverified Image Signatures: Name: sha256:196cd6d1761d270bcaf3aa72666b6526585b4fe8271e2e5463078490b56e60c7@f194a14ce0a93b1263bece12b9a18e190f4ea6c29702576137ca75798aeb0511 Type: AtomicImageV1 Status: Unverified Image Signatures: Name: sha256:196cd6d1761d270bcaf3aa72666b6526585b4fe8271e2e5463078490b56e60c7@3d207a74b09a39c20f1e22688a81b1f71ff33bff4b5e4cd196e186a116f9c6b8 Type: AtomicImageV1 Status: Unverified If no these configuration, will no Image Signatures download. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1866 |