Description of problem: https://github.com/openshift/oc/pull/343 introduces a bunch of options to handle release image signatures. The e2e-metal-ipi job is now broken, as it does a disconnected install. Version-Release number of selected component (if applicable): Latest CI build since Friday How reproducible: Always Steps to Reproduce: 1. Try to mirror a release to a local registry: ``` oc adm release mirror --insecure=true -a combined-pullsecret--gyUsq8fVYL --from registry.svc.ci.openshift.org/ci-op-hmxpdxpw/release@sha256:7d9cc5731a84efab3c59fe66a81a66ec1d3e386183b383f905d0efc71dd6f161 --to-release-image virthost.ostest.test.metalkube.org:5000/localimages/local-release-image:7d9cc5731a84efab3c59fe66a81a66ec1d3e386183b383f905d0efc71dd6f161 --to virthost.ostest.test.metalkube.org:5000/localimages/local-release-image ``` Actual results: error: if --to-dir and --apply-release-image-signature are not specified, --release-image-signature-to-dir must be used to specify a directory to export the signature Expected results: Ideally the old command would always work, possibly exporting the config map to `$PWD`. This would make the change backwards-compatible and not require us to do something special in 4.5 with our automation. Additional info: This whole change is problematic to deal with because `oc version --client -o json` doesn't give you an easily comparable version. Even if we parse the `releaseClientVersion`, I don't believe this was in 4.3 or 4.4 -- the output of oc version` has changed.
Here's an example of the failing CI: https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.5-e2e-metal-ipi/89
> Ideally the old command would always work, possibly exporting the config map to `$PWD`. If --to-dir, --release-image-signature-to-dir, and --apply-release-image-signature are all unset, oc should probably just do nothing about the signature.
Reproduced this bug with 4.5.0-202004201837-2039c60. [root@preserve-jialiu-ansible ~]# oc version Client Version: 4.5.0-202004201837-2039c60 [root@preserve-jialiu-ansible ~]# oc adm release mirror --from=registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-04-21-103613 --to=upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release --to-release-image=upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release:4.5.0-0.nightly-2020-04-21-103613 error: if --to-dir and --apply-release-image-signature are not specified, --release-image-signature-to-dir must be used to specify a directory to export the signature Fixed in 4.5.0-0.nightly-2020-04-21-075048 [root@preserve-jialiu-ansible ~]# oc version Client Version: 4.5.0-0.nightly-2020-04-21-075048 [root@preserve-jialiu-ansible ~]# oc adm release mirror --from=registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-04-21-103613 --to=upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release --to-release-image=upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release:4.5.0-0.nightly-2020-04-21-103613 info: Mirroring 111 images to upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release ... upshift.mirror-registry.qe.devcluster.openshift.com:5000/ ocp/release manifests: <--snip--> info: Mirroring completed in 1.04s (0B/s) Success Update image: upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release:4.5.0-0.nightly-2020-04-21-103613 Mirror prefix: upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release To use the new mirrored repository to install, add the following section to the install-config.yaml: imageContentSources: - mirrors: - upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release source: quay.io/openshift-release-dev/ocp-v4.0-art-dev - mirrors: - upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release source: registry.svc.ci.openshift.org/ocp/release To use the new mirrored repository for upgrades, use the following to create an ImageContentSourcePolicy: apiVersion: operator.openshift.io/v1alpha1 kind: ImageContentSourcePolicy metadata: name: example spec: repositoryDigestMirrors: - mirrors: - upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release source: quay.io/openshift-release-dev/ocp-v4.0-art-dev - mirrors: - upshift.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release source: registry.svc.ci.openshift.org/ocp/release
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409