Bug 1737043
Summary: | [disconnected] failed to pull release image on bootstrap node. | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Johnny Liu <jialiu> |
Component: | Node | Assignee: | Miloslav Trmač <mitr> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Sunil Choudhary <schoudha> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 4.2.0 | CC: | aos-bugs, ccoleman, jokerman, sjenning, wking |
Target Milestone: | --- | Keywords: | TestBlocker |
Target Release: | 4.2.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-05 14:23:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Johnny Liu
2019-08-02 12:30:00 UTC
What version of podman is installed? In reply to Clayton Coleman from comment #2) > What version of podman is installed? In testing with 42.80.20190801.1 rhcos: # rpm -qa|grep podman podman-manpages-1.4.2-1.module+el8.1.0+3423+f0eda5e0.noarch podman-1.4.2-1.module+el8.1.0+3423+f0eda5e0.x86_64 In testing with 410.8.20190604.0 rhcos: # rpm -qa|grep podman podman-1.0.2-1.dev.git96ccc2e.el8.x86_64 I tested this an it worked for me. Trying to figure out what the difference is. I just tried this sub'ing in my registry for the QE registry and it worked $ oc adm release mirror --from=registry.svc.ci.openshift.org/ocp/release:4.2.0-0.nightly-2019-07-30-045028 --to=registry.lab.variantweb.net/ocp/release --to-release-image=registry.lab.variantweb.net/ocp/release:4.2.0-0.nightly-2019-07-30-045028 install-config.yaml imageContentSources: - mirrors: - registry.lab.variantweb.net/ocp/release source: quay.io/openshift-release-dev/ocp-v4.0-art-dev - mirrors: - registry.lab.variantweb.net/ocp/release source: registry.svc.ci.openshift.org/ocp/release resulting registries.conf on the bootstrap node [root@bootstrap ~]# cat /etc/containers/registries.conf [[registry]] location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev" insecure = false mirror-by-digest-only = true [[registry.mirror]] location = "registry.lab.variantweb.net/ocp/release" insecure = false [[registry]] location = "registry.svc.ci.openshift.org/ocp/release" insecure = false mirror-by-digest-only = true [[registry.mirror]] location = "registry.lab.variantweb.net/ocp/release" insecure = false $ journalctl -b -u bootkube.service | grep bootkube.sh Aug 02 14:46:08 bootstrap bootkube.sh[1563]: Pulling release image... Aug 02 14:46:15 bootstrap bootkube.sh[1563]: a85ba99003ad84d6a1fce72d7c476cb89c9aac6f245e6a3d8e773946a159cefd Aug 02 14:46:33 bootstrap bootkube.sh[1563]: Rendering Cluster Version Operator Manifests... Aug 02 14:46:41 bootstrap bootkube.sh[1563]: Rendering cluster config manifests... Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_infrastructure.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_02_config.clusterrole.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_quota-openshift_01_clusterresourcequota.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_oauth.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_03_security-openshift_01_scc.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_apiserver.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_build.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_dns.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_project.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_03_config-operator_01_proxy.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_authentication.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_image.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_ingress.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_network.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_openshift-config-managed-ns.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_openshift-config-ns.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_console.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_featuregate.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Writing asset: /assets/config-bootstrap/manifests/0000_10_config-operator_01_scheduler.crd.yaml Aug 02 14:46:43 bootstrap bootkube.sh[1563]: Rendering Kubernetes API server core manifests... Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/bootstrap-manifests/kube-apiserver-pod.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/configmap-admin-kubeconfig-client-ca.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/secret-aggregator-client-signer.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/secret-control-plane-client-signer.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/secret-kube-apiserver-to-kubelet-signer.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/secret-loadbalancer-serving-signer.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/00_openshift-kube-apiserver-operator-ns.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/cluster-role-kube-apiserver.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/configmap-csr-controller-ca.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/configmap-sa-token-signing-certs.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/secret-localhost-serving-signer.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/secret-service-network-serving-signer.