Bug 1775060

Summary: Problems with credentials when using more than one registry
Product: OpenShift Container Platform Reporter: Sergio <sregidor>
Component: Migration ToolingAssignee: Scott Seago <sseago>
Status: CLOSED ERRATA QA Contact: Sergio <sregidor>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.2.0CC: chezhang, dymurray, rpattath, xjiang
Target Milestone: ---   
Target Release: 4.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-28 11:09:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sergio 2019-11-21 11:53:11 UTC 
Description of problem:
If we try to use more than one registry, the application has problems when there are migration plans opened and they use different registries, for instance one Azure registry and one AWS registry.


Version-Release number of selected component (if applicable):
Controller
    image: quay.io/ocpmigrate/mig-controller:latest
    imageID: quay.io/ocpmigrate/mig-controller@sha256:478069f3c6574b31cbd68241d796e4b9eb4ab1234586208ccfc1adca3806594d
Velero:
    image: quay.io/ocpmigrate/velero:latest
    imageID: quay.io/ocpmigrate/velero@sha256:558a7a27bca175b3a9fd5318462f66bf7f1396da48ed2ca7f1a2ea6f32ff5331
    image: quay.io/ocpmigrate/migration-plugin:latest
    imageID: quay.io/ocpmigrate/migration-plugin@sha256:96e956dd650b72dfd1db4f951b4ecb545e94c6253968d83ef33de559d83ece85

How reproducible:
Always

Steps to Reproduce:
1. Add an AWS S3 bucket as registry.
2. Create a migration plan and migrate it.
3. Create a migration plan, but do not migrate it, let it open.
3. Add an Azure storage account as registry.
4  Create a migration plan and try to migrate it.


Actual results:
The application fails with this error in velero

time="2019-11-18T16:21:43Z" level=error msg="Error getting backup store for this location" backupLocation=awsbucket-7bprf controller=backup-sync error="rpc error: code = Unknown desc = NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors" error.file="/go/src/github.com/heptio/velero/pkg/cloudprovider/aws/volume_snapshotter.go:60" error.function=github.com/heptio/velero/pkg/cloudprovider/aws.getSession logSource="pkg/controller/backup_sync_controller.go:168"

Expected results:
The migration plan should be migrated.

Additional info:
Comment 1 Scott Seago 2020-04-03 14:44:14 UTC 
It looks like this fix has been in the product for a while now. The associated PRs were merged in December, but this BZ was never updated because I'd already posted the fix PRs before this BZ was created, so we hadn't connected the two.

The PRs are:
https://github.com/konveyor/mig-operator/pull/166
https://github.com/konveyor/mig-controller/pull/373

This should be ready to test for either 1.1.2 or 1.2
Comment 5 Sergio 2020-05-12 10:32:20 UTC 
Verified using CAM 1.2 stage

We verified that we can use several replication repositories at the same time now (Azure + AWS, for instance).

Nevertheless, there are still credentials collisions when we use several S3 replication repositories at the same time, for instance using AWS and nooba.

The decision was to move this BZ to VERIFIED, and open a new one reporting the new problem. The AWS + noobaa collision problem is reported in this BZ https://bugzilla.redhat.com/show_bug.cgi?id=1834744
Comment 7 errata-xmlrpc 2020-05-28 11:09:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:2326