Bug 1872080

Since https://github.com/openshift/cluster-ingress-operator/pull/444 merged, I can no longer use our 'release-local' make target:

$ REPO=docker.io/danehans/cluster-ingress-operator make release-local
MANIFESTS=/var/folders/qy/m4hkc65s2n38ph802k4_nrr40000gn/T/tmp.iV2gOVxJ hack/release-local.sh
[dns_region_pref_cfg 2ae2a0f7] Temporary
 2 files changed, 452 insertions(+), 3 deletions(-)
 create mode 100644 debug.log
Sending build context to Docker daemon  173.1MB
Step 1/10 : FROM registry.svc.ci.openshift.org/ocp/builder:rhel-8-golang-openshift-4.6 AS builder
unauthorized: authentication required
make: *** [release-local] Error 1

What is needed to auth against registry.svc.ci.openshift.org?

@daneyon - 
1. Login to https://registry.svc.ci.openshift.org
2. Copy the login command (containing your token) from the console
3. Paste it on the command line
4. Run $ oc registry login

*** Bug 1870558 has been marked as a duplicate of this bug. ***

Checked the following images with 4.6.0-0.nightly-2020-09-14-225526, they are migrated to RHEL8 successfully:
openshift-ose-cluster-csi-snapshot-controller-operator
openshift-ose-csi-snapshot-controller
openshift-ose-csi-external-snapshotter
openshift-ose-cluster-storage-operator
openshift-ose-csi-driver-manila-operator
openshift-ose-csi-driver-nfs
openshift-ose-csi-driver-manila
openshift-ose-csi-external-provisioner
openshift-ose-csi-node-driver-registrar
openshift-ose-csi-external-attacher
openshift-ose-csi-external-resizer
openshift-ose-csi-livenessprobe
openshift-ose-aws-ebs-csi-driver
openshift-ose-aws-ebs-csi-driver-operator
openshift-ose-ovirt-csi-driver
openshift-ose-ovirt-csi-driver-operator


But the following images still are RHEL78:
openshift-ose-local-storage-operator-v4.6.0-202009082256.p0
openshift-ose-local-storage-diskmaker-v4.6.0-202009082256.p0
openshift-ose-local-storage-static-provisioner-v4.6.0-202009041839.p0

Those particular builds predate the migration, but have been superseded by builds which are RHEL8.  Why are non-latest builds being tested?

The following images are migrated to RHEL8:
openshift-ose-local-storage-diskmaker-v4.6.0-202009152100.p0
openshift-ose-local-storage-operator-v4.6.0-202009152100.p0
openshift-ose-local-storage-static-provisioner-v4.6.0-202009152100.p0

KCM, KS , KDS & must-gather images migrated to RHEL8.

KS:
============
[ramakasturinarra@dhcp35-60 ocp_files]$ oc exec openshift-kube-scheduler-operator-768d869d64-96t92 -c kube-scheduler-operator-container -- cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)

[ramakasturinarra@dhcp35-60 ocp_files]$ oc exec openshift-kube-scheduler-ip-10-0-132-131.ap-northeast-1.compute.internal -c kube-scheduler -- cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

[ramakasturinarra@dhcp35-60 ocp_files]$ oc exec openshift-kube-scheduler-ip-10-0-132-131.ap-northeast-1.compute.internal -c kube-scheduler-cert-syncer -- cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

KCM:
============
[ramakasturinarra@dhcp35-60 ocp_files]$ oc exec openshift-controller-manager-operator-58c5c469c6-sdcsn -c openshift-controller-manager-operator -n openshift-controller-manager-operator -- cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)

[ramakasturinarra@dhcp35-60 ocp_files]$ oc exec kube-controller-manager-ip-10-0-132-131.ap-northeast-1.compute.internal -c kube-controller-manager -n openshift-kube-controller-manager -- cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)

[ramakasturinarra@dhcp35-60 ocp_files]$ oc exec kube-controller-manager-ip-10-0-132-131.ap-northeast-1.compute.internal -c cluster-policy-controller -n openshift-kube-controller-manager -- cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)

[ramakasturinarra@dhcp35-60 ocp_files]$ oc exec kube-controller-manager-ip-10-0-132-131.ap-northeast-1.compute.internal -c kube-controller-manager-recovery-controller -n openshift-kube-controller-manager -- cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)

Must-gather:
========================
[ramakasturinarra@dhcp35-60 ocp_files]$ oc exec must-gather-9nqdb -c gather -- cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)

[ramakasturinarra@dhcp35-60 ocp_files]$ oc exec must-gather-9nqdb -c copy -- cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)

KDS:
========================
[ramakasturinarra@dhcp35-60 kubernetes]$ oc exec descheduler-operator-7df7f49d56-zl8sm -c descheduler-operator -- cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

[ramakasturinarra@dhcp35-60 kubernetes]$ oc exec cluster-74db674445-qxs8j -c openshift-descheduler -- cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

cli & cli-artifacts have not been migrated and will not be in foreseeable future because of the problem with glibc versions shipped in rhel8, if you built something on rhel8 it can't run on rhel7 so we don't.

Checked the following images with 4.6.0-0.nightly-2020-09-24-162403, they are migrated to RHEL8 successfully:
cluster-image-registry-operator 
image-registry
cluster-samples-operator
cluster-openshift-controller-manager-operator
openshift-controller-manager        
docker-builder

Thanks Juzhao's script!
 Cluster version is 4.6.0-0.nightly-2020-09-26-202331

OLM images looks good.
[root@preserve-olm-env data]# oc get pods -n openshift-operator-lifecycle-manager
NAME                               READY   STATUS    RESTARTS   AGE
catalog-operator-55d7c54dd-588rw   1/1     Running   0          6h31m
olm-operator-66979959d6-xbkfp      1/1     Running   0          6h30m
packageserver-587d79c59c-8sfpk     1/1     Running   0          6h33m
packageserver-587d79c59c-f78nv     1/1     Running   0          6h30m

[root@preserve-olm-env data]# ./check-image.sh 
pod: catalog-operator-55d7c54dd-588rw
container: catalog-operator
Red Hat Enterprise Linux release 8.2 (Ootpa)

pod: olm-operator-66979959d6-xbkfp
container: olm-operator
Red Hat Enterprise Linux release 8.2 (Ootpa)

pod: packageserver-587d79c59c-8sfpk
container: packageserver
Red Hat Enterprise Linux release 8.2 (Ootpa)

pod: packageserver-587d79c59c-f78nv
container: packageserver
Red Hat Enterprise Linux release 8.2 (Ootpa)

But, for the 4 index images, they're still based on rhel 7.8. Even the community not based on RHEL. Change it back to ASSIGNED. See below:
[root@preserve-olm-env data]# oc get pods
NAME                                                              READY   STATUS      RESTARTS   AGE
c8d7c64234717523f093f94940e4fa273706a766feba8e9a367071ee6fvddcw   0/1     Completed   0          5m34s
certified-operators-2qldm                                         1/1     Running     0          6h59m
community-operators-x9g58                                         1/1     Running     0          6h59m
marketplace-operator-58ff8b45d8-mgj7t                             1/1     Running     0          6h55m
qe-app-registry-5t5hs                                             1/1     Running     0          15m
redhat-marketplace-6hbxt                                          1/1     Running     0          6h57m
redhat-operators-zzlkp                                            1/1     Running     0          6h59m

[root@preserve-olm-env data]# ./check-image.sh 
pod: c8d7c64234717523f093f94940e4fa273706a766feba8e9a367071ee6fvddcw
container: extract
error: cannot exec into a container in a completed pod; current phase is Succeeded


pod: certified-operators-2qldm
container: registry-server
Red Hat Enterprise Linux Server release 7.8 (Maipo)


pod: community-operators-x9g58
container: registry-server
cat: can't open '/etc/redhat-release': No such file or directory
command terminated with exit code 1


pod: marketplace-operator-58ff8b45d8-mgj7t
container: marketplace-operator
Red Hat Enterprise Linux release 8.2 (Ootpa)


pod: qe-app-registry-5t5hs
container: registry-server
cat: can't open '/etc/redhat-release': No such file or directory
command terminated with exit code 1


pod: redhat-marketplace-6hbxt
container: registry-server
Red Hat Enterprise Linux Server release 7.8 (Maipo)


pod: redhat-operators-zzlkp
container: registry-server
Red Hat Enterprise Linux Server release 7.8 (Maipo)


The operator-registry looks good.
[root@preserve-olm-env data]# docker run --rm -ti --entrypoint=/bin/bash registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-operator-registry:v4.6 
bash-4.4$  cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)


For the operator-sdk, that 2 releasing images are based on rhel 8 now.
[root@preserve-olm-env data]# docker run --rm -ti --entrypoint=/bin/bash registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-helm-operator:v4.6
bash-4.4$  cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)

[root@preserve-olm-env data]# docker run --rm -ti --entrypoint=/bin/bash registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-ansible-operator:v4.6
bash-4.4$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)

$ ./test_image.sh 
Checking image cluster-kube-apiserver-operator of apiserver and auth subteam ...
Red Hat Enterprise Linux release 8.2 (Ootpa)

Checking image cluster-openshift-apiserver-operator of apiserver and auth subteam ...
Red Hat Enterprise Linux release 8.2 (Ootpa)

Checking image cluster-kube-storage-version-migrator-operator of apiserver and auth subteam ...
Red Hat Enterprise Linux release 8.2 (Ootpa)

Checking image cluster-config-operator of apiserver and auth subteam ...
Red Hat Enterprise Linux release 8.2 (Ootpa)

Checking image cluster-config-operator of apiserver and auth subteam ...
Red Hat Enterprise Linux release 8.2 (Ootpa)

Checking image hyperkube of apiserver and auth subteam ...
Red Hat Enterprise Linux release 8.2 (Ootpa)

Checking image tests of apiserver and auth subteam ...
Red Hat Enterprise Linux release 8.2 (Ootpa)

The following images check manually,
Checking image openshift-apiserver of apiserver and auth subteam ...
$ podman run --rm -ti --entrypoint=/bin/bash quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d6e7777b7b1de5859732bc6158a8e030e721ad34ef855b835cc1e643d81dcbc2
[root@fba4bc549111 /]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

Checking image cluster-authentication-operator of apiserver and auth subteam ...
podman run --rm -ti --entrypoint=/bin/bash quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62d1d992dcacfb843629b10e5bdab8f92bad5b0d1cb3f2c10d62f332999de191
[root@32a9a98ab9ab /]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

Checking image oauth-apiserver of apiserver and auth subteam ...
podman run --rm -ti --entrypoint=/bin/bash quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2159e469a9c0deb547551aaff82f44d1c76160dc5461ff25c5eeeebfd4a98cf0
[root@6b2065702fc5 /]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

Checking image service-ca-operator of apiserver and auth subteam ...
podman run --rm -ti --entrypoint=/bin/bash quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75f06654c016fcd943feda137e82254c460d7fbce9421c0c12f1902efdb28fc1
[root@4881d4ede60c /]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

all images of apiserver and auth are as expected RHEL8.2.

The index images for bundles haven't been pushed yet.

Cluster is 4.6.0-0.nightly-2020-10-08-210814,

it's ok for etcd-operator:

# project=openshift-etcd-operator
[root@preserved-geliurhel-1 tmp]# for pod in $(oc get pod -n $project | grep -v NAME| awk '{print $1}'); do echo pod: $pod;  for container in $(oc -n $project get pods $pod -o jsonpath="{.spec.containers[*].name}"); do echo container: $container;oc -n $project exec -c $container $pod  -- cat /etc/redhat-release; echo -e "\n";done; done;
pod: etcd-operator-78844f5cc6-z26jl
container: etcd-operator
Red Hat Enterprise Linux release 8.2 (Ootpa)