Description of problem: When installing OCP from a disconnected Docker registry, the cockpit registry-console image is hardcoded in the health-check script to registry.access.redhat.com. The issue has been addressed in 3.7 and would need to be backported to 3.6. Version-Release number of the following components: rpm -q openshift-ansible rpm -q ansible ansible --version How reproducible: Steps to Reproduce: 1. Run ansible installer against a disconnected registry containing the registry-console image. Actual results: The image healthchecker checks for registry.access.redhat.com/openshift3/registry-console and fails that portion of the install. Expected results: The image healthchecker checks for openshift_cockpit_deployer_version openshift_cockpit_deployer_prefix vars. Additional info: https://github.com/openshift/openshift-ansible/blob/release-3.6/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
rpm -q openshift-ansible: openshift-ansible-3.6.173.0.48-1.git.0.1609d30.el7.noarch rpm -q ansible: ansible-2.3.1.0-3.el7.noarch
Manual workaround: Modify the line in /usr/share/ansible/openshift/openshift-ansible/roles/openshift_health_checker/openshift_checks/docker_image_availability.py#L18 to point to the correct disconnected registry-console image. As a last resort, disable_check=docker_image_availability in the Ansible inventory will disable this type of health check entirely.
https://github.com/openshift/openshift-ansible/pull/6874
Failed to verify with version openshift-ansible-3.6.173.0.101-1.git.0.7c6b77f.el7, set listed parameter during installation. Installer didn't stop at health check TASK. But registry-console failed because target image doesn't existing. # cat hosts ... openshift_cockpit_deployer_prefix=registry.example.com/myrepo/ openshift_cockpit_deployer_basename=my-console openshift_cockpit_deployer_version=1.4.1 ... # oc export dc registry-console ... image: registry.example.com/myrepo/my-console:1.4.1 ... # oc get po ... registry-console-1-deploy 1/1 Running 0 31s registry-console-1-xmks0 0/1 ImagePullBackOff 0 25s ...
(In reply to Wenkai Shi from comment #7) > Failed to verify with version > openshift-ansible-3.6.173.0.101-1.git.0.7c6b77f.el7, I can't seem to reproduce. I tried installing with that same version and inventory variables and had it fail as expected: check "docker_image_availability": One or more required container images are not available: registry.example.com/myrepo/my-console:1.4.1 Checked with: skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image> Default registries searched: registry.reg-aws.openshift.com, registry.access.redhat.com Failed connecting to: registry.example.com Is there any chance your settings disabled this check?
I can reproduce it now... with version openshift-ansible-3.6.173.0.101-1.git.0.7c6b77f.el7. I might mistake in configuration. Sorry... Please move it to ON_QA, then I can verify it. 1. Hosts: ec2-xx-xx-xx-xx.compute-1.amazonaws.com, ec2-xx-xx-xx-xx.compute-1.amazonaws.com Play: Verify Requirements Task: openshift_health_check Message: One or more checks failed Details: check "docker_image_availability": One or more required container images are not available: registry.example.com/myrepo/my-console:1.4.1 Checked with: skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image> Default registries searched: registry.reg-aws.openshift.com:443, registry.access.redhat.com Blocked registries: registry.hacker.com Failed connecting to: registry.example.com
Verified with version openshift-ansible-3.6.173.0.101-1.git.0.7c6b77f.el7, health check has effect if wrong configuration existing.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1106