-
Bug
-
Resolution: Done
-
Normal
-
ACM 2.14.0
-
Security & Compliance
-
False
-
-
False
-
-
-
Low
-
None
Description of problem:
When running assisted installer installs, an agent will run "podman run <image>" commands.
At the moment, those commands are failing with nightly images:
Trying to pull registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:e94a05430e87664f59ed8ea24340d6d2c7803538535409442127aeb7187b1bb0... Error: copying system image from manifest list: Source image rejected: A signature was required, but no signature exist
This means the nightly images are not signed AND served on registry.redhat.io, which is required to check image signature by default on RHCOS
At the moment the workaround is to disable signature check from RHCOS, but it's not idea testing scenarios that should be a as close as possible to production.
I'd recommend either signing the images or serve them from another registry which doesn't require signature checking by default on RHCOS.
Version-Release number of selected component (if applicable):
MCE 2.9 nightly images
How reproducible:
100%
Steps to Reproduce:
- launch ZTP assisted-installer install
- watch install fail
- check logs of the agent
Actual results:
Failing to run image due to lack of signature
Expected results:
Agent can run the image correctly
Additional info:
- is related to
-
OCPBUGS-55106 RHCOS 4.19 live iso x86_64 contains restrictive policy.json
-
- ON_QA
-
- relates to
-
OCPBUGS-59345 OVE UI fails to install when using OCP 4.19.4 in TechPreview
-
- Verified
-
- links to
- mentioned on