Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-18106

oc-mirror should respect the insecure setting in the registries config file location

    • No
    • CFE Sprint 241
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None

      This is a clone of issue OCPBUGS-14402. The following is the description of the original issue:
      โ€”

      Description of problem:

      When set insecure = true in the registries config file location, oc-mirror still use https to connect the registry.

      Version-Release number of selected component (if applicable): 4.13

      How reproducible: always

      Steps to Reproduce:

      1) Create local registry by podman with insecure policy;
      2) use imagesetconfig to mirror operator to localhost registry :

      cat config-oci.yaml 
      apiVersion: mirror.openshift.io/v1alpha2
      kind: ImageSetConfiguration
      mirror:
        operators:
          - catalog: oci:///home/ocmirrortest/noo/redhat-operator-index
            packages:
            - name: cluster-kube-descheduler-operator
      
      `oc-mirror --config config-oci.yaml docker://localhost:5000  --include-local-oci-catalogs --oci-insecure-signature-policy --dest-use-http`
      

      3) use the imagesetconfig and registries.conf accordingly to mirror to remote registry :

      cat registry.conf 
      [[registry]]
        location = "registry.redhat.io/openshift4"
        insecure = false
        blocked = false
        mirror-by-digest-only = false
        prefix = ""
        [[registry.mirror]]
          location = "localhost:5000/openshift4"
          insecure = true
      
      `oc-mirror --config config-oci.yaml docker://ec2-3-12-147-78.us-east-2.compute.amazonaws.com:5000 --include-local-oci-catalogs  --oci-registries-config=/home/ocmirrortest/13762/registry.conf --source-use-http`  
      

      Actual results:

      see logs like : err Get "https://localhost:5000/v2/": http: server gave HTTP response to HTTPS client

      Expected results:

      should use http for the insecure==true setting registry .

      Additional info:

            [OCPBUGS-18106] oc-mirror should respect the insecure setting in the registries config file location

            Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

            For information on the advisory (Important: OpenShift Container Platform 4.13.25 bug fix and security update), and where to find the updated files, follow the link below.

            If the solution does not work for you, open a new bug report.
            https://access.redhat.com/errata/RHSA-2023:7604

            Errata Tool added a comment - Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (Important: OpenShift Container Platform 4.13.25 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:7604

            Ying Zhou added a comment -

            since we have done pre-merge test , will move to verified directly. 

            Ying Zhou added a comment - since we have done pre-merge test , will move to verified directly. 

            Hi skhoury@redhat.com,

            Bugs should not be moved to Verified without first providing a Release Note Type("Bug Fix" or "No Doc Update") and for type "Bug Fix" the Release Note Text must also be provided. Please populate the necessary fields before moving the Bug to Verified.

            OpenShift Jira Bot added a comment - Hi skhoury@redhat.com , Bugs should not be moved to Verified without first providing a Release Note Type("Bug Fix" or "No Doc Update") and for type "Bug Fix" the Release Note Text must also be provided. Please populate the necessary fields before moving the Bug to Verified.

            Thanks knarra@redhat.com!
            No idea... maybe because the PR is manual cherry-pick?
            I think the PR merged already to 4.13. I'm putting it ON_QA if this is ok

            Sherine Khoury added a comment - Thanks knarra@redhat.com ! No idea... maybe because the PR is manual cherry-pick? I think the PR merged already to 4.13. I'm putting it ON_QA if this is ok

            yinzhou@redhat.com any idea why this bug has not been moved to ON_QA even though the PR has been merged ? Can you please help check with skhoury@redhat.com  ? I see you have already pre-merge tested this. Thanks !!

            Rama Kasturi Narra added a comment - yinzhou@redhat.com any idea why this bug has not been moved to ON_QA even though the PR has been merged ? Can you please help check with skhoury@redhat.com   ? I see you have already pre-merge tested this. Thanks !!

