Bug 1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not
Summary: icsp allows mirroring of registry root - install-config imageContentSources d...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.8
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: 4.10.0
Assignee: Kiran Thyagaraja
QA Contact: Gaoyun Pei
URL:
Whiteboard:
: 1959982 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-13 18:16 UTC by Chad Crum
Modified: 2022-03-10 16:04 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The Openshift installer exited with an error when asked to mirror the contents of base registry. e.g mirror.example.com:5000 would result in a validation error. Consequence: The Openshift installer exits with a validation error citing incorrect install-config values for imageContentSources Fix: The Openshift installer now allows imageContentSources values to specify base registry names Result: The Openshift installer no longer exits when specifying a base registry name
Clone Of:
Environment:
Last Closed: 2022-03-10 16:03:38 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5297 0 None open Bug 1960378: Relax the imageContentSource validation 2021-10-15 15:21:04 UTC
Github openshift installer pull 5346 0 None open bug 1960378: Relax the imageContentSource validation 2021-11-01 15:12:14 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:04:05 UTC

Comment 1 sdasu 2021-05-18 16:16:22 UTC
This seems to be failing a generic Installer check that is not specific to Baremetal.

Comment 3 Mat Kowalski 2021-05-20 13:25:58 UTC
*** Bug 1959982 has been marked as a duplicate of this bug. ***

Comment 6 Russell Teague 2021-08-02 17:44:03 UTC
Needs priortized.

Comment 7 Russell Teague 2021-08-24 17:34:45 UTC
Will review again for a future sprint.

Comment 10 Gaoyun Pei 2021-10-29 14:00:38 UTC
Tested on latest 4.10 nightly build 4.10.0-0.nightly-2021-10-29-032150, still failed.

./openshift-install version
./openshift-install 4.10.0-0.nightly-2021-10-29-032150
built from commit c3e9ffde71714b9004c5eedd506a01340f43295e
release image registry.ci.openshift.org/ocp/release@sha256:ecedc7e8d60ad682bf0d171d6c4eaa720860e7b9f3cc14fd2427867b5d6dc4af
release architecture amd64


cat install-config.yaml
...
imageContentSources:
- mirrors:
  - registry.example.com:5000
  source: registry.redhat.io
- mirrors:
  - registry.example.com:5000
  source: registry-proxy.engineering.redhat.com


./openshift-install create manifests
FATAL failed to fetch Master Machines: failed to load asset "Install Config": invalid "install-config.yaml" file: [imageContentSources[0].source: Invalid value: "registry.redhat.io": the repository provided is invalid, imageContentSources[1].source: Invalid value: "registry-proxy.engineering.redhat.com": the repository provided is invalid]

Comment 12 Gaoyun Pei 2021-11-19 07:06:25 UTC
Verified this issue on nightly 4.10.0-0.nightly-2021-11-19-022019.

With the following imageContentSources configured in install-config.yaml, could create the cluster successfully.

imageContentSources:
- mirrors:
  - registry.example.com
  source: registry.redhat.io
- mirrors:
  - registry.example.com
  source: registry-proxy.engineering.redhat.com


Check the ICSP created in cluster after installation

# oc get ImageContentSourcePolicy -o yaml
apiVersion: v1
items:
- apiVersion: operator.openshift.io/v1alpha1
  kind: ImageContentSourcePolicy
  metadata:
    creationTimestamp: "2021-11-19T06:41:18Z"
    generation: 1
    name: image-policy-0
    resourceVersion: "1395"
    uid: 94fa2dbe-1b54-4cdf-84da-63b7b69c8804
  spec:
    repositoryDigestMirrors:
    - mirrors:
      - registry.example.com
      source: registry.redhat.io
- apiVersion: operator.openshift.io/v1alpha1
  kind: ImageContentSourcePolicy
  metadata:
    creationTimestamp: "2021-11-19T06:41:18Z"
    generation: 1
    name: image-policy-1
    resourceVersion: "1409"
    uid: 008dd16c-9e1a-4563-bb15-d8c17fdc07c4
  spec:
    repositoryDigestMirrors:
    - mirrors:
      - registry.example.com
      source: registry-proxy.engineering.redhat.com
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""


Container registry configuration on the worker:

sh-4.4# cat /etc/containers/registries.conf
unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
short-name-mode = ""

[[registry]]
  prefix = ""
  location = "registry-proxy.engineering.redhat.com"
  mirror-by-digest-only = true

  [[registry.mirror]]
    location = "registry.example.com"

[[registry]]
  prefix = ""
  location = "registry.redhat.io"
  mirror-by-digest-only = true

  [[registry.mirror]]
    location = "registry.example.com"

Comment 15 errata-xmlrpc 2022-03-10 16:03:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.