1475306 – [3.4]oadm prune command fails with TLS issues after adding --confirm

Bug 1475306 - [3.4]oadm prune command fails with TLS issues after adding --confirm

Summary: [3.4]oadm prune command fails with TLS issues after adding --confirm

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Image Registry
Sub Component:
Version:	3.4.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	3.4.z
Assignee:	Michal Minar
QA Contact:	Dongbo Yan
Docs Contact:
URL:
Whiteboard:
Depends On:	1448595 1476779
Blocks:	1474446
TreeView+	depends on / blocked

Reported:	2017-07-26 12:19 UTC by Michal Minar
Modified:	2020-06-11 13:56 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Neither documentation nor cmd help talked about insecure connections to the secured registry. Errors used to be hard to decipher when user attempted to prune secured registry with bad CA certificate. Consequence: Users had troubles running image prune against (in)secured registries. Fix: Errors are now printed with hints, cmd help has been updated, new flags have been provided to allow for insecure fall-back. Result: User can now easily enforce both secure and insecure connection. He will also be able to understand https errors and what to do when he hits them.
Clone Of:	1448595
Environment:
Last Closed:	2017-10-25 13:04:36 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:3049	0	normal	SHIPPED_LIVE	OpenShift Container Platform 3.6, 3.5, and 3.4 bug fix and enhancement update	2017-10-25 15:57:15 UTC

Comment 1 Michal Minar 2017-07-26 12:22:58 UTC

Back-port PR: https://github.com/openshift/ose/pull/811

Comment 4 Ben Parees 2017-10-02 19:41:08 UTC

backport has merged, moving to modified.

Comment 6 Dongbo Yan 2017-10-12 11:36:27 UTC

$ ./oc version
oc v3.4.1.44.26
kubernetes v1.4.0+776c994
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://:8443
openshift v3.4.1.44.26
kubernetes v1.4.0+776c994

$ ./oc adm prune images --certificate-authority=ca.crt --keep-younger-than=0 --registry-url=docker-registry-default.apps.com --confirm

Deleting registry layer blobs ...
BLOB
sha256:617487c08245d78cb7f11598627eef6fa764c62a32aa230423042d580c278feb
sha256:26e5ed6899dbf4b1e93e0898255e8aaf43465cecd3a24910f26edb5d43dafa3c
sha256:942c243a101c449d8f375cc6edf46b89ddf32ae890549435984cb4aa7a715569
sha256:8c5d133c9f1ad399a845427a5e7bb7089402a2037acefdc5d4c1ab5d6a4d1bad
sha256:02e0bb2359901cef798f81c6c05df929f8ee0318a1399f5eafac888018924291
sha256:66dbe984a319ca6d40dc10c2c561821128a0bd8967e0cbd8cc2a302736041ffb

Deleting images from server ...
IMAGE
sha256:8d9a0eb12d4cdc262a79e89cd0da120e23f6402377e80f0d295d3a5b99c3e4a4

move this bug to verified

Comment 8 errata-xmlrpc 2017-10-25 13:04:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3049

Note You need to log in before you can comment on or make changes to this bug.