Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1662106

Summary: installer should validate pull secret upon install.
Product: OpenShift Container Platform Reporter: Johnny Liu <jialiu>
Component: InstallerAssignee: Abhinav Dahiya <adahiya>
Installer sub component: openshift-installer QA Contact: Johnny Liu <jialiu>
Status: CLOSED WONTFIX Docs Contact:
Severity: medium    
Priority: medium CC: bleanhar, dmoessne, joncp, jstrunk, tsze, wking
Version: 4.1.0   
Target Milestone: ---   
Target Release: 4.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-08 17:35:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Johnny Liu 2018-12-26 08:32:02 UTC 
Description of problem:
See the following details.

Version-Release number of the following components:
# ./openshift-install version
./openshift-install v0.8.0-master-2-g5e7b36d6351c9cc773f1dadc64abf9d7041151b1


How reproducible:
Always

Steps to Reproduce:
1. Trigger an install
2. Input a wrong pull secret on purpose
3.

Actual results:
Installation is started, and failed with "Kubernetes API not ready" error.
User wait the installation for a while, and the error message did not give user any hint about where is wrong, have to login bootstrap node for trouble-shooting until get the following message:
$ journalctl -b -f -u bootkube.service
-- Logs begin at Wed 2018-12-26 07:42:19 UTC. --
Dec 26 08:07:24 ip-10-0-13-128 systemd[1]: bootkube.service holdoff time over, scheduling restart.
Dec 26 08:07:24 ip-10-0-13-128 systemd[1]: Stopped Bootstrap a Kubernetes cluster.
Dec 26 08:07:24 ip-10-0-13-128 systemd[1]: Started Bootstrap a Kubernetes cluster.
Dec 26 08:07:32 ip-10-0-13-128 bootkube.sh[4068]: Starting etcd certificate signer...
Dec 26 08:07:32 ip-10-0-13-128 bootkube.sh[4068]: Trying to pull quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6...Failed
Dec 26 08:07:32 ip-10-0-13-128 bootkube.sh[4068]: unable to pull quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6: unable to pull image: Error initializing source docker://quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6: error getting username and password: illegal base64 data at input byte 168
Dec 26 08:07:32 ip-10-0-13-128 bootkube.sh[4068]: unable to find container etcd-signer: no container with name or ID etcd-signer found: no such container
Dec 26 08:07:32 ip-10-0-13-128 systemd[1]: bootkube.service: main process exited, code=exited, status=125/n/a
Dec 26 08:07:32 ip-10-0-13-128 systemd[1]: Unit bootkube.service entered failed state.
Dec 26 08:07:32 ip-10-0-13-128 systemd[1]: bootkube.service failed.
Dec 26 08:07:37 ip-10-0-13-128 systemd[1]: bootkube.service holdoff time over, scheduling restart.
Dec 26 08:07:37 ip-10-0-13-128 systemd[1]: Stopped Bootstrap a Kubernetes cluster.
Dec 26 08:07:37 ip-10-0-13-128 systemd[1]: Started Bootstrap a Kubernetes cluster.


Expected results:
installer should detect the inputted pull secret invalid, and notify user in advance.

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 1 W. Trevor King 2019-01-24 09:06:57 UTC 
Dup of [1].  There are a number of potential changes that might give us installer-host-side checks for the pull secret (for at least some of its tokens).  For example, installer-side credentials operator invocation [2] or RHCOS build extraction [3].

[1]: https://github.com/openshift/installer/issues/901
[2]: https://github.com/openshift/installer/issues/1010
[3]: https://github.com/openshift/installer/issues/987
Comment 2 W. Trevor King 2019-02-27 05:41:51 UTC 
[1] will give us some pull-secret validation once it (or something like it) lands.

[1]: https://github.com/openshift/installer/pull/1286
Comment 3 Brenton Leanhardt 2019-07-08 17:35:47 UTC 
This will not be fixed any time soon.
Comment 5 Jon 2020-03-19 17:45:34 UTC 
*** Bug 1814814 has been marked as a duplicate of this bug. ***