Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1970063

Summary: [master] AgentServiceConfig mirror registry requires both ca-bundle.crt and registries.conf
Product: OpenShift Container Platform Reporter: Chad Crum <ccrum>
Component: assisted-installerAssignee: David Zager <dzager>
assisted-installer sub component: Deployment Operator QA Contact: Chad Crum <ccrum>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: aos-bugs, ccrum
Version: 4.8Keywords: Triaged
Target Milestone: ---   
Target Release: 4.9.0   
Hardware: x86_64   
OS: Linux   
Whiteboard: AI-Team-Platform
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1970405 (view as bug list) Environment:
Last Closed: 2021-10-18 17:33:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1970405    

Description Chad Crum 2021-06-09 17:37:14 UTC 
Description of problem:
Currently the AgentServiceConfig mirror registry method [1] requires a configmap containing both ca-bundle.crt and registries.conf to configure. In certain cases only one or the other is needed, but both are required to work. The only alternative is to reference a dummy certificate or dummy registries.conf in these situations.

IgnitionConfig overrides is not always a good solution as the AgentServiceConfig mirror registry method passes the changes to the OCP install-config.yaml as well

[1] https://github.com/openshift/assisted-service/blob/master/docs/operator.md#mirror-registry-configuration

Version-Release number of selected component (if applicable):
Latest assisted operator upstream

How reproducible:
100%

Steps to Reproduce:
1. 
2.
3.

Actual results:


Expected results:


Additional info:

Use cases:
- Customer mirror registry has an official CA signed certificate, so they do not need to add an additional cert, but do not a registries.conf for mirroring

- Customer is not in a disconnected environment (no need for self signed cert) but do need to include image mapping both in registries.conf and install-config.yaml for dev/testing purposes
Comment 5 errata-xmlrpc 2021-10-18 17:33:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759