Bug 1842655 - "oc adm catalog mirror" generated ImageContentSourcePolicy contains image digests in "source"
Summary: "oc adm catalog mirror" generated ImageContentSourcePolicy contains image dig...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.5
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.5.0
Assignee: Evan Cordell
QA Contact: Jian Zhang
URL:
Whiteboard:
: 1846127 (view as bug list)
Depends On: 1842582
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-06-01 19:11 UTC by Evan Cordell
Modified: 2020-07-13 17:43 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1842582
Environment:
Last Closed: 2020-07-13 17:42:47 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift oc pull 450 None closed [release-4.5] Bug 1842655: Don't include digest in source for ICSP when mirroring a catalog 2020-09-01 13:29:36 UTC
Red Hat Product Errata RHBA-2020:2409 None None None 2020-07-13 17:43:07 UTC

Description Evan Cordell 2020-06-01 19:11:27 UTC
+++ This bug was initially created as a clone of Bug #1842582 +++

Description of problem:

Attempting to deploy staged operators using "oc adm catalog build" and "oc adm catalog mirror"

The ImageContentSourcePolicy generated by "oc adm catalog mirror" doesn't seem to work on OCP 4.5, because of the "source" contains image digests:

e.g.
```
  - mirrors:
    - mirror.example.com/openshift-serverless-1-knative-rhel8-operator
    source: registry.stage.redhat.io/openshift-serverless-1/knative-rhel8-operator@sha256:86b76bb49e0aa1c09808ae8c1b734483155e9332a8fa6e2434f084fc2376bfa2
```


Version-Release number of selected component (if applicable):
4.5.0-0.nightly-2020-06-01-111748

How reproducible:
Always

Steps to Reproduce:
(quay.io/maschmid/catalog:v1 created via "oc adm catalog build" against quay.io/maschmid app registry, which contains staged serverless operator, downloaded from stage and pushed with operator-courier )

1. oc adm catalog mirror quay.io/maschmid/catalog:v1 mirror.example.com --manifests-only=true
2. cat catalog-manifests/imageContentSourcePolicy.yaml

Actual results:

...
  - mirrors:
    - mirror.example.com/openshift-serverless-1-knative-rhel8-operator
    source: registry.stage.redhat.io/openshift-serverless-1/knative-rhel8-operator@sha256:86b76bb49e0aa1c09808ae8c1b734483155e9332a8fa6e2434f084fc2376bfa2
...

Expected results:

...
  - mirrors:
    - mirror.example.com/openshift-serverless-1-knative-rhel8-operator
    source: registry.stage.redhat.io/openshift-serverless-1/knative-rhel8-operator
...


Additional info:
Note that even if it worked as is, ImageContentSourcePolicy shouldn't be operator-version specific, as any change in ImageContentSourcePolicy requires crio restart on all nodes.

Comment 4 Jian Zhang 2020-06-08 02:33:23 UTC
[root@preserve-olm-env data]# ./oc version -o yaml
clientVersion:
  buildDate: "2020-06-06T16:12:44Z"
  compiler: gc
  gitCommit: 711c56a65d92d8a61930378670ba92e04a27ef86
  gitTreeState: dirty
  gitVersion: openshift-clients-4.5.0-202006061517
  goVersion: go1.13.4
  major: ""
  minor: ""
  platform: linux/amd64
releaseClientVersion: 4.5.0-0.nightly-2020-06-07-080121
serverVersion:
  buildDate: "2019-05-02T11:52:09Z"
  compiler: gc
  gitCommit: d4cacc0
  gitTreeState: clean
  gitVersion: v1.11.0+d4cacc0
  goVersion: go1.10.8
  major: "1"
  minor: 11+
  platform: linux/amd64

1, mirror it.
[root@preserve-olm-env data]# ./oc adm catalog mirror quay.io/olmqe/jaeger:v1 localhost:5000 --manifests-only=true
using database path mapping: /:/tmp/964106873
wrote database to /tmp/964106873
using database at: /tmp/964106873/bundles.db
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-rhel7-operator:1.17.1-3, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-collector-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-query-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-rhel7-operator:1.13.1, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-agent-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-ingester-rhel7:1.17.1-2, skip writing to ImageContentSourcePolicy
wrote mirroring manifests to jaeger-manifests

2, check the ICSP, no digest in the `source` field, LGTM, verify it.
[root@preserve-olm-env data]# cat jaeger-manifests/imageContentSourcePolicy.yaml 
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
  name: jaeger
spec:
  repositoryDigestMirrors:
  - mirrors:
    - localhost:5000/distributed-tracing/jaeger-all-in-one-rhel7
    source: registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel7
  - mirrors:
    - localhost:5000/distributed-tracing/jaeger-query-rhel7
    source: registry.redhat.io/distributed-tracing/jaeger-query-rhel7
  - mirrors:
    - localhost:5000/distributed-tracing/jaeger-es-rollover-rhel7
    source: registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel7
  - mirrors:
    - localhost:5000/distributed-tracing/jaeger-collector-rhel7
    source: registry.redhat.io/distributed-tracing/jaeger-collector-rhel7
  - mirrors:
    - localhost:5000/distributed-tracing/jaeger-agent-rhel7
    source: registry.redhat.io/distributed-tracing/jaeger-agent-rhel7
  - mirrors:
    - localhost:5000/distributed-tracing/jaeger-ingester-rhel7
    source: registry.redhat.io/distributed-tracing/jaeger-ingester-rhel7
  - mirrors:
    - localhost:5000/distributed-tracing/jaeger-es-index-cleaner-rhel7
    source: registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel7
  - mirrors:
    - localhost:5000/distributed-tracing/jaeger-rhel7-operator
    source: registry.redhat.io/distributed-tracing/jaeger-rhel7-operator

Comment 5 Evan Cordell 2020-06-10 20:50:10 UTC
*** Bug 1846127 has been marked as a duplicate of this bug. ***

Comment 6 errata-xmlrpc 2020-07-13 17:42:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.