Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-11468

Community operator cannot be mirrored due to malformed image address

XMLWordPrintable

    • No
    • CFE Sprint 234
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      The convention for image references is that when the registry domain name is not part of the image reference, it is implied that the image is at docker.io.
      This convention was not respected in some cases for mirroring related images of operators.
      The fix consists to apply docker defaults prior to attempt to resolve the image reference.
      Show
      The convention for image references is that when the registry domain name is not part of the image reference, it is implied that the image is at docker.io. This convention was not respected in some cases for mirroring related images of operators. The fix consists to apply docker defaults prior to attempt to resolve the image reference.
    • Bug Fix
    • In Progress

      This is a clone of issue OCPBUGS-10348. The following is the description of the original issue:

      Description of problem:

      Trivy community operator is not mirrored because the image address is malformed: "https://devopstales/v2/trivy-operator/manifests/2.4.1".

I am under the impression that this is due to the fact that the image address in relatedImages parameter is not fully qualified:

$ opm render registry.redhat.io/redhat/community-operator-index:v4.12 |jq -r 'select(.package == "community-trivy-operator") | select(.schema == "olm.bundle")'

[...]

"relatedImages": [
    {
      "name": "",
      "image": "devopstales/trivy-operator:2.4.1"
    },
    {
      "name": "",
      "image": "quay.io/openshift-community-operators/community-trivy-operator@sha256:e3652e68e1e569d7f40432fd8cbb7bfdc6738a116ecc1011c71a36f7ca5663c6"

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      100%

      Steps to Reproduce:

      $ cat <<EOF > imageset.yaml
apiVersion: mirror.openshift.io/v1alpha2
kind: ImageSetConfiguration
mirror:
  operators:
    - catalog: registry.redhat.io/redhat/community-operator-index:v4.11
      packages:
        - name: community-trivy-operator
          channels:
            - name: stable
EOF


$ oc-mirror --config imageset.yaml file://mirror

      Actual results:

      Creating directory: mirror/oc-mirror-workspace/src/publish
Creating directory: mirror/oc-mirror-workspace/src/v2
Creating directory: mirror/oc-mirror-workspace/src/charts
Creating directory: mirror/oc-mirror-workspace/src/release-signatures
backend is not configured in imageset.yaml, using stateless mode
backend is not configured in imageset.yaml, using stateless mode
No metadata detected, creating new workspace
bundle : pinning related image devopstales/trivy-operator:2.4.1 to digest
bundle : pinning related image devopstales/trivy-operator:2.4.1 to digest
level=info msg=trying next host error=failed to do request: Head "https://devopstales/v2/trivy-operator/manifests/2.4.1": x509: certificate is valid for localhost, not devopstales host=devopstales
error: error pinning images in catalog registry.redhat.io/redhat/community-operator-index:v4.11: failed to do request: Head "https://devopstales/v2/trivy-operator/manifests/2.4.1": x509: certificate is valid for localhost, not devopstales

      Expected results:

      operator is properly mirrored

      Additional info:

      I assume that "docker.io" should be automatically added to address when no registry is set. Trivy it's not the only community operator that doesn't specify the full url, so this issue probably affects other operators as well

              rh-ee-aguidi Alex Guidi
              openshift-crt-jira-prow OpenShift Prow Bot
              ying zhou ying zhou
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: