Bug 1476779 - [3.6][Backport] oadm prune command fails with TLS issues after adding --confirm
[3.6][Backport] oadm prune command fails with TLS issues after adding --confirm
Product: OpenShift Container Platform
Classification: Red Hat
Component: Image Registry (Show other bugs)
Unspecified Unspecified
low Severity medium
: ---
: 3.6.z
Assigned To: Michal Minar
Dongbo Yan
: Unconfirmed
Depends On: 1448595
Blocks: 1474446 1475306
  Show dependency treegraph
Reported: 2017-07-31 08:49 EDT by Michal Minar
Modified: 2017-10-25 09:04 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Neither documentation nor cmd help talked about insecure connections to the secured registry. Errors used to be hard to decipher when user attempted to prune secured registry with bad CA certificate. Consequence: Users had troubles running image prune against (in)secured registries. Fix: Errors are now printed with hints, cmd help has been updated, new flags have been provided to allow for insecure fall-back. Result: User can now easily enforce both secure and insecure connection. He will also be able to understand https errors and what to do when he hits them.
Story Points: ---
Clone Of: 1448595
Last Closed: 2017-10-25 09:04:36 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:3049 normal SHIPPED_LIVE OpenShift Container Platform 3.6, 3.5, and 3.4 bug fix and enhancement update 2017-10-25 11:57:15 EDT

  None (edit)
Comment 1 Michal Minar 2017-07-31 08:52:57 EDT
Back-port PR: https://github.com/openshift/ose/pull/817
Comment 2 Ben Parees 2017-10-02 15:42:14 EDT
backport merged to origin-3.6 here, per our current process for 3.6 (fixes are cherry-picked from there back to ose-3.6):
Comment 4 Dongbo Yan 2017-10-13 04:03:22 EDT
wait for available puddle
Comment 7 Dongbo Yan 2017-10-17 01:46:58 EDT
$ ./oc version
oc v3.
kubernetes v1.6.1+5115d708d7
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://:8443
openshift v3.
kubernetes v1.6.1+5115d708d7

# oadm prune images --certificate-authority=ca.crt --keep-younger-than=10m --registry-url=docker-registry-default.com --confirm

Deleting registry layer blobs ...

Deleting images from server ...

move to verified
Comment 9 errata-xmlrpc 2017-10-25 09:04:36 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.