1960378 – icsp allows mirroring of registry root - install-config imageContentSources does not

Bug 1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not

Summary: icsp allows mirroring of registry root - install-config imageContentSources d...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.8
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.10.0
Assignee:	Kiran Thyagaraja
QA Contact:	Gaoyun Pei
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1959982 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-05-13 18:16 UTC by Chad Crum
Modified:	2022-03-10 16:04 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: The Openshift installer exited with an error when asked to mirror the contents of base registry. e.g mirror.example.com:5000 would result in a validation error. Consequence: The Openshift installer exits with a validation error citing incorrect install-config values for imageContentSources Fix: The Openshift installer now allows imageContentSources values to specify base registry names Result: The Openshift installer no longer exits when specifying a base registry name
Clone Of:
Environment:
Last Closed:	2022-03-10 16:03:38 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift installer pull 5297	None	open	Bug 1960378: Relax the imageContentSource validation	2021-10-15 15:21:04 UTC
Github	openshift installer pull 5346	None	open	bug 1960378: Relax the imageContentSource validation	2021-11-01 15:12:14 UTC
Red Hat Product Errata	RHSA-2022:0056	None	None	None	2022-03-10 16:04:05 UTC

Comment 1 sdasu 2021-05-18 16:16:22 UTC

This seems to be failing a generic Installer check that is not specific to Baremetal.

Comment 3 Mat Kowalski 2021-05-20 13:25:58 UTC

*** Bug 1959982 has been marked as a duplicate of this bug. ***

Comment 6 Russell Teague 2021-08-02 17:44:03 UTC

Needs priortized.

Comment 7 Russell Teague 2021-08-24 17:34:45 UTC

Will review again for a future sprint.

Comment 10 Gaoyun Pei 2021-10-29 14:00:38 UTC

Tested on latest 4.10 nightly build 4.10.0-0.nightly-2021-10-29-032150, still failed.

./openshift-install version
./openshift-install 4.10.0-0.nightly-2021-10-29-032150
built from commit c3e9ffde71714b9004c5eedd506a01340f43295e
release image registry.ci.openshift.org/ocp/release@sha256:ecedc7e8d60ad682bf0d171d6c4eaa720860e7b9f3cc14fd2427867b5d6dc4af
release architecture amd64


cat install-config.yaml
...
imageContentSources:
- mirrors:
  - registry.example.com:5000
  source: registry.redhat.io
- mirrors:
  - registry.example.com:5000
  source: registry-proxy.engineering.redhat.com


./openshift-install create manifests
FATAL failed to fetch Master Machines: failed to load asset "Install Config": invalid "install-config.yaml" file: [imageContentSources[0].source: Invalid value: "registry.redhat.io": the repository provided is invalid, imageContentSources[1].source: Invalid value: "registry-proxy.engineering.redhat.com": the repository provided is invalid]

Comment 12 Gaoyun Pei 2021-11-19 07:06:25 UTC

Verified this issue on nightly 4.10.0-0.nightly-2021-11-19-022019.

With the following imageContentSources configured in install-config.yaml, could create the cluster successfully.

imageContentSources:
- mirrors:
  - registry.example.com
  source: registry.redhat.io
- mirrors:
  - registry.example.com
  source: registry-proxy.engineering.redhat.com


Check the ICSP created in cluster after installation

# oc get ImageContentSourcePolicy -o yaml
apiVersion: v1
items:
- apiVersion: operator.openshift.io/v1alpha1
  kind: ImageContentSourcePolicy
  metadata:
    creationTimestamp: "2021-11-19T06:41:18Z"
    generation: 1
    name: image-policy-0
    resourceVersion: "1395"
    uid: 94fa2dbe-1b54-4cdf-84da-63b7b69c8804
  spec:
    repositoryDigestMirrors:
    - mirrors:
      - registry.example.com
      source: registry.redhat.io
- apiVersion: operator.openshift.io/v1alpha1
  kind: ImageContentSourcePolicy
  metadata:
    creationTimestamp: "2021-11-19T06:41:18Z"
    generation: 1
    name: image-policy-1
    resourceVersion: "1409"
    uid: 008dd16c-9e1a-4563-bb15-d8c17fdc07c4
  spec:
    repositoryDigestMirrors:
    - mirrors:
      - registry.example.com
      source: registry-proxy.engineering.redhat.com
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""


Container registry configuration on the worker:

sh-4.4# cat /etc/containers/registries.conf
unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
short-name-mode = ""

[[registry]]
  prefix = ""
  location = "registry-proxy.engineering.redhat.com"
  mirror-by-digest-only = true

  [[registry.mirror]]
    location = "registry.example.com"

[[registry]]
  prefix = ""
  location = "registry.redhat.io"
  mirror-by-digest-only = true

  [[registry.mirror]]
    location = "registry.example.com"

Comment 15 errata-xmlrpc 2022-03-10 16:03:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.