Bug 1654626 - The default registry for rhel installtype should be registry.redhat.io
Summary: The default registry for rhel installtype should be registry.redhat.io
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: ImageStreams
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.1.0
Assignee: Gabe Montero
QA Contact: XiuJuan Wang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-29 09:44 UTC by XiuJuan Wang
Modified: 2019-06-04 10:41 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of:
Environment:
Last Closed: 2019-06-04 10:41:04 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 0 None None None 2019-06-04 10:41:09 UTC

Description XiuJuan Wang 2018-11-29 09:44:17 UTC 
Description of problem:
After change to rhel installtype, the created imagestream use docker.io registry, but not registry.redhat.io.
However,before the credentials sync to openshift project, the error prompt "Cannot create rhel imagestreams to registry.redhat.io". That's not consistent.

The default registry for rhel installtype should be registry.redhat.io

Version-Release number of selected component (if applicable):

origin-cluster-samples-operator:latest (9b7b35e4ef32)

How reproducible:
always

Steps to Reproduce:
1.1.Removed centos imagestream by set managementState: Removed in samplesresource

2.Create a secret with credentials for registry.redhat.io under openshift-cluster-samples-operator project
#oc create secret generic samples-registry-credentials \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
 --type=kubernetes.io/dockerconfigjson

3.Switch installtype to rhel 
#oc patch samplesresources openshift-samples -p '{"spec":{"installType":"rhel","managementState":"Managed"}}'  --type='merge'

4.Check imagestream later

Actual results:
before the credentials sync to openshift project, the error prompt "Cannot create rhel imagestreams to registry.redhat.io" when describe samplesresource

Then imagesteam will be created with docker.io registry

# oc describe is jenkins  -n openshift
Name:			jenkins
Namespace:		openshift
Created:		21 minutes ago
Labels:			samplesoperator.config.openshift.io/managed=true
Annotations:		openshift.io/display-name=Jenkins
			openshift.io/image.dockerRepositoryCheck=2018-11-29T07:46:13Z
			samplesoperator.config.openshift.io/version=v0.0.1
Image Repository:	docker-registry.default.svc:5000/openshift/jenkins
Image Lookup:		local=false
Unique Images:		2
Tags:			3

1
  tagged from docker.io/openshift/jenkins-1-centos7:latest
    prefer registry pullthrough when referencing this tag

  Provides a Jenkins 1.X server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.
  Tags: hidden, jenkins

  * docker.io/openshift/jenkins-1-centos7@sha256:7cf1c8ef7baa7a750d5c36e82d7f4a21a300c37aaa24baff593de0031ae080f0
      21 minutes ago

2 (latest)
  tagged from docker.io/openshift/jenkins-2-centos7:v4.0
    prefer registry pullthrough when referencing this tag

  Provides a Jenkins v2.x server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.
  Tags: jenkins

  * docker.io/openshift/jenkins-2-centos7@sha256:fd48b67ed2eca6c4042ac59dd3efd6763681bbc312b5f0c2a3adbfbd71f3c5ce
      21 minutes ago


Expected results:
The default registry for rhel installtype should be registry.redhat.io

Additional info:
After samples-registry-credentials secret has been created in openshift project.Check samplesresource info.
# oc get  samplesresource -o yaml 
apiVersion: v1
items:
- apiVersion: samplesoperator.config.openshift.io/v1alpha1
  kind: SamplesResource
  metadata:
    creationTimestamp: 2018-11-29T02:37:11Z
    finalizers:
    - samplesoperator.config.openshift.io/finalizer
    generation: 1
    name: openshift-samples
    namespace: ""
    resourceVersion: "34945"
    selfLink: /apis/samplesoperator.config.openshift.io/v1alpha1/samplesresources/openshift-samples
    uid: ac8b1c24-f37f-11e8-b29a-0e04acc98a4a
  spec:
    architectures:
    - x86_64
    imagePullPolicy: ""
    imagePullSpec: ""
    installType: rhel
    logging:
      level: 0
      vmodule: ""
    managementState: Managed
    version: ""
  status:
    conditions:
    - lastTransitionTime: 2018-11-29T07:46:25Z
      lastUpdateTime: 2018-11-29T07:46:25Z
      status: "True"
      type: SamplesExist
    - lastTransitionTime: 2018-11-29T07:46:06Z
      lastUpdateTime: 2018-11-29T07:46:06Z
      status: "True"
      type: ImportCredentialsExists
    - lastTransitionTime: 2018-11-29T02:37:08Z
      lastUpdateTime: 2018-11-29T02:37:08Z
      status: "True"
      type: ConfigurationValid
    - lastTransitionTime: 2018-11-29T07:48:31Z
      lastUpdateTime: 2018-11-29T07:48:31Z
      status: "False"
      type: ChangesInProgress
    - lastTransitionTime: 2018-11-29T02:41:00Z
      lastUpdateTime: 2018-11-29T02:41:00Z
      status: "False"
      type: PendingRemove
    state: Managed
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
Comment 1 XiuJuan Wang 2018-11-29 10:18:18 UTC 
Also when set 'samplesRegistry: registry.redhat.io' in samplesresource, the  imagestream will be created with "registry.redhat.ip/openshift/jenkins-2-centos7:v4.0".
It only replaces docker.io to 'registry.redhat.io'. But not use imagesteams files under the /opt/openshift/operator/ocp-x86_64/
Comment 2 Gabe Montero 2018-12-03 22:06:47 UTC 
I've reproduced at least one problem locally.

Will start crafting a fix.
Comment 3 Gabe Montero 2018-12-03 22:11:09 UTC 
Minimally, when in removed/unmanaged, need to return an error when get secret event

Also might need to add a poll of the secret in case we miss the event ... perhaps delay the poll to give the watch event a chance based on the time of the import cred condition
Comment 4 Gabe Montero 2018-12-06 20:39:02 UTC 
OK I have the centos to rhel switch working with the changes from PR https://github.com/openshift/cluster-samples-operator/pull/66
Comment 5 Gabe Montero 2018-12-14 04:22:14 UTC 
OK the PR has merged.

Look for a new version with that commit and give the centos to rhel transition another try.

Note the instructions I added in the README at https://github.com/openshift/cluster-samples-operator
Comment 6 XiuJuan Wang 2018-12-14 07:43:15 UTC 
docker.io/openshift/origin-cluster-samples-operator                  latest              55cb422f7826        2 hours ago         281 MB

Tried with okd image since can't launch new cluster with next gen install way

Deploy samples operator and cvo operator manually.
Can't reproduce this issue any more.

step1:
Removed centos imagestream by set managementState: Removed in samplesresource

step2
Create a secret with credentials for registry.redhat.io under openshift-cluster-samples-operator project
#oc create secret generic samples-registry-credentials \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
 --type=kubernetes.io/dockerconfigjson

step3.
Switch installtype to rhel 
#oc patch samplesresources openshift-samples -p '{"spec":{"installType":"rhel","managementState":"Managed"}}'  --type='merge'

step4.
Check imagestream later

imagestreams are imported with registry.redhat.io after detect secret 'samples-registry-credentials' under openshift project

Will mark this bug as verified after checking in cluster installed by next gen install
Comment 7 wewang 2018-12-17 10:10:28 UTC 
Tested in next-gen installer env, verified it
bin/openhift-install v0.7.0-master-4-ga4e426ee762c20019bbb90fe35d33c9b26d23393

steps:
1.Removed centos imagestream by set managementState: Removed in samplesresource

2.Create a secret with credentials for registry.redhat.io under openshift-cluster-samples-operator project
#oc create secret generic samples-registry-credentials \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
 --type=kubernetes.io/dockerconfigjson

3.Switch installtype to rhel 
#oc patch samplesresources openshift-samples -p '{"spec":{"installType":"rhel","managementState":"Managed"}}'  --type='merge'

4.Check imagestream later
$ oc describe is jenkins -n openshift
Name:			jenkins
Namespace:		openshift
Created:		3 seconds ago
Labels:			samplesoperator.config.openshift.io/managed=true
Annotations:		openshift.io/display-name=Jenkins
			samplesoperator.config.openshift.io/version=b61113433f047d1c661604ebe64345f21d4a063c
Image Repository:	image-registry.openshift-image-registry.svc:5000/openshift/jenkins
Image Lookup:		local=false
Unique Images:		0
Tags:			3

1
  tagged from registry.redhat.io/openshift3/jenkins-1-rhel7:latest
    prefer registry pullthrough when referencing this tag

  Provides a Jenkins 1.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.
  Tags: hidden, jenkins

  ~ importing latest image ...

2 (latest)
  tagged from registry.redhat.io/openshift3/jenkins-2-rhel7:v4.0
    prefer registry pullthrough when referencing this tag

  Provides a Jenkins 2.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.
  Tags: jenkins

  ~ importing latest image ...
Comment 10 errata-xmlrpc 2019-06-04 10:41:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758
Note You need to log in before you can comment on or make changes to this bug.