Bug 1940054

Summary: Support logging into a registry if necessary
Product: Red Hat Enterprise Linux 8 Reporter: Derrick Ornelas <dornelas>
Component: toolboxAssignee: Debarshi Ray <debarshir>
Status: CLOSED ERRATA QA Contact: Alex Jia <ajia>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.4CC: debarshir, jnovy, miabbott, mjenner, smccarty, tpopela, travier, ypu
Target Milestone: rcKeywords: Triaged
Target Release: 8.4   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: toolbox-0.0.99.2-2.module+el8.5.0+11749+afc28159 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 17:37:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Derrick Ornelas 2021-03-17 14:09:28 UTC 
Description of problem:

github.com/containers/toolbox does not handle logging into a registry when a user is not logged in.  This is a regression in functionality compared to rhcos-toolbox


Version-Release number of selected component (if applicable):

toolbox-0.0.99-1.module+el8.4.0+10198+36d1d0e3


How reproducible:  100%


Steps to Reproduce:
1.  Install toolbox >= v0.0.99

2.  Create toolbox container using the support-tools image

# toolbox create --image registry.redhat.io/rhel8/support-tools


Actual results:

Toolbox will fail to pull the image.  The error does not indicate why the pull failed.

# toolbox create --image registry.redhat.io/rhel8/support-tools
Image required to create toolbox container.
Download registry.redhat.io/rhel8/support-tools (500MB)? [y/N]: y
Error: failed to pull image registry.redhat.io/rhel8/support-tools


Expected results:

Toolbox should return a warning that the user is not authenticated to the registry, then prompt the user to log in


Additional info:

rhcos-toolbox handles this use-case today


# toolbox
Error: stat /var/lib/kubelet/config.json: no such file or directory
Would you like to manually authenticate to registry: 'registry.redhat.io' and try again? [y/N] y
Username: myuser
Password: 
Login Succeeded!
Trying to pull registry.redhat.io/rhel8/support-tools:latest...
Getting image source signatures
Copying blob 6b536614e8f8 skipped: already exists  
Copying blob fdb393d8227c skipped: already exists  
Copying blob b749b8133f4d done  
Copying config 9b0af9ae39 done  
Writing manifest to image destination
Storing signatures
9b0af9ae39b1c4b367ffae4df4784e4a3db8d818a75988ab7d6707eade2dfa03
Spawning a container 'toolbox-root' with image 'registry.redhat.io/rhel8/support-tools'
Detected RUN label in the container image. Using that as the default...
Comment 2 Debarshi Ray 2021-03-18 08:31:07 UTC 
Note that so far we've only rebased 'toolbox' to github.com/containers/toolbox in RHEL 8.4, not RHOCP (which I think CoreOS is a part of).

We are aware of this issue, it is tracked upstream at https://github.com/containers/toolbox/issues/689 It should be addressed in one of the following toolbox releases that will be included in one of the next RHEL 8 versions (might be even 8.5).

We understand that this impacts RHCOS. Hence the plan is not to rebase 'toolbox' in RHOCP until issues like this can be sorted out - as agreed with the CoreOS team (CC'ing Micah). Therefore, I don't think this qualifies for the 8.4 exception as it would need weeks to be properly addressed and tested upstream.
Comment 3 Ondřej Míchal 2021-06-16 17:01:06 UTC 
This is being worked on in https://github.com/containers/toolbox/pull/787.
Comment 5 Tomas Popela 2021-07-12 12:11:10 UTC 
Can we please get the QA ack?
Comment 7 Timothée Ravier 2021-07-12 14:14:39 UTC 
Moved previous comment upstream: https://github.com/containers/toolbox/issues/754#issuecomment-878315382
Comment 13 Alex Jia 2021-08-03 08:36:09 UTC 
This bug has been verified on toolbox-0.0.99.2^1.git660b6970e998-1.module+el8.5.0+12014+438a5746.

[root@kvm-07-guest24 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.5 Beta (Ootpa)

[root@kvm-07-guest24 ~]# rpm -q toolbox podman runc kernel
toolbox-0.0.99.2^1.git660b6970e998-1.module+el8.5.0+12014+438a5746.x86_64
podman-3.3.0-0.17.module+el8.5.0+12014+438a5746.x86_64
runc-1.0.1-3.module+el8.5.0+12014+438a5746.x86_64
kernel-4.18.0-325.el8.x86_64

[root@kvm-07-guest24 ~]# toolbox create --image registry.redhat.io/rhel8/support-tools
Image required to create toolbox container.
Download registry.redhat.io/rhel8/support-tools (500MB)? [y/N]: y
Error: failed to pull image registry.redhat.io/rhel8/support-tools
If it was a private image, log in with: podman login registry.redhat.io
Use 'toolbox --verbose ...' for further details.

[root@kvm-07-guest24 ~]# podman login registry.redhat.io
Username: bob
Password: 
Login Succeeded!

[root@kvm-07-guest24 ~]# toolbox create --image registry.redhat.io/rhel8/support-tools
Image required to create toolbox container.
Download registry.redhat.io/rhel8/support-tools (500MB)? [y/N]: y
Created container: support-tools
Enter with: toolbox enter support-tools
[root@kvm-07-guest24 ~]# toolbox list
CONTAINER ID  CONTAINER NAME  CREATED         STATUS      IMAGE NAME
9c3275baacc5  support-tools   32 seconds ago  configured  registry.redhat.io/rhel8/support-tools:latest
Comment 16 errata-xmlrpc 2021-11-09 17:37:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4154