Bug 1822750 - Adding blockedRegistries to image.config.openshift.io leads to an endless reboot loop in workers and masters
Summary: Adding blockedRegistries to image.config.openshift.io leads to an endless reb...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.3.z
Assignee: Ryan Phillips
QA Contact: MinLi
URL:
Whiteboard:
: 1828300 (view as bug list)
Depends On: 1822748
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-09 18:41 UTC by Urvashi Mohnani
Modified: 2020-07-28 06:44 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of: 1809007
Environment:
Last Closed: 2020-05-11 21:20:39 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift machine-config-operator pull 1645 None closed [release-4.3] Bug 1822750: [ctrcfg controller] Use a struct array instead of map when creating new ignitions 2020-08-04 18:43:05 UTC
Red Hat Product Errata RHBA-2020:2006 None None None 2020-05-11 21:20:51 UTC

Comment 5 Antonio Murdaca 2020-04-27 15:20:48 UTC
*** Bug 1828300 has been marked as a duplicate of this bug. ***

Comment 6 MinLi 2020-05-06 08:40:24 UTC
verified with version : 4.3.0-0.nightly-2020-05-04-051714

$ oc get machineconfig 
NAME                                                        GENERATEDBYCONTROLLER                      IGNITIONVERSION   CREATED
00-master                                                   860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m
00-worker                                                   860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m
01-master-container-runtime                                 860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m
01-master-kubelet                                           860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m
01-worker-container-runtime                                 860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m
01-worker-kubelet                                           860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m
99-master-0fd19308-91f9-495e-98a4-ef557d12358d-registries   860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m
99-master-ssh                                                                                          2.2.0             173m
99-worker-16bd119c-9914-4cac-9d83-44c3a76894c2-registries   860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m
99-worker-ssh                                                                                          2.2.0             173m
rendered-master-0ae3cbf100da68319871380a8f79a799            860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m
rendered-master-4324b96886c57b616e238da2653991f2            860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             4m56s
rendered-worker-0dc82ff4d8a5d941d3493cf301419a04            860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             4m56s
rendered-worker-7cd8cef65936aec1f42c88a172f66dc0            860382c905f4358418c6513a9ab55fdd6dcc4f2d   2.2.0             172m

$ oc get node 
NAME                                         STATUS   ROLES    AGE     VERSION
ip-10-0-129-14.us-east-2.compute.internal    Ready    worker   4h13m   v1.16.2
ip-10-0-134-228.us-east-2.compute.internal   Ready    master   4h21m   v1.16.2
ip-10-0-153-156.us-east-2.compute.internal   Ready    worker   4h13m   v1.16.2
ip-10-0-158-73.us-east-2.compute.internal    Ready    master   4h21m   v1.16.2
ip-10-0-160-176.us-east-2.compute.internal   Ready    worker   4h13m   v1.16.2
ip-10-0-165-140.us-east-2.compute.internal   Ready    master   4h21m   v1.16.2

$ oc debug node/ip-10-0-129-14.us-east-2.compute.internal
Starting pod/ip-10-0-129-14us-east-2computeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.129.14
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host 
sh-4.4#  cat /etc/containers/registries.conf 
unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]

[[registry]]
  prefix = ""
  location = "untrusted.com"
  blocked = true

$ oc debug node/ip-10-0-134-228.us-east-2.compute.internal
Starting pod/ip-10-0-134-228us-east-2computeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.134.228
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host 
sh-4.4# cat /etc/containers/registries.conf                                   
unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]

[[registry]]
  prefix = ""
  location = "untrusted.com"
  blocked = true

Comment 8 errata-xmlrpc 2020-05-11 21:20:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2006


Note You need to log in before you can comment on or make changes to this bug.