-
Bug
-
Resolution: Done-Errata
-
Major
-
4.13.0
-
No
-
CFE Sprint 241
-
1
-
Rejected
-
False
-
This is a clone of issue OCPBUGS-14402. The following is the description of the original issue:
โ
Description of problem:
When set insecure = true in the registries config file location, oc-mirror still use https to connect the registry.
Version-Release number of selected component (if applicable): 4.13
How reproducible: always
Steps to Reproduce:
1) Create local registry by podman with insecure policy;
2) use imagesetconfig to mirror operator to localhost registry :
cat config-oci.yaml
apiVersion: mirror.openshift.io/v1alpha2
kind: ImageSetConfiguration
mirror:
operators:
- catalog: oci:///home/ocmirrortest/noo/redhat-operator-index
packages:
- name: cluster-kube-descheduler-operator
`oc-mirror --config config-oci.yaml docker://localhost:5000 --include-local-oci-catalogs --oci-insecure-signature-policy --dest-use-http`
3) use the imagesetconfig and registries.conf accordingly to mirror to remote registry :
cat registry.conf [[registry]] location = "registry.redhat.io/openshift4" insecure = false blocked = false mirror-by-digest-only = false prefix = "" [[registry.mirror]] location = "localhost:5000/openshift4" insecure = true
`oc-mirror --config config-oci.yaml docker://ec2-3-12-147-78.us-east-2.compute.amazonaws.com:5000 --include-local-oci-catalogs --oci-registries-config=/home/ocmirrortest/13762/registry.conf --source-use-http`
Actual results:
see logs like : err Get "https://localhost:5000/v2/": http: server gave HTTP response to HTTPS client
Expected results:
should use http for the insecure==true setting registry .
Additional info:
- clones
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
- links to
-
RHBA-2023:7604
OpenShift Container Platform 4.13.z bug fix update
[OCPBUGS-18106] oc-mirror should respect the insecure setting in the registries config file location
OpenShift Jira Bot
added a comment - Bugs should not be moved to Verified without first providing a Release Note Type("Bug Fix" or "No Doc Update") and for type "Bug Fix" the Release Note Text must also be provided. Please populate the necessary fields before moving the Bug to Verified.
OpenShift Jira Bot
added a comment - Hi skhoury@redhat.com ,
Bugs should not be moved to Verified without first providing a Release Note Type("Bug Fix" or "No Doc Update") and for type "Bug Fix" the Release Note Text must also be provided. Please populate the necessary fields before moving the Bug to Verified. Thanks knarra@redhat.com!
No idea... maybe because the PR is manual cherry-pick?
I think the PR merged already to 4.13. I'm putting it ON_QA if this is ok
Rama Kasturi Narra
added a comment - yinzhou@redhat.com any idea why this bug has not been moved to ON_QA even though the PR has been merged ? Can you please help check with skhoury@redhat.com ? I see you have already pre-merge tested this. Thanks !!
Rama Kasturi Narra
added a comment - yinzhou@redhat.com any idea why this bug has not been moved to ON_QA even though the PR has been merged ? Can you please help check with skhoury@redhat.com ? I see you have already pre-merge tested this. Thanks !! checked with the fixed pr , can't reproduce the issue
./oc-mirror version Logging to .oc-mirror.log WARNING: This version information is deprecated and will be replaced with the output from --short. Use --output=yaml|json to get the full version. Client Version: version.Info{Major:"", Minor:"", GitVersion:"v0.1.1-alpha