Bug 1842582
| Summary: | "oc adm catalog mirror" generated ImageContentSourcePolicy contains image digests in "source" | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Marek Schmidt <maschmid> | |
| Component: | OLM | Assignee: | Evan Cordell <ecordell> | |
| OLM sub component: | OLM | QA Contact: | Jian Zhang <jiazha> | |
| Status: | CLOSED ERRATA | Docs Contact: | ||
| Severity: | high | |||
| Priority: | high | CC: | afield, aos-bugs, ecordell, jokerman, jwang, maszulik, mfojtik | |
| Version: | 4.5 | Keywords: | Regression | |
| Target Milestone: | --- | |||
| Target Release: | 4.6.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1842655 (view as bug list) | Environment: | ||
| Last Closed: | 2020-10-27 16:03:06 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1842655 | |||
[root@preserve-olm-env data]# ./oc version -o yaml
clientVersion:
buildDate: "2020-06-06T02:39:31Z"
compiler: gc
gitCommit: e4f466b35d6b3d239ed9eba1764d0ca8aca2dd6b
gitTreeState: dirty
gitVersion: openshift-clients-4.6.0-202006060217
goVersion: go1.13.4
major: ""
minor: ""
platform: linux/amd64
releaseClientVersion: 4.6.0-0.nightly-2020-06-07-065515
...
1, mirror it.
[root@preserve-olm-env data]# ./oc adm catalog mirror quay.io/olmqe/jaeger:v1 localhost:5000 --manifests-only=true
using database path mapping: /:/tmp/870676964
wrote database to /tmp/870676964
using database at: /tmp/870676964/bundles.db
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-agent-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-query-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-rhel7-operator:1.13.1, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-collector-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-rhel7-operator:1.17.1-3, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-ingester-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
wrote mirroring manifests to jaeger-manifests
2, check the ICSP info, no digest info in the source field, LGTM, verify it.
[root@preserve-olm-env data]# cat jaeger-manifests/imageContentSourcePolicy.yaml
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
name: jaeger
spec:
repositoryDigestMirrors:
- mirrors:
- localhost:5000/distributed-tracing/jaeger-es-index-cleaner-rhel7
source: registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel7
- mirrors:
- localhost:5000/distributed-tracing/jaeger-collector-rhel7
source: registry.redhat.io/distributed-tracing/jaeger-collector-rhel7
- mirrors:
- localhost:5000/distributed-tracing/jaeger-agent-rhel7
source: registry.redhat.io/distributed-tracing/jaeger-agent-rhel7
- mirrors:
- localhost:5000/distributed-tracing/jaeger-es-rollover-rhel7
source: registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel7
- mirrors:
- localhost:5000/distributed-tracing/jaeger-rhel7-operator
source: registry.redhat.io/distributed-tracing/jaeger-rhel7-operator
- mirrors:
- localhost:5000/distributed-tracing/jaeger-all-in-one-rhel7
source: registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel7
- mirrors:
- localhost:5000/distributed-tracing/jaeger-query-rhel7
source: registry.redhat.io/distributed-tracing/jaeger-query-rhel7
- mirrors:
- localhost:5000/distributed-tracing/jaeger-ingester-rhel7
source: registry.redhat.io/distributed-tracing/jaeger-ingester-rhel7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |
Description of problem: Attempting to deploy staged operators using "oc adm catalog build" and "oc adm catalog mirror" The ImageContentSourcePolicy generated by "oc adm catalog mirror" doesn't seem to work on OCP 4.5, because of the "source" contains image digests: e.g. ``` - mirrors: - mirror.example.com/openshift-serverless-1-knative-rhel8-operator source: registry.stage.redhat.io/openshift-serverless-1/knative-rhel8-operator@sha256:86b76bb49e0aa1c09808ae8c1b734483155e9332a8fa6e2434f084fc2376bfa2 ``` Version-Release number of selected component (if applicable): 4.5.0-0.nightly-2020-06-01-111748 How reproducible: Always Steps to Reproduce: (quay.io/maschmid/catalog:v1 created via "oc adm catalog build" against quay.io/maschmid app registry, which contains staged serverless operator, downloaded from stage and pushed with operator-courier ) 1. oc adm catalog mirror quay.io/maschmid/catalog:v1 mirror.example.com --manifests-only=true 2. cat catalog-manifests/imageContentSourcePolicy.yaml Actual results: ... - mirrors: - mirror.example.com/openshift-serverless-1-knative-rhel8-operator source: registry.stage.redhat.io/openshift-serverless-1/knative-rhel8-operator@sha256:86b76bb49e0aa1c09808ae8c1b734483155e9332a8fa6e2434f084fc2376bfa2 ... Expected results: ... - mirrors: - mirror.example.com/openshift-serverless-1-knative-rhel8-operator source: registry.stage.redhat.io/openshift-serverless-1/knative-rhel8-operator ... Additional info: Note that even if it worked as is, ImageContentSourcePolicy shouldn't be operator-version specific, as any change in ImageContentSourcePolicy requires crio restart on all nodes.