Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1576157 - Image stream generated during installation for containerized OCP install on OpenStack lack suitable pull secret
Image stream generated during installation for containerized OCP install on O...
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.9.0
Unspecified Unspecified
high Severity high
: ---
: 3.11.0
Assigned To: Michael Gugino
Johnny Liu
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-08 22:51 EDT by Priyanka Kanthale
Modified: 2018-10-11 03:19 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-10-11 03:19:10 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:2652 None None None 2018-10-11 03:19 EDT

  None (edit)
Description Priyanka Kanthale 2018-05-08 22:51:40 EDT 
Description of problem:

The image streams / pull secrets that are generated during the cluster provisioning by openshift-ansible don't work in for containerized OCP install on OpenStack
 using image pull-through.

It fails to read image meta information from the registry-mirror, apparently due to lack of a suitable pull secret.

e.g. the IS "registry-console" in the default NS also shows the authorization error of  Unable to find a secret to match 


How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:
Shows the authorization error of  Unable to find a secret to match 


Expected results: 
Should not show such error

Additional info:
Please refer Bug 1571079 for more information 


Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 3 Scott Dodson 2018-05-09 09:03:45 EDT 
Workaround, provision a pull secret for the relevant namespaces.

https://docs.openshift.org/latest/dev_guide/managing_images.html#allowing-pods-to-reference-images-from-other-secured-registries
Comment 4 Scott Dodson 2018-07-17 09:39:32 EDT 
This should already be done now that we're provisioning a pull secret to the openshift namespace in 3.11.
Comment 5 Scott Dodson 2018-08-14 17:24:42 EDT 
Should be in openshift-ansible-3.11.0-0.15.0
Comment 6 Johnny Liu 2018-08-15 05:33:42 EDT 
Verified this bug with openshift-ansible-3.11.0-0.15.0.git.0.842d3d1None.noarch, and PASS.

Run an install against an authenticated registry with oreg_auth_user + oreg_auth_password, a pull secret is created in openshift namespace.

TASK [openshift_examples : Create imagestream import secret] *******************
Wednesday 15 August 2018  16:18:25 +0800 (0:00:00.183)       0:11:05.989 ****** 
ok: [host-8-252-102.host.centralci.eng.rdu2.redhat.com] => (item=/usr/share/openshift/examples/image-streams/image-streams-rhel7.json) => {"changed": false, "cmd": ["oc", "create", "secret", "docker-registry", "imagestreamsecret", "--docker-server=registry.dev.redhat.io", "--docker-username=****", "--docker-email=openshift@openshift.com", "--docker-password=****", "--config=/etc/origin/master/admin.kubeconfig", "-n", "openshift"], "delta": "0:00:00.196055", "end": "2018-08-15 04:18:26.368587", "failed_when_result": false, "item": "/usr/share/openshift/examples/image-streams/image-streams-rhel7.json", "rc": 0, "start": "2018-08-15 04:18:26.172532", "stderr": "", "stderr_lines": [], "stdout": "secret/imagestreamsecret created", "stdout_lines": ["secret/imagestreamsecret created"]}
ok: [host-8-252-102.host.centralci.eng.rdu2.redhat.com] => (item=/usr/share/openshift/examples/image-streams/dotnet_imagestreams.json) => {"changed": false, "cmd": ["oc", "create", "secret", "docker-registry", "imagestreamsecret", "--docker-server=registry.dev.redhat.io", "--docker-username=****", "--docker-email=openshift@openshift.com", "--docker-password=****", "--config=/etc/origin/master/admin.kubeconfig", "-n", "openshift"], "delta": "0:00:00.185415", "end": "2018-08-15 04:18:26.702816", "failed_when_result": false, "item": "/usr/share/openshift/examples/image-streams/dotnet_imagestreams.json", "msg": "non-zero return code", "rc": 1, "start": "2018-08-15 04:18:26.517401", "stderr": "Error from server (AlreadyExists): secrets \"imagestreamsecret\" already exists", "stderr_lines": ["Error from server (AlreadyExists): secrets \"imagestreamsecret\" already exists"], "stdout": "", "stdout_lines": []}

# oc describe secret imagestreamsecret -n openshift
Name:         imagestreamsecret
Namespace:    openshift
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/dockerconfigjson

Data
====
.dockerconfigjson:  1929 byte

For 3.11, there is no registry-console IS any more.
# oc get is
No resources found.
Comment 8 errata-xmlrpc 2018-10-11 03:19:10 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.