Bug 1960674

Summary: Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]
Product: OpenShift Container Platform Reporter: Yaakov Selkowitz <yselkowi>
Component: Image RegistryAssignee: Oleg Bulatov <obulatov>
Status: CLOSED ERRATA QA Contact: wewang <wewang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.8CC: aos-bugs, dmistry, sippy, stbenjam, xiuwang
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
job=periodic-ci-openshift-release-master-nightly-4.10-e2e-azure-fips-serial=all job=periodic-ci-openshift-release-master-nightly-4.10-e2e-openstack-fips=all job=periodic-ci-openshift-release-master-nightly-4.10-e2e-aws-fips-serial=all job=periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-fips-serial=all
Last Closed: 2022-03-10 16:03:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2041358    

Description Yaakov Selkowitz 2021-05-14 14:46:42 UTC 
There are a number of issues with the test named in $SUBJECT:

* it copies the oc binary from the machine running the test into a container pulled by the cluster, meaning that (depending on the system on which oc and openshift-tests are built and run) the oc binary might not be binary compatible, or even architecture compatible, with the container;

* the container used is upstream origin-control-plane:3.11, which seems unusual for testing a 4.y cluster given no such container exists in 4.y;

* origin containers are not available for other architectures besides x86_64, so the test cannot pass on other cluster architectures;

* even if you substitute the OCP ose-control-plane:3.11, only Power was added to 3.y, so still no help for Z (or potentially ARM in the future).

Can this test be overhauled to work on all architectures, and regardless of potential differences between client and cluster architectures?
Comment 1 Oleg Bulatov 2021-07-02 17:19:11 UTC 
Does it cause some problems today that need to be immediately fixed?
Comment 2 Yaakov Selkowitz 2021-07-06 01:49:47 UTC 
The test fails on all !x86 architectures and therefore interferes with multi-arch enablement of the serial testsuite.
Comment 6 wewang 2021-09-14 01:38:06 UTC 
Passed in https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26459/pull-ci-openshift-origin-master-e2e-aws-serial/1437469582817234944
      and https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26459/pull-ci-openshift-origin-master-e2e-aws-image-registry/1437469582766903296
Comment 7 Yaakov Selkowitz 2021-10-06 19:52:26 UTC 
Unfortunately this caused failures in the serial testsuite when run on a FIPS cluster, and was reverted.
Comment 8 wewang 2021-10-13 03:44:09 UTC 
Scenario: Image signature workflow can push a signed image to openshift registry and verify it 
Passed in: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26515/pull-ci-openshift-origin-master-e2e-aws-serial/1447922547432624128
       and: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26510/pull-ci-openshift-origin-master-e2e-aws-image-registry/1445929851142803456

       especially fips cluster:
       https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26510/pull-ci-openshift-origin-master-e2e-gcp-fips-serial/1445934123582492672
Comment 11 Stephen Benjamin 2021-11-10 14:22:30 UTC 
*** Bug 2007850 has been marked as a duplicate of this bug. ***
Comment 14 errata-xmlrpc 2022-03-10 16:03:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056