Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-13591

[TELCO:CASE] Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry

XMLWordPrintable

    • No
    • CFE Sprint 236
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      oc-mirror fails with 401 unauthorized for some registries when nested path exceeds the expected maximum path-components
      The fix consists of having oc-mirror fail fast when the maximum path-components is exceeded. The default max-nested-path is set to 0 (no limit) and can be modified with flag --max-nested-paths (takes an integer value). The generated ImageContentSourcePolicy will contain source and mirror references up to the repository level (as opposed to the namespace level used by default).
      Show
      oc-mirror fails with 401 unauthorized for some registries when nested path exceeds the expected maximum path-components The fix consists of having oc-mirror fail fast when the maximum path-components is exceeded. The default max-nested-path is set to 0 (no limit) and can be modified with flag --max-nested-paths (takes an integer value). The generated ImageContentSourcePolicy will contain source and mirror references up to the repository level (as opposed to the namespace level used by default).
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-11922. The following is the description of the original issue:

      Description of problem:

      Customer was able to limit the nested repository path with "oc adm catalog mirror" by using the argument "--max-components" but there is no alternate solution along with "oc-mirror" binary while we are suggesting to use "oc-mirror" binary for mirroring.for example:
      Mirroring will work if we mirror like below
      oc mirror --config=./imageset-config.yaml docker://registry.gitlab.com/xxx/yyy
      Mirroring will fail with 401 unauthorized if we add one more nested path like below
      oc mirror --config=./imageset-config.yaml docker://registry.gitlab.com/xxx/yyy/zzz

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      We can reproduce the issue by using a repository which is not supported deep nested paths

      Steps to Reproduce:

      1. Create a imageset to mirror any operator
      
      kind: ImageSetConfiguration
      apiVersion: mirror.openshift.io/v1alpha2
      storageConfig:
        local:
          path: ./oc-mirror-metadata
      mirror:
        operators:
        - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.12
          packages:
          - name: local-storage-operator
            channels:
            - name: stable
      
      2. Do the mirroring to a registry where its not supported deep nested repository path, Here its gitlab and its doesnt not support netsting beyond 3 levels deep.
      
      oc mirror --config=./imageset-config.yaml docker://registry.gitlab.com/xxx/yyy/zzz
      
      this mirroring will fail with 401 unauthorized error
       
      3. if  try to mirror the same imageset by removing one path it will work without any issues, like below
      
      oc mirror --config=./imageset-config.yaml docker://registry.gitlab.com/xxx/yyy 

      Actual results:

       

      Expected results:

      Need a alternative option of "--max-components" to limit the nested path in "oc-mirror"

      Additional info:

       

            luzuccar@redhat.com Luigi Mario Zuccarelli
            openshift-crt-jira-prow OpenShift Prow Bot
            ying zhou ying zhou
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: