Bug 1966156
Summary: | Issue with Internal Registry CA on the service pod | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Juan Manuel Parrilla Madrid <jparrill> |
Component: | assisted-installer | Assignee: | Fred Rolland <frolland> |
assisted-installer sub component: | assisted-service | QA Contact: | Chad Crum <ccrum> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | urgent | ||
Priority: | urgent | CC: | alazar, aos-bugs, ccrum, mcornea, mfilanov, pablo.iranzo |
Version: | 4.8 | Keywords: | Triaged |
Target Milestone: | --- | ||
Target Release: | 4.8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | AI-Team-Hive | ||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-07-27 23:10:38 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1958966 |
Description
Juan Manuel Parrilla Madrid
2021-05-31 14:30:01 UTC
Trying to run update-ca-trust before the service https://code.engineering.redhat.com/gerrit/c/assisted-installer-projects/+/244512 Downstream PR: https://code.engineering.redhat.com/gerrit/c/assisted-installer-projects/+/244553 No changes needed Upstream Juan, is this one fixed? Can you move to verified? I have validated this in: ACM DS Build: 2.3.0-DOWNSTREAM-2021-06-17-01-26-58 OCP Hub: 4.8.0-fc.7 Steps: - Deployed disconnected ipv6 with D/S ACM build, using mirror-registry-ca to map registries.conf + self signed CA to assisted pod - Tried to run the oc adm release command directly from the assisted-service pod: [root@sealusa10 ~]# oc rsh assisted-service-554499cbf6-nzj28 Defaulted container "assisted-service" out of: assisted-service, postgres sh-4.4$ oc adm release info -o template --template '{{.metadata.version}}' --insecure=false registry.ocp-edge-cluster-assisted-0.qe.lab.redhat.com:5000/openshift-release-dev/ocp-release:4.6.16-x86_64 error: unable to read image registry.ocp-edge-cluster-assisted-0.qe.lab.redhat.com:5000/openshift-release-dev/ocp-release:4.6.16-x86_64: Head "https://registry.ocp-edge-cluster-assisted-0.qe.lab.redhat.com:5000/v2/openshift-release-dev/ocp-release/manifests/4.6.16-x86_64": no basic auth credentials sh-4.4$ - No issue with x509 in above step - no basic auth creds is expected in this case - Next deployed all CRs to deploy a SNO cluster and did not see any errors in the assisted service pod logs related to x509. SNO cluster creation completed successfully. Hi @jparrill - I'm not reproducing this with the latest build. Can you also confirm you no longer see it and then we can flip to VERIFIED. Verified with Juan that he no longer sees this either. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |