Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-14402

oc-mirror should respect the insecure setting in the registries config file location

XMLWordPrintable

    • No
    • CFE Sprint 237, CFE Sprint 241
    • 2
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, while using the insecure mirrors in the `registries.conf` file that is referenced in `--oci-registries-config` flag, oc-mirror was trying to establish an HTTPS connection with the mirror registry. With this fix, you can configure the oc-mirror to not use HTTPS connection by specifying either `--source-skip-tls` or `--source-use-http` in the command line.
      Show
      Previously, while using the insecure mirrors in the `registries.conf` file that is referenced in `--oci-registries-config` flag, oc-mirror was trying to establish an HTTPS connection with the mirror registry. With this fix, you can configure the oc-mirror to not use HTTPS connection by specifying either `--source-skip-tls` or `--source-use-http` in the command line.
    • Bug Fix
    • Done

      Description of problem:

      When set insecure = true in the registries config file location, oc-mirror still use https to connect the registry.

      Version-Release number of selected component (if applicable): 4.13

      How reproducible: always

      Steps to Reproduce:

      1) Create local registry by podman with insecure policy;
      2) use imagesetconfig to mirror operator to localhost registry :

      cat config-oci.yaml 
      apiVersion: mirror.openshift.io/v1alpha2
      kind: ImageSetConfiguration
      mirror:
        operators:
          - catalog: oci:///home/ocmirrortest/noo/redhat-operator-index
            packages:
            - name: cluster-kube-descheduler-operator
      
      `oc-mirror --config config-oci.yaml docker://localhost:5000  --include-local-oci-catalogs --oci-insecure-signature-policy --dest-use-http`
      

      3) use the imagesetconfig and registries.conf accordingly to mirror to remote registry :

      cat registry.conf 
      [[registry]]
        location = "registry.redhat.io/openshift4"
        insecure = false
        blocked = false
        mirror-by-digest-only = false
        prefix = ""
        [[registry.mirror]]
          location = "localhost:5000/openshift4"
          insecure = true
      
      `oc-mirror --config config-oci.yaml docker://ec2-3-12-147-78.us-east-2.compute.amazonaws.com:5000 --include-local-oci-catalogs  --oci-registries-config=/home/ocmirrortest/13762/registry.conf --source-use-http`  
      

      Actual results:

      see logs like : err Get "https://localhost:5000/v2/": http: server gave HTTP response to HTTPS client

      Expected results:

      should use http for the insecure==true setting registry .

      Additional info:

              skhoury@redhat.com Sherine Khoury
              yinzhou@redhat.com ying zhou
              ying zhou ying zhou
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: