Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1537344

Summary: docker_image_availability should honor custom registry-console locations
Product: OpenShift Container Platform Reporter: Matt Bagnara <mbagnara>
Component: InstallerAssignee: Luke Meyer <lmeyer>
Status: CLOSED ERRATA QA Contact: Wenkai Shi <weshi>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.6.0CC: aos-bugs, jokerman, lmeyer, mmccomas, weshi, wmeng
Target Milestone: ---   
Target Release: 3.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-12 06:01:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matt Bagnara 2018-01-23 01:05:49 UTC 
Description of problem:
When installing OCP from a disconnected Docker registry, the cockpit registry-console image is hardcoded in the health-check script to registry.access.redhat.com. The issue has been addressed in 3.7 and would need to be backported to 3.6.

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:


Steps to Reproduce:
1.
Run ansible installer against a disconnected registry containing the registry-console image.


Actual results:
The image healthchecker checks for registry.access.redhat.com/openshift3/registry-console and fails that portion of the install.

Expected results:
The image healthchecker checks for openshift_cockpit_deployer_version openshift_cockpit_deployer_prefix vars.

Additional info:

https://github.com/openshift/openshift-ansible/blob/release-3.6/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
Comment 1 Matt Bagnara 2018-01-23 15:12:24 UTC 
rpm -q openshift-ansible:
openshift-ansible-3.6.173.0.48-1.git.0.1609d30.el7.noarch

rpm -q ansible:
ansible-2.3.1.0-3.el7.noarch
Comment 2 Matt Bagnara 2018-01-23 20:16:37 UTC 
Manual workaround:
Modify the line in /usr/share/ansible/openshift/openshift-ansible/roles/openshift_health_checker/openshift_checks/docker_image_availability.py#L18
to point to the correct disconnected registry-console image.

As a last resort, disable_check=docker_image_availability in the Ansible inventory will disable this type of health check entirely.
Comment 5 Luke Meyer 2018-01-26 04:39:48 UTC 
https://github.com/openshift/openshift-ansible/pull/6874
Comment 7 Wenkai Shi 2018-01-30 09:31:12 UTC 
Failed to verify with version openshift-ansible-3.6.173.0.101-1.git.0.7c6b77f.el7, set listed parameter during installation. Installer didn't stop at health check TASK. But registry-console failed because target image doesn't existing.

# cat hosts
...
openshift_cockpit_deployer_prefix=registry.example.com/myrepo/
openshift_cockpit_deployer_basename=my-console
openshift_cockpit_deployer_version=1.4.1
...

# oc export dc registry-console
...
        image: registry.example.com/myrepo/my-console:1.4.1
...

# oc get po
...
registry-console-1-deploy   1/1       Running            0          31s
registry-console-1-xmks0    0/1       ImagePullBackOff   0          25s
...
Comment 8 Luke Meyer 2018-02-06 20:49:50 UTC 
(In reply to Wenkai Shi from comment #7)
> Failed to verify with version
> openshift-ansible-3.6.173.0.101-1.git.0.7c6b77f.el7, 

I can't seem to reproduce. I tried installing with that same version and inventory variables and had it fail as expected:

               check "docker_image_availability":
               One or more required container images are not available:
                   registry.example.com/myrepo/my-console:1.4.1
               Checked with: skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image>
               Default registries searched: registry.reg-aws.openshift.com, registry.access.redhat.com
               Failed connecting to: registry.example.com


Is there any chance your settings disabled this check?
Comment 9 Wenkai Shi 2018-02-07 04:50:32 UTC 
I can reproduce it now... with version openshift-ansible-3.6.173.0.101-1.git.0.7c6b77f.el7.
I might mistake in configuration. Sorry...
Please move it to ON_QA, then I can verify it.

  1. Hosts:    ec2-xx-xx-xx-xx.compute-1.amazonaws.com, ec2-xx-xx-xx-xx.compute-1.amazonaws.com
     Play:     Verify Requirements
     Task:     openshift_health_check
     Message:  One or more checks failed
     Details:  check "docker_image_availability":
               One or more required container images are not available:
                   registry.example.com/myrepo/my-console:1.4.1
               Checked with: skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image>
               Default registries searched: registry.reg-aws.openshift.com:443, registry.access.redhat.com
               Blocked registries: registry.hacker.com
               Failed connecting to: registry.example.com
Comment 10 Wenkai Shi 2018-02-08 01:40:48 UTC 
Verified with version openshift-ansible-3.6.173.0.101-1.git.0.7c6b77f.el7, health check has effect if wrong configuration existing.
Comment 13 errata-xmlrpc 2018-04-12 06:01:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1106