Description of problem: The web UI gives the url registry.redhat.io for the Red Hat Registry. This URL does not work when syncing a created repo. The working URL: http://registry.access.redhat.com/ Version-Release number of selected component (if applicable): Satellite . How reproducible: Always Steps to Reproduce: 1. Navigate to Content > Products 2. Click Repo Discovery 3. For the Repository Type, select Container Image 4. For the Registry to Discover, select Red Hat Registry (registry.redhat.io) 5. Click Discover (success) 6. Select an image and click Create Selected (success) 7. Select a Product and click Run Repository Creating (success) 8. Navigate to the product and try to synchronize the newly created repository (FAIL) 9. Change the Registry URL for the repository to http://registry.access.redhat.com/ 10. Synchronize the repository again (SUCCESS) Actual results: Incorrect default Registry URL is associated with the Red Hat Registry (registry.redhat.io) Expected results: The correct Registry URL is associated with the Red Hat Registry (http://registry.access.redhat.com/) Additional info: Docs for this procedure: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.5/html-single/provisioning_guide/index#Importing_Container_Images
Both registry.access.redhat.com and registry.redhat.io are valid and supported Red Hat registries. According to https://access.redhat.com/RegistryAuthentication , registry.access.redhat.com will be eventually decommissioned. We don't know when exactly, but we opted in to be on safe side and decided to make registry.redhat.io default in Satellite. registry.redhat.io allows unlimited access to search, but requires authentication to pull content. When you click "Discover" (step 5), Satellite should prompt you to provide username and/or password, if these fields are empty. Your steps do not list any credentials - did Satellite allow you to use registry.redhat.io without credentials? We pre-fill user credentials on "Create Repositories" step, but AFAIR these can be removed manually. They can also be removed after creating repository. If you attempt to sync registry.redhat.io container without user credentials / with invalid credentials, that will fail. Did you remove credentials before syncing?
Hi Mirosław, thank you for investigating this. Satellite indeed prefills the credentials when I click Discover, as well as when I click Run Repository Creation. The credentials it prefills - my Satellite credentials, the credentials of the admin user in my case. Using this credentials allows for repository discovery and creation, but does not allow to sync the created repository. I tried to use my Red Hat account credentials. With Red Hat account credentials I was also able to synchronize the created repository. I wonder if anyone uses their Red Hat account credentials for Satellite. To my understanding, the prefilled credentials (Satellite user) would not work in most cases and might confuse a user because other credentials (Red Hat Account) are required. Am I getting this correct? I suggest adding additional text fo the Username and Password fields in the web UI to inform users what credentials they are expected to use here. What are your thoughts? Thank you
Hi Sergei, Yes, your understanding is correct. But there is one more thing - Satellite does not, or at least should not, pre-fill username and password fields on this page. I suspect behavior you are observing is caused by over-eager web browser, or some extension that you have installed. Could you try if you are able to reproduce the issue on fresh profile? In Firefox, you can click Menu -> Help -> Restart with Add-ons disabled. In Chrome, the best way is to run this from command line: `google-chrome-stable --user-data-dir=/tmp/test-chrome/`. We could add autocomplete off on these fields, but these sometimes have negative impact on user experience and are not guaranteed to work (browsers and extensions are free to ignore that hint). I think we had bugzilla for such change on password field for repos, but I can't find it. As for adding clarification to fields, I don't have strong opinion. One problem is that the same fields are used for both Red Hat registry and any custom registry that requires authentication. Maybe this is something that could be better covered in docs?
Hi Miroslaw, (In reply to Mirosław Zalewski from comment #5) > Hi Sergei, > > Yes, your understanding is correct. But there is one more thing - Satellite > does not, or at least should not, pre-fill username and password fields on > this page. I suspect behavior you are observing is caused by over-eager web > browser, or some extension that you have installed. Could you try if you are > able to reproduce the issue on fresh profile? In Firefox, you can click Menu > -> Help -> Restart with Add-ons disabled. In Chrome, the best way is to run > this from command line: `google-chrome-stable > --user-data-dir=/tmp/test-chrome/`. Thank you for the explanation, you are right, my browser was autocompleting these fields. Running the same steps in private browsing fixed the autocompletion, > > We could add autocomplete off on these fields, but these sometimes have > negative impact on user experience and are not guaranteed to work (browsers > and extensions are free to ignore that hint). I think we had bugzilla for > such change on password field for repos, but I can't find it. I agree > > As for adding clarification to fields, I don't have strong opinion. One > problem is that the same fields are used for both Red Hat registry and any > custom registry that requires authentication. Maybe this is something that > could be better covered in docs? I agree, this is cristal clear what credentials are required from the user here. And docs are clear about it. Sorry for confusing you by opening a bug. It was caused by my lack of knowledge around the 2 Red Hat registries. I think it can be closed as NOTABUG now,
Connecting redmine issue https://projects.theforeman.org/issues/27643 from this bug
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27643 has been resolved.
Since we had a patch and revert, I'm moving to VERIFIED, so it can follow usual process for bugzilla. I can confirm that Repo discovery page displays "registry.redhat.io". Sorry for not replying any earlier, I was on PTO since August 10. Tested on: Satellite 6.6 snap 18 satellite-6.6.0-6.el7sat.noarch pulp-server-2.19.1.1-1.el7sat.noarch foreman-1.22.0.21-1.el7sat.noarch tfm-rubygem-katello-3.12.0.19-1.el7sat.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3172