Bug 1894530
| Summary: | Mirrored images tags not migrated from 3.7 and 3.9 to 4.6 | ||
|---|---|---|---|
| Product: | Migration Toolkit for Containers | Reporter: | Sergio <sregidor> |
| Component: | General | Assignee: | Scott Seago <sseago> |
| Status: | CLOSED WONTFIX | QA Contact: | Xin jiang <xjiang> |
| Severity: | medium | Docs Contact: | Avital Pinnick <apinnick> |
| Priority: | unspecified | ||
| Version: | 1.3.z | CC: | chezhang, ernelson, rpattath, whu, xjiang |
| Target Milestone: | --- | ||
| Target Release: | 1.4.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-01-05 20:55:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I'm not really sure there's anything for us to do here. The same failure to create istags happens if you manually "oc create -f" the tags that are failing here. This feels like an openshift bug, if it's a bug at all. This should probably be closed as WONTFIX. It only happens for 3.9 and 3.7 source clusters, and the problem appears to be in the OpenShift ImageStreamTag implementation rather than in MTC. |
Description of problem: When an image is mirrored to OCP 3.7 or OCP 3.9 clusters, and then it is migrated to a 4.6 cluster, the image's tag is not migrated. Version-Release number of selected component (if applicable): CAM 1.3.1 SOURCE CLUSTER: OCP 3.9 AWS (in 3.7 it happens too) TARGET CLUSTER: OCP 4.6 How reproducible: Always Steps to Reproduce: 1. Create a namespace oc new-project bz-test 2. Create a SA in this namespace oc create sa mirror-sa -n bz-test 3. Give this account internal registry permissions oc adm policy add-cluster-role-to-user registry-editor -z mirror-sa 4. Run this pod to mirror mysql 5.7 from openshift namespace to your current bz-test namespace cat << EOF | oc create -f - apiVersion: v1 kind: Pod metadata: name: mirrorer namespace: bz-test spec: containers: - args: - 'set -x; echo ''{"auths": {"''\${INTERNAL_REGISTRY}''": { "auth": "''\$(echo -n \$(oc whoami | sed ''s/.*://'')":"\$(oc whoami -t) | base64 -w 0)''"}}}'' > /tmp/config; oc image mirror \${SOURCE_IMAGE} \${INTERNAL_REGISTRY}/\${TARGET_IMAGE} --insecure=true --registry-config=/tmp/config --force=true;' command: - /bin/sh - -c - -- env: - name: INTERNAL_REGISTRY value: docker-registry.default.svc:5000 - name: SOURCE_IMAGE value: docker-registry.default.svc:5000/openshift/mysql:5.7 - name: TARGET_IMAGE value: bz-test/mysql:mirrored image: quay.io/sregidor/oc44:latest imagePullPolicy: Always name: podtest restartPolicy: OnFailure serviceAccountName: mirror-sa EOF 5. Check that the image have been mirrored $ oc get is -n bz-test NAME DOCKER REPO TAGS UPDATED mysql docker-registry.default.svc:5000/bz-test/mysql mirrored 14 seconds ago $ oc get istag -n bz-test NAME DOCKER REF UPDATED mysql:mirrored registry.access.redhat.com/rhscl/mysql-57-rhel7@sha256:9a781abe7581cc141e14a7e404ec34125b3e89c008b14f4e7b41e094fd3049fe 30 seconds ago 6. Migrate the bz-test namespace to the 4.6 cluster Actual results: In the target cluster we find that the image has been migrated, but the tag has not been migrated. $ oc get is NAME IMAGE REPOSITORY TAGS UPDATED mysql image-registry.openshift-image-registry.svc:5000/bz-test/mysql $ oc get istag -n bz-test No resources found in bz-test namespace. Expected results: The image and the tag should be migrated. Additional info: This does not happen in OCP versions higher than 3.9. In OCP 3.10+ the migration works as expected.