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/00_openshift-kube-apiserver-ns.yaml Aug 02 14:46:45 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-apiserver-bootstrap/manifests/cluster-role-binding-kube-apiserver.yaml Aug 02 14:46:46 bootstrap bootkube.sh[1563]: Rendering Kubernetes Controller Manager core manifests... Aug 02 14:46:48 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-controller-manager-bootstrap/bootstrap-manifests/kube-controller-manager-pod.yaml Aug 02 14:46:48 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-controller-manager-bootstrap/manifests/00_openshift-kube-controller-manager-ns.yaml Aug 02 14:46:48 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-controller-manager-bootstrap/manifests/00_openshift-kube-controller-manager-operator-ns.yaml Aug 02 14:46:48 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-controller-manager-bootstrap/manifests/secret-csr-signer-signer.yaml Aug 02 14:46:48 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-controller-manager-bootstrap/manifests/secret-initial-kube-controller-manager-service-account-private-key.yaml Aug 02 14:46:49 bootstrap bootkube.sh[1563]: Rendering Kubernetes Scheduler core manifests... Aug 02 14:46:51 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-scheduler-bootstrap/bootstrap-manifests/kube-scheduler-pod.yaml Aug 02 14:46:51 bootstrap bootkube.sh[1563]: Writing asset: /assets/kube-scheduler-bootstrap/manifests/00_openshift-kube-scheduler-ns.yaml Aug 02 14:46:52 bootstrap bootkube.sh[1563]: Rendering MCO manifests... Aug 02 14:46:55 bootstrap bootkube.sh[1563]: I0802 14:46:55.859940 1 bootstrap.go:86] Version: v4.2.0-201907291819-dirty (09c18e57cfa398653c3a55708702e6c962ab0fb3) Aug 02 14:46:55 bootstrap bootkube.sh[1563]: I0802 14:46:55.863805 1 bootstrap.go:177] manifests/machineconfigcontroller/controllerconfig.yaml Aug 02 14:46:55 bootstrap bootkube.sh[1563]: I0802 14:46:55.866496 1 bootstrap.go:177] manifests/master.machineconfigpool.yaml Aug 02 14:46:55 bootstrap bootkube.sh[1563]: I0802 14:46:55.866714 1 bootstrap.go:177] manifests/worker.machineconfigpool.yaml Aug 02 14:46:55 bootstrap bootkube.sh[1563]: I0802 14:46:55.866891 1 bootstrap.go:177] manifests/bootstrap-pod-v2.yaml Aug 02 14:46:55 bootstrap bootkube.sh[1563]: I0802 14:46:55.867135 1 bootstrap.go:177] manifests/machineconfigserver/csr-bootstrap-role-binding.yaml Aug 02 14:46:55 bootstrap bootkube.sh[1563]: I0802 14:46:55.867335 1 bootstrap.go:177] manifests/machineconfigserver/kube-apiserver-serving-ca-configmap.yaml Aug 02 14:46:56 bootstrap bootkube.sh[1563]: Starting etcd certificate signer... Aug 02 14:46:58 bootstrap bootkube.sh[1563]: 9d39039a5e2f5f23c4199f082d84f2679be29e9df57bd36e10803ed66432cb5c Aug 02 14:46:58 bootstrap bootkube.sh[1563]: Waiting for etcd cluster... $ cat /etc/os-release | grep ^VERSION= VERSION="42.80.20190801.1" $ podman version Version: 1.4.2 RemoteAPI Version: 1 Go Version: go1.12.6 OS/Arch: linux/amd64 I do note that registry.svc.ci.openshift.org/ocp/release:4.2.0-0.nightly-2019-07-30-045028 does not contain https://github.com/openshift/machine-config-operator/pull/1014 masters/worker bootstrapped with with bootstrap MCS will not get their /etc/containers/registries.conf set without it. Using 4.2.0-0.nightly-2019-08-01-113533 and RHCOS 42.80.20190801.1, I was able to fully install (In reply to Johnny Liu from comment #0) > rhcos version: > 410.8.20190604.0 … > Aug 02 12:06:00 qe-jialiu-76bpt-bootstrap-0 bootkube.sh[1431]: error pulling > image > "registry.svc.ci.openshift.org/ocp/release@sha256: > 09aa64d6f8700d59edd3585e32205c9698428e025f7e24ea1741ede3b2048682": unable to > pull > registry.svc.ci.openshift.org/ocp/release@sha256: > 09aa64d6f8700d59edd3585e32205c9698428e025f7e24ea1741ede3b2048682: unable to > pull image: Error initializing source > docker://registry.svc.ci.openshift.org/ocp/release@sha256: > 09aa64d6f8700d59edd3585e32205c9698428e025f7e24ea1741ede3b2048682: error > loading registries: invalid URL: cannot be empty … > In testing with 410.8.20190604.0 rhcos: > # rpm -qa|grep podman > podman-1.0.2-1.dev.git96ccc2e.el8.x86_64 That is fairly old, and it uses a pre-release version of the registries.conf v2 format (using URL: instead of Location:). It will need to be updated to at the very least 1.4.0, preferably at least 1.4.1 (for containers/image 2.0.0). (In reply to Miloslav Trmač from comment #8) > That is fairly old, and it uses a pre-release version of the registries.conf > v2 format (using URL: instead of Location:). It will need to be updated to > at the very least 1.4.0, preferably at least 1.4.1 (for containers/image > 2.0.0). … of course, I have overlooked the date in 410.8.20190604.0 . Do we _have_ to use / support such an old build? (We would probably just detect it and refuse to accept the mirror config, I guess.) (In reply to Johnny Liu from comment #0) > Try a new disconnected install, but switch bootimage to 42.80.20190801.1. > Aug 02 12:25:54 qe-jialiu1-7696m-bootstrap-0 bootkube.sh[31753]: > time="2019-08-02T12:25:54Z" level=error msg="Error pulling image ref > //registry.svc.ci.openshift.org/ocp/release@sha256: > 09aa64d6f8700d59edd3585e32205c9698428e025f7e24ea1741ede3b2048682: Error > initializing source > docker://registry.svc.ci.openshift.org/ocp/release@sha256: > 09aa64d6f8700d59edd3585e32205c9698428e025f7e24ea1741ede3b2048682: pinging > docker registry returned: Get https://registry.svc.ci.openshift.org/v2/: > dial tcp 35.196.103.194:443: i/o timeout" I’m afraid the current code only reports the error contacting the primary endpoint, failures to access the mirrors (if any) are not returned to the caller (and might not even be in the debug log). I have filed https://github.com/containers/image/issues/674 about that. Still, a possible step to diagnose this would be to run (podman --log-level=debug pull docker://$the_image) and see if it reports anything useful about the mirror. (In reply to Seth Jennings from comment #6) > I do note that > registry.svc.ci.openshift.org/ocp/release:4.2.0-0.nightly-2019-07-30-045028 > does not contain > https://github.com/openshift/machine-config-operator/pull/1014 > > masters/worker bootstrapped with with bootstrap MCS will not get their > /etc/containers/registries.conf set without it. This probably is the root cause. After I re-run testing using rhcos-42.80.20190801.1 + 4.2.0-0.nightly-2019-08-01-113533, it works well now. > That is fairly old, and it uses a pre-release version of the registries.conf v2 format (using URL: instead of Location:) For posterity, the url -> location pivot happened in [1]. [1]: https://github.com/containers/image/pull/564/files#diff-a92cc839152361a483b38c88adae5bceL28-R32 |