Bug 2294406 - insecure image registry isn't always properly generated
Summary: insecure image registry isn't always properly generated
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-common
Version: 17.1 (Wallaby)
Hardware: x86_64
OS: Unspecified
medium
medium
Target Milestone: z4
: 17.1
Assignee: David Hill
QA Contact: David Rosenfeld
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-06-26 16:20 UTC by David Hill
Modified: 2024-11-21 09:28 UTC (History)
6 users (show)

Fixed In Version: openstack-tripleo-common-15.4.1-17.1.20240826203739.e5b18f2.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-11-21 09:28:49 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-32391 0 None None None 2024-06-26 16:20:49 UTC
Red Hat Product Errata RHSA-2024:9991 0 None None None 2024-11-21 09:28:52 UTC

Description David Hill 2024-06-26 16:20:18 UTC 
Description of problem:
insecure image registry isn't always properly generated and we need the following patch to solve this issue:

--- /usr/lib/python3.9/site-packages/tripleo_common/image/image_uploader.py     2023-09-25 20:07:29.000000000 +0000
+++ image_uploader.py 2024-06-25 13:24:24.001079282 +0000
@@ -2081,8 +2081,7 @@
         pull_source = source_url.netloc + source_url.path
         cmd = ['buildah', '--debug', 'pull']

-        if source_url.netloc in [cls.insecure_registries,
-                                 cls.no_verify_registries]:
+        if source_url.netloc in cls.insecure_registries.union(cls.no_verify_registries):
             cmd.append('--tls-verify=false')

         cmd.append(pull_source)

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 David Hill 2024-06-27 12:24:50 UTC 
Where do I propose the patch ?  downstream or upstream ?
Comment 20 errata-xmlrpc 2024-11-21 09:28:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:9991
Note You need to log in before you can comment on or make changes to this bug.