This should be considered a workaround to what appears to be a `podman` bug. The image policy on openshift is set to pull `IfNotPresent` according to this document: https://docs.openshift.com/container-platform/4.3/openshift_images/managing_images/image-pull-policy.html But I just tested on the node to remove the active image, and reload it: ``` [core@ip-10-0-145-68 ~]$ podman image rm 9b1b15add376987b5a2d44659827c5cc3578a8821c4aa0cf014d1b7d42769406 Untagged: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4f1964349e1bd7153860ce8d670bd55ba8773e928bcd0b4917f0d56919113483 Deleted: 9b1b15add376987b5a2d44659827c5cc3578a8821c4aa0cf014d1b7d42769406 [core@ip-10-0-145-68 ~]$ podman create quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4f1964349e1bd7153860ce8d670bd55ba8773e928bcd0b4917f0d56919113483 --authfile=/tmp/config.json Trying to pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4f1964349e1bd7153860ce8d670bd55ba8773e928bcd0b4917f0d56919113483... unauthorized: access to the requested resource is not authorized Error: unable to pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4f1964349e1bd7153860ce8d670bd55ba8773e928bcd0b4917f0d56919113483: unable to pull image: Error initializing source docker://quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4f1964349e1bd7153860ce8d670bd55ba8773e928bcd0b4917f0d56919113483: Error reading manifest sha256:4f1964349e1bd7153860ce8d670bd55ba8773e928bcd0b4917f0d56919113483 in quay.io/openshift-release-dev/ocp-v4.0-art-dev: unauthorized: access to the requested resource is not authorized [core@ip-10-0-145-68 ~]$ podman image pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4f1964349e1bd7153860ce8d670bd55ba8773e928bcd0b4917f0d56919113483 --authfile=/tmp/config.json Trying to pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4f1964349e1bd7153860ce8d670bd55ba8773e928bcd0b4917f0d56919113483... Getting image source signatures Copying blob c4d6733b50ad done Copying blob 74cbb6607642 done Copying blob 7ea9dfa937b6 done Copying blob c9fa7d57b902 done Copying blob 4c6d7ac7b28c done Copying config 9b1b15add3 done Writing manifest to image destination Storing signatures 9b1b15add376987b5a2d44659827c5cc3578a8821c4aa0cf014d1b7d42769406 ```
Verified with 4.3.40.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: OpenShift Container Platform 4.3.40 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4264