Bug 1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`
Summary: Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalo...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.8
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.10.0
Assignee: Alexander Greene
QA Contact: Jian Zhang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-17 01:19 UTC by Jian Zhang
Modified: 2022-03-10 16:04 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The 'oc adm catalog mirror' did not specify minimum or maximum values of numbers passed to the '--max-icsp-size' flag. Consequence: Users could specify `--max-icsp-size' values less than 0 or unreasonably large. Fix: Constrain limits passed to the `--max-icsp-size` flag to values greater than 0 or less than 250001. Result: Unreasonable values to the `--max-icsp-size` flag now fail validation.
Clone Of:
Environment:
Last Closed: 2022-03-10 16:04:21 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 851 0 None open Bug 1972962: Add validation for max-icsp-size flag 2022-01-25 15:47:38 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:04:33 UTC

Description Jian Zhang 2021-06-17 01:19:54 UTC
Description of problem:
When setting --max-icsp-size = -1, 0, 10 or < 600, it will be hang there.


Version-Release number of selected component (if applicable):
[cloud-user@preserve-olm-env jian]$ oc version
Client Version: 4.8.0-0.nightly-2021-06-14-145150
Kubernetes Version: v1.21.0-rc.0+4b2b6ff

How reproducible:
always

Steps to Reproduce:
1. Install the latest oc client
2. Mirror image by using the `--max-icsp-size` flag

Actual results:
[cloud-user@preserve-olm-env jian]$ oc --loglevel=8 adm catalog mirror --icsp-scope=repository --manifests-only --max-icsp-size=-1  registry.redhat.io/redhat/redhat-operator-index:v4.8 upshift-quay.mirror-registry.qe.devcluster.openshift.com:5001/olmqe --to-manifests=bug-manifests-01
...
...
no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7:1.12.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7-tech-preview/fuse-apicurito-operator:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/amq7/amq-interconnect:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/container-native-virtualization/virt-launcher:v2.2.0-15, skip writing to ImageContentSourcePolicy


^C

[cloud-user@preserve-olm-env jian]$ oc adm catalog mirror --icsp-scope=repository --manifests-only --max-icsp-size=500 registry.redhat.io/redhat/redhat-operator-index:v4.8 upshift-quay.mirror-registry.qe.devcluster.openshift.com:5001/olmqe --to-manifests=bug-manifests-05
...
no digest mapping available for registry.redhat.io/container-native-virtualization/ovs-cni-marker:v2.2.0-4, skip writing to ImageContentSourcePolicy

^C

Expected results:
Fail immediately if the --max-icsp-size is set to a value less than 1
Fail if a single mirror cannot be added to an ICSP without exceeding the provided icsp-size-limit

Additional info:

Comment 4 Jian Zhang 2022-01-27 07:57:14 UTC
[cloud-user@preserve-olm-env client]$ oc version
Client Version: 4.10.0-0.nightly-2022-01-27-055346
Server Version: 4.10.0-0.nightly-2022-01-25-023600
Kubernetes Version: v1.23.0+06791f6

[cloud-user@preserve-olm-env client]$ oc adm catalog mirror --icsp-scope=repository --manifests-only --max-icsp-size=-1 registry.redhat.io/redhat/redhat-operator-index:v4.10 upshift-quay.mirror-registry.qe.devcluster.openshift.com:5001/olmqe --to-manifests=bug-manifests-01
W0127 02:44:11.104778 1327186 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! DEPRECATION NOTICE:
!!   Sqlite-based catalogs are deprecated. Support for them will be removed in a
!!   future release. Please migrate your catalog workflows to the new file-based
!!   catalog format.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

src image has index label for database path: /database/index.db
using index path mapping: /database/index.db:/tmp/1944168098
error: provided max-icsp-size of -1 must be greater than 0 and less than or equal to 250000


[cloud-user@preserve-olm-env client]$ oc adm catalog mirror --icsp-scope=repository --manifests-only --max-icsp-size=500 registry.redhat.io/redhat/redhat-operator-index:v4.10 upshift-quay.mirror-registry.qe.devcluster.openshift.com:5001/olmqe --to-manifests=bug-manifests-05
W0127 02:47:42.747842 1327209 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! DEPRECATION NOTICE:
!!   Sqlite-based catalogs are deprecated. Support for them will be removed in a
!!   future release. Please migrate your catalog workflows to the new file-based
!!   catalog format.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

src image has index label for database path: /database/index.db
using index path mapping: /database/index.db:/tmp/4008078286
W0127 02:47:44.483450 1327209 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version.
W0127 02:47:45.540218 1327209 manifest.go:442] Chose linux/amd64 manifest from the manifest list.
wrote database to /tmp/4008078286
using database at: /tmp/4008078286/index.db
no digest mapping available for registry.redhat.io/fuse7/fuse-online-operator:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/redhat/redhat-operator-index:v4.10, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7/fuse-apicurito:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7-tech-preview/fuse-apicurito-operator:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhscl/postgresql-96-rhel7:1-61, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7/fuse-console-rhel7-operator:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7/fuse-apicurito-generator:1.7, skip writing to ImageContentSourcePolicy
deleted dir /tmp/4008078286
error: unable to add mirror {registry.redhat.io/openshift-pipelines-tech-preview/pipelines-triggers-eventlistenersink-rhel8 [upshift-quay.mirror-registry.qe.devcluster.openshift.com:5001/olmqe/openshift-pipelines-tech-preview-pipelines-triggers-eventlistenersink-rhel8]} to ICSP with the max-icsp-size set to 500

[cloud-user@preserve-olm-env client]$ oc adm catalog mirror --icsp-scope=repository --manifests-only --max-icsp-size=50000 registry.redhat.io/redhat/redhat-operator-index:v4.10 upshift-quay.mirror-registry.qe.devcluster.openshift.com:5001/olmqe --to-manifests=bug-manifests-05
W0127 02:50:29.116207 1327235 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! DEPRECATION NOTICE:
!!   Sqlite-based catalogs are deprecated. Support for them will be removed in a
!!   future release. Please migrate your catalog workflows to the new file-based
!!   catalog format.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

src image has index label for database path: /database/index.db
using index path mapping: /database/index.db:/tmp/516707351
W0127 02:50:30.920536 1327235 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version.
W0127 02:50:32.019088 1327235 manifest.go:442] Chose linux/amd64 manifest from the manifest list.
wrote database to /tmp/516707351
using database at: /tmp/516707351/index.db
no digest mapping available for registry.redhat.io/redhat/redhat-operator-index:v4.10, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhscl/postgresql-96-rhel7:1-61, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7/fuse-console-rhel7-operator:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7/fuse-apicurito:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7/fuse-online-operator:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7/fuse-apicurito-generator:1.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/fuse7-tech-preview/fuse-apicurito-operator:1.7, skip writing to ImageContentSourcePolicy
wrote mirroring manifests to bug-manifests-05
deleted dir /tmp/516707351

LGTM, verify it.

Comment 7 errata-xmlrpc 2022-03-10 16:04:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.