            Ying Zhou added a comment -

            checked with the fixed pr , can't reproduce the issue

            ./oc-mirror version 
            Logging to .oc-mirror.log
            WARNING: This version information is deprecated and will be replaced with the output from --short. Use --output=yaml|json to get the full version.
            Client Version: version.Info{Major:"", Minor:"", GitVersion:"v0.1.1-alpha.3-304-gd176123", GitCommit:"d176123c", GitTreeState:"clean", BuildDate:"2023-08-28T04:00:01Z", GoVersion:"go1.20.4", Compiler:"gc", Platform:"linux/amd64"}
            [root@preserve-fedora36 testr]# ./oc-mirror --config config.yaml  docker://ec2-3-142-174-70.us-east-2.compute.amazonaws.com:5000   --source-skip-tls --source-use-http  --dest-skip-tls --oci-registries-config /home1/testr/registry.conf
            Logging to .oc-mirror.log
            Checking push permissions for ec2-3-142-174-70.us-east-2.compute.amazonaws.com:5000
            Creating directory: oc-mirror-workspace/src/publish
            Creating directory: oc-mirror-workspace/src/v2
            Creating directory: oc-mirror-workspace/src/charts
            Creating directory: oc-mirror-workspace/src/release-signatures
            backend is not configured in config.yaml, using stateless mode
            backend is not configured in config.yaml, using stateless mode
            No metadata detected, creating new workspace
            6 related images processed in 18.920256ms
            Writing image mapping to oc-mirror-workspace/operators.1693196081/manifests-oci-414-index/mapping.txt
            ec2-3-142-174-70.us-east-2.compute.amazonaws.com:5000/
              openshift-logging/cluster-logging-operator-bundle
                blobs:
                  localhost:5000/openshift-logging/cluster-logging-operator-bundle sha256:4abdeaddd9189102ef5aeed3ddc98959a5ea2fb16fa03365e08207bcedf295fe 8.036KiB
                  localhost:5000/openshift-logging/cluster-logging-operator-bundle sha256:f1fbea0f7f7dc28c586ccc146df49f941bd8d48d540fa62ae554311932efda01 25.03KiB
            ...
            

            Ying Zhou added a comment - checked with the fixed pr , can't reproduce the issue ./oc-mirror version Logging to .oc-mirror.log WARNING: This version information is deprecated and will be replaced with the output from -- short . Use --output=yaml|json to get the full version. Client Version: version.Info{Major: "", Minor:" ", GitVersion:" v0.1.1-alpha.3-304-gd176123 ", GitCommit:" d176123c ", GitTreeState:" clean ", BuildDate:" 2023-08-28T04:00:01Z ", GoVersion:" go1.20.4 ", Compiler :" gc ", Platform:" linux/amd64"} [root@preserve-fedora36 testr]# ./oc-mirror --config config.yaml docker: //ec2-3-142-174-70.us-east-2.compute.amazonaws.com:5000 --source-skip-tls --source-use-http --dest-skip-tls --oci-registries-config /home1/testr/registry.conf Logging to .oc-mirror.log Checking push permissions for ec2-3-142-174-70.us-east-2.compute.amazonaws.com:5000 Creating directory: oc-mirror-workspace/src/publish Creating directory: oc-mirror-workspace/src/v2 Creating directory: oc-mirror-workspace/src/charts Creating directory: oc-mirror-workspace/src/release-signatures backend is not configured in config.yaml, using stateless mode backend is not configured in config.yaml, using stateless mode No metadata detected, creating new workspace 6 related images processed in 18.920256ms Writing image mapping to oc-mirror-workspace/operators.1693196081/manifests-oci-414-index/mapping.txt ec2-3-142-174-70.us-east-2.compute.amazonaws.com:5000/ openshift-logging/cluster-logging- operator -bundle blobs: localhost:5000/openshift-logging/cluster-logging- operator -bundle sha256:4abdeaddd9189102ef5aeed3ddc98959a5ea2fb16fa03365e08207bcedf295fe 8.036KiB localhost:5000/openshift-logging/cluster-logging- operator -bundle sha256:f1fbea0f7f7dc28c586ccc146df49f941bd8d48d540fa62ae554311932efda01 25.03KiB ...

              skhoury@redhat.com Sherine Khoury
              openshift-crt-jira-prow OpenShift Prow Bot
              Ying Zhou Ying Zhou
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: