Description of problem: See the following details. Version-Release number of the following components: # oc version oc v4.0.0-0.112.0 kubernetes v1.11.0+a81c74aa0a features: Basic-Auth GSSAPI Kerberos SPNEGO How reproducible: Always Steps to Reproduce: 1. Build a new image and push it to docker.io # oc adm release new --from-release=registry.svc.ci.openshift.org/openshift/origin-release:v4.0 --to-image=docker.io/jialiu/newtesting:1 2. 3. Actual results: # oc adm release new --from-release=registry.svc.ci.openshift.org/openshift/origin-release:v4.0 --to-image=docker.io/jialiu/newtesting:1 Uploading ... failed error: errors: denied: requested access to the resource is denied unauthorized: authentication required Expected results: Failed to push release image to docker.io due to authentication error. Additional info: 1. I tried `docker tag/push` image to docker.io. it is completed successfully. 2. mirror a release image successfully. # oc --loglevel=9 adm release mirror --from=registry.svc.ci.openshift.org/openshift/origin-release:v4.0 --to-release-image=docker.io/jialiu/mirrortesting:1 --to=docker.io/jialiu/mirrortesting 3. I run the same commands with --loglevel=9 to capture the log, attach the log later.
Can you make sure that you are authenticated to both the docker.io registry as well as the "registry.svc.ci.openshift.org" registry (via the `docker login` command)? Adding Clayton for further information he may have.
(In reply to Juan Vallejo from comment #2) > Can you make sure that you are authenticated to both the docker.io registry > as well as the "registry.svc.ci.openshift.org" registry (via the `docker > login` command)? I am sure I am authenticated to docker.io registry. But I have no auth for "registry.svc.ci.openshift.org". And because mirror command is passed, I do not think I have to authenticate "registry.svc.ci.openshift.org" registry, according to log, the issue might happen at authentication for "docker.io", but docker client have no any authentication issue. # docker push docker.io/jialiu/newtesting:2 The push refers to a repository [docker.io/jialiu/newtesting] 8a788232037e: Mounted from jialiu/my 2: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527
Origin PR: https://github.com/openshift/origin/pull/21965
The fix was merged 3 days ago.
Verified this bug with oc v4.0.0-0.177.0, and PASS. # oc adm release new --from-release=registry.svc.ci.openshift.org/openshift/origin-release:v4.0 --to-image=docker.io/jialiu/newtesting:3 info: Found 70 images in release info: Manifests will be extracted to /tmp/release-image-0.0.1-2019-02-21-091420559773594 <--SNIP--> Loading manifests from service-serving-cert-signer: sha256:a792c98d39e33a119c98300e4179891ffa593036213eda7fedb7625557cc0f8a ... Uploading ... 36.34kB/s Uploading 975B ... Uploading 75.83MB ... Uploading 471B ... Uploading 7.495MB ... Uploading 10.64MB ... Pushed image sha256:aa6e3f171ef96c149a5e128af247af7507bc214c08593735f14820ce93712cc4 to docker.io/jialiu/newtesting:3 Built release image from 26 operators
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days