Bug 1378647 - Failed to "oc new-app --search" at the offline environment disconnected to the Internet
Summary: Failed to "oc new-app --search" at the offline environment disconnected to th...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 3.2.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: ---
Assignee: Martin Milata
QA Contact: Wang Haoran
URL:
Whiteboard:
Depends On:
Blocks: 1267746 1388522 1388524
TreeView+ depends on / blocked
 
Reported: 2016-09-23 00:33 UTC by Takayoshi Tanaka
Modified: 2020-01-17 15:57 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: oc new-app --search expected that the cluster can always reach registry-1.docker.io. Consequence: When registry-1.docker.io was unreachable, as is the case when running a disconnected cluster, oc new-app search would always fail. Fix: When registry-1.docker.io is unreachable, print a warning but do not fail with an error. Result: oc new-app --search is now usable in disconnected environments or in other circumstances when registry-1.docker.io is unreachable.
Clone Of:
: 1388522 (view as bug list)
Environment:
Last Closed: 2017-01-18 12:53:55 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1398330 0 low CLOSED oc new-app always returns "Internal error occurred" when it failed to find imageStream in disconnected environment 2021-09-09 12:00:46 UTC
Red Hat Product Errata RHBA-2017:0066 0 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.4 RPM Release Advisory 2017-01-18 17:23:26 UTC

Internal Links: 1398330

Description Takayoshi Tanaka 2016-09-23 00:33:58 UTC
Description of problem:
"oc new-app --search" command failed when OpenShift is disconnected to the Internet. It still tried to access registry-1.docker.io, which is the default value for docker registry [1]. However, it seems there is no way to override this value at the offline environment.

[1] https://github.com/openshift/origin/blob/v1.2.0/pkg/image/api/helper.go#L23-L29

Version-Release number of selected component (if applicable):


How reproducible:
unconfirmed.

Steps to Reproduce:
1. Setup offline OpenShift disconnected to the Internet
2. Import all the required images into OpenShift registry
3. "oc new-app --search <search term>"

Actual results:
Error with below message.
> dockerImageLookup: Image import failed. api.ImageImportStatus{.....} Message: "Internal Error occurred: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io: no such host:.


Expected results:
Ended with no error.

Additional info:

Comment 1 Ben Parees 2016-09-23 06:54:27 UTC
​it's a bug that we fail the search entirely when the registry cannot be reached, it should be a warning that is reported to the user.

Comment 2 Takayoshi Tanaka 2016-09-27 01:54:28 UTC
Do you have a plan to override the default docker registry to the customer specific one? If we can't override it, we can't search any templates and docker images at the disconnected environment.

Comment 3 Ben Parees 2016-09-27 02:02:10 UTC
you don't need to override it to search for those things, you just need it to not fail when it can't reach dockerhub, which is what we will do to fix this, as I said above.

Comment 4 Takayoshi Kimura 2016-10-07 01:41:13 UTC
Ok so once we fixed this and it's no longer fails at the middle of search process, the search can finish and users can get all results from OpenShift templates and the other configured docker registries.

Can we get a rough ETA of this fix? The customer is using 3.2.x.

Comment 5 Takayoshi Tanaka 2016-10-11 01:50:19 UTC
I understood the customer can search if it will be warning when the default docker-hub can't be reached. However, the customer would prefer to be able to override the default registry as below reasons.

1.  It will cause a delay everytime somebody searches for a docker image, as the search for "registry-1.docker.io" will have to occur and error out first
2. It will show an error and/or warning to the end user everytime they perform a docker search.  This will increase our support burden for every user as they come accross this warning and alert us about it.
3. Showing an error and/or warning for an operation when the things are running correctly is bad practive in general.

It's not "warning" status but "normal" status for the disconnected OpenShift environment that they can't reach to the docker-hub.

Besides, this bug has no workaround at this point. Can we get a rough ETA or workaround?

Comment 13 Martin Milata 2016-10-19 16:16:20 UTC
Pull request that turns the lookup failure error into a warning: https://github.com/openshift/origin/pull/11436

Comment 15 openshift-github-bot 2016-10-21 10:47:22 UTC
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/1c53eba12077b664a4db18239463276160e7c49c
oc new-app --search: don't require docker hub access

When using oc new-app --search in environment where OpenShift server
could not reach Docker Hub, oc new-app --search had failed for any
query.  This commit changes the behavior to print a warning and continue
with what was found in other sources.

Fixes bug 1378647.

Comment 18 Dongbo Yan 2016-10-26 10:00:01 UTC
Verified
openshift v3.4.0.14
kubernetes v1.4.0+776c994
etcd 3.1.0-alpha.1

steps:
1.Install an openshift cluster, pull an image
 $ docker pull docker.io/mariadb
2.add an iptable rules to disconnect to the Internet
3.$ oc new-app --search docker.io/mariadb

actual result: output a warning, and find local image
W1026 05:53:50.842350   69347 dockerimagelookup.go:217] Docker registry lookup failed: Internal error occurred: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Docker images (oc new-app --docker-image=<docker-image> [--code=<source>])
-----
docker.io/mariadb
  Registry: docker.io
  Tags:     latest

Comment 19 Ben Parees 2016-11-29 15:07:26 UTC
*** Bug 1398330 has been marked as a duplicate of this bug. ***

Comment 22 errata-xmlrpc 2017-01-18 12:53:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0066


Note You need to log in before you can comment on or make changes to this bug.