-
Bug
-
Resolution: Obsolete
-
Major
-
None
-
4.12.z
-
Quality / Stability / Reliability
-
False
-
-
None
-
Important
-
No
-
None
-
None
-
Rejected
-
AI-28, AI-29, AI-30, AI-32, AI-33, AI-34, AI-35, AI-36, AI-37, AI-38
-
10
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
ACM assisted service could not get release image from private self-signed certificate registry when create cluster
Version-Release number of selected component (if applicable):
OpenShift 4.12.11 ACM 2.7.3
How reproducible:
Always
Steps to Reproduce:
Install OCP 4.12.11
Install ACM 2.7.3 Operator
Create MultiClusterHub Instance
# cat > assisted-installer-mirror-config.yaml <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: assisted-installer-mirror-config
namespace: multicluster-engine
labels:
app: assisted-service
data:
ca-bundle.crt: |
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-----END CERTIFICATE-----
registries.conf: |
unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
[[registry]]
prefix = ""
location = "quay.io/openshift-release-dev/ocp-release"
[[registry.mirror]]
location = "registry.example.com:8443/openshift/release-images"
[[registry]]
prefix = ""
location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev"
[[registry.mirror]]
location = "registry.example.com:8443/openshift/release"
[[registry]]
prefix = ""
location = "registry.redhat.io/multicluster-engine"
[[registry.mirror]]
location = "registry.example.com:8443/multicluster-engine"
EOF
# oc apply -f assisted-installer-mirror-config.yaml
# cat > agent-service-config.yaml <<EOF
apiVersion: metal3.io/v1alpha1
kind: Provisioning
metadata:
name: provisioning-configuration
spec:
provisioningNetwork: Disabled
watchAllNamespaces: true
apiVersion: agent-install.openshift.io/v1beta1
kind: AgentServiceConfig
metadata:
name: agent
spec:
databaseStorage:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10G
filesystemStorage:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100G
imageStorage:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50G
mirrorRegistryRef:
name: assisted-installer-mirror-config
EOF
# oc apply -f agent-service-config.yaml
# oc edit ClusterImageSet/img4.12.11-x86-64-appsub
visible: "true"
In ACM console, create a cluster with Host inventory > Standalone control plane > Use existing hosts
Infrastructure provider credential: comtech
Cluster name: west
Cluster set: default
Base domain: example.com
OpenShift version: 4.12.11
Check Install single node OpenShift (SNO)
Click Next
Click Next
Click Save
An error occured
The Spec could not be synced due to backend error: failed to add release image 'quay.io/openshift-release-dev/ocp-release:4.12.11-x86_64'. Please ensure the releaseImage field in ClusterImageSet 'img4.12.11-x86-64-appsub' is valid (error: command 'oc adm release info -o template --template '{{.metadata.version}}' --insecure=false --icsp-file=/tmp/icsp-file2611984229 quay.io/openshift-release-dev/ocp-release:4.12.11-x86_64 --registry-config=/tmp/registry-config1111849766' exited with non-zero exit code 1: warning: --icsp-file only applies to images referenced by digest and will be ignored for tags error: unable to read image quay.io/openshift-release-dev/ocp-release:4.12.11-x86_64: Get "https://quay.io/v2/": x509: certificate signed by unknown authority ).
Actual results:
ACM assisted service could not get release image from a self-signed certificate registry, error with x509: certificate signed by unknown authority
Expected results:
ACM assisted service gets release image from self-signed certificate registry successfully
Additional info:
