1960674 – Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]

Bug 1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]

Summary: Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Ima...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Image Registry
Sub Component:
Version:	4.8
Hardware:	All
OS:	All
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.10.0
Assignee:	Oleg Bulatov
QA Contact:	wewang
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2007850 (view as bug list)
Depends On:
Blocks:	2041358
TreeView+	depends on / blocked

Reported:	2021-05-14 14:46 UTC by Yaakov Selkowitz
Modified:	2022-03-10 16:04 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:	job=periodic-ci-openshift-release-master-nightly-4.10-e2e-azure-fips-serial=all job=periodic-ci-openshift-release-master-nightly-4.10-e2e-openstack-fips=all job=periodic-ci-openshift-release-master-nightly-4.10-e2e-aws-fips-serial=all job=periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-fips-serial=all
Last Closed:	2022-03-10 16:03:38 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift origin pull 26459	None	None	None	2021-09-10 03:11:43 UTC
Github	openshift origin pull 26510	None	open	Bug 1960674: images: port image signature workflow test to OCP4/UBI8	2021-10-07 02:08:32 UTC
Red Hat Product Errata	RHSA-2022:0056	None	None	None	2022-03-10 16:04:05 UTC

Description Yaakov Selkowitz 2021-05-14 14:46:42 UTC

There are a number of issues with the test named in $SUBJECT:

* it copies the oc binary from the machine running the test into a container pulled by the cluster, meaning that (depending on the system on which oc and openshift-tests are built and run) the oc binary might not be binary compatible, or even architecture compatible, with the container;

* the container used is upstream origin-control-plane:3.11, which seems unusual for testing a 4.y cluster given no such container exists in 4.y;

* origin containers are not available for other architectures besides x86_64, so the test cannot pass on other cluster architectures;

* even if you substitute the OCP ose-control-plane:3.11, only Power was added to 3.y, so still no help for Z (or potentially ARM in the future).

Can this test be overhauled to work on all architectures, and regardless of potential differences between client and cluster architectures?

Comment 1 Oleg Bulatov 2021-07-02 17:19:11 UTC

Does it cause some problems today that need to be immediately fixed?

Comment 2 Yaakov Selkowitz 2021-07-06 01:49:47 UTC

The test fails on all !x86 architectures and therefore interferes with multi-arch enablement of the serial testsuite.

Comment 6 wewang 2021-09-14 01:38:06 UTC

Passed in https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26459/pull-ci-openshift-origin-master-e2e-aws-serial/1437469582817234944
      and https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26459/pull-ci-openshift-origin-master-e2e-aws-image-registry/1437469582766903296

Comment 7 Yaakov Selkowitz 2021-10-06 19:52:26 UTC

Unfortunately this caused failures in the serial testsuite when run on a FIPS cluster, and was reverted.

Comment 8 wewang 2021-10-13 03:44:09 UTC

Scenario: Image signature workflow can push a signed image to openshift registry and verify it 
Passed in: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26515/pull-ci-openshift-origin-master-e2e-aws-serial/1447922547432624128
       and: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26510/pull-ci-openshift-origin-master-e2e-aws-image-registry/1445929851142803456

       especially fips cluster:
       https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26510/pull-ci-openshift-origin-master-e2e-gcp-fips-serial/1445934123582492672

Comment 11 Stephen Benjamin 2021-11-10 14:22:30 UTC

*** Bug 2007850 has been marked as a duplicate of this bug. ***

Comment 14 errata-xmlrpc 2022-03-10 16:03:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.