Description of problem: In rhel 8 OS, the docker is an alias of podman. When using the `docker login xxx`, the auth info will be saved to the `/run/user/1000/containers/auth.json`, not the `~/.docker/config.json`. But, the `oc` only reads the `~/.docker/config.json` when mirroring the image. Version-Release number of selected component (if applicable): [cloud-user@preserve-olm-env test]$ oc version -o yaml clientVersion: buildDate: "2021-09-21T10:31:30Z" compiler: gc gitCommit: 96e95cef877ba04872b88e4e2597eabb0174d182 gitTreeState: clean gitVersion: 4.9.0-202109210853.p0.git.96e95ce.assembly.stream-96e95ce goVersion: go1.16.6 major: "" minor: "" platform: linux/amd64 openshiftVersion: 4.10.0-0.nightly-2021-09-21-181111 releaseClientVersion: 4.9.0-0.nightly-2021-09-21-215600 serverVersion: buildDate: "2021-09-20T22:19:37Z" compiler: gc gitCommit: 00cc88397d43e28818c955a62e7cb36eb1b7bbc5 gitTreeState: clean gitVersion: v1.22.1+00cc883 goVersion: go1.16.6 major: "1" minor: "22" platform: linux/amd64 How reproducible: always Steps to Reproduce: 1. Install OCP 4.9. 2. Access an RHEL 8 VM, and run the `docker login <the-image-registry>` 3. Run `oc --loglevel=8 adm catalog mirror quay.io/olmqe/etcd-index:bug <the-image-registry>` Actual results: Fail to mirror the image due the `unauthorized: authentication required` Workaround: The user copy the auth info from the `/run/user/1000/containers/auth.json` to the `~/.docker/config.json` manually. Expected results: the `oc` should read the auth file of the podman, not only the Docker. Additional info: I0922 02:29:55.803869 327437 config.go:128] looking for config.json at /home/cloud-user/.docker/config.json I0922 02:29:55.804048 327437 config.go:136] found valid config.json at /home/cloud-user/.docker/config.json I0922 02:29:55.804228 327437 round_trippers.go:432] GET https://quay.io/v2/ I0922 02:29:55.804240 327437 round_trippers.go:438] Request Headers: I0922 02:29:55.816188 327437 round_trippers.go:457] Response Status: 401 Unauthorized in 11 milliseconds I0922 02:29:55.816219 327437 round_trippers.go:460] Response Headers:
this can be work around with > -a, --registry-config='': Path to your registry credentials (defaults to ~/.docker/config.json) and this is getting fixed in https://bugzilla.redhat.com/show_bug.cgi?id=1982498; closing as a duplicate *** This bug has been marked as a duplicate of bug 1982498 ***
+ workaround with podman login, which might be easier to work with > --authfile string path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override
> -a, --registry-config='': Path to your registry credentials (defaults to ~/.docker/config.json) Yes, thanks! But, my key concern is that we were recommended to use the podman, especially on RHEL8, there is no Docker in fact, why still use this `~/.docker/config.json` as the default auth file? > and this is getting fixed in https://bugzilla.redhat.com/show_bug.cgi?id=1982498; closing as a duplicate Ok, get it, thanks!
We can't switch it instantly for compatibility reasons, we have to deprecate this over few releases. But it will be possible to set this behaviour with env variable that we will introduce (you can also use the podman env variable at the moment).
and yes this behaviour is unfortunate