Red Hat Bugzilla – Bug 1508561
After running the config playbook invalid certificate for docker-registry.default.svc
Last modified: 2018-03-28 10:10:51 EDT
David, Javier, Can you help me understand what all has been done to the environment to necessistate this change? Upgraded environments should not switch to push via dns yet. Just trying to make a decision as to whether or not we call this a 3.9 or 3.10 target release.
https://github.com/openshift/openshift-ansible/pull/6851 WIP
This has been fixed by checking for a cert that lacks the proper signing and regenerating it if needed so that we can complete the transition to push via DNS.
Fixed. openshift-ansible-3.9.0-0.38.0.git.0.57e1184.el7.noarch Steps: 1. setup OCP v3.5 cluster 2. upgrade to OCP v3.6 3. migrate etcd 4. upgrade to OCP v3.7 5. upgrade to OCP v3.9 6. check imagestream # oc new-project test1 # oc new-app nodejs-mongodb-example # oc describe imagestreams/nodejs-mongodb-example | grep Docker before fix Docker Pull Spec: 172.31.14.93:5000/wmeng39/nodejs-mongodb-example after fixed Docker Pull Spec: docker-registry.default.svc:5000/wmeng39/nodejs-mongodb-example
Got same error. Pushing image docker-registry.default.svc:5000/wmeng391/nodejs-mongodb-example:latest ... Registry server Address: Registry server User Name: serviceaccount Registry server Email: serviceaccount@example.org Registry server Password: <<non-empty>> error: build error: Failed to push image: Get https://docker-registry.default.svc:5000/v1/_ping: x509: certificate is valid for docker-registry-default.apps.0206-meb.qe.rhcloud.com, docker-registry.default.svc.cluster.local, 172.31.112.208, not docker-registry.default.svc
Steps: 1. setup OCP v3.5 cluster 2. upgrade to OCP v3.6 3. migrate etcd 4. upgrade to OCP v3.7 5. upgrade to OCP v3.9 6. check build log # oc new-project wmeng391 # oc new-app nodejs-mongodb-example # oc logs po/nodejs-mongodb-example-1-build
https://github.com/openshift/openshift-ansible/pull/7121 fixed this and it merged a few days ago
Not fixed. openshift-ansible-3.9.0-0.51.0.git.0.e26400f.el7.noarch Steps: 1. setup OCP v3.5 cluster 2. upgrade to OCP v3.6 3. migrate etcd 4. upgrade to OCP v3.7 5. upgrade to OCP v3.9 6. check build log # oc new-project wmeng39051 # oc new-app nodejs-mongodb-example # oc logs po/nodejs-mongodb-example-1-build Pushing image docker-registry.default.svc:5000/wmeng39051/nodejs-mongodb-example:latest ... Registry server Address: Registry server User Name: serviceaccount Registry server Email: serviceaccount@example.org Registry server Password: <<non-empty>> error: build error: Failed to push image: Get https://docker-registry.default.svc:5000/v1/_ping: x509: certificate is valid for docker-registry-default.apps.0224-l86.qe.rhcloud.com, docker-registry.default.svc.cluster.local, 172.31.92.27, not docker-registry.default.svc
Proposed fix: https://github.com/openshift/openshift-ansible/pull/7314
Fixed. openshift-ansible-3.9.2-1.git.0.1a855b3.el7.noarch Steps: 1. setup OCP v3.5 cluster 2. upgrade to OCP v3.6 3. migrate etcd 4. upgrade to OCP v3.7 5. upgrade to OCP v3.9 6. check build log # oc new-project wmeng392 # oc new-app nodejs-mongodb-example # oc logs po/nodejs-mongodb-example-1-build Pushing image docker-registry.default.svc:5000/wmeng392/nodejs-mongodb-example:latest ... Pushed 0/6 layers, 2% complete Pushed 1/6 layers, 27% complete Pushed 2/6 layers, 44% complete Pushed 3/6 layers, 58% complete Pushed 4/6 layers, 71% complete Pushed 4/6 layers, 100% complete Pushed 5/6 layers, 100% complete Pushed 6/6 layers, 100% complete Push successful
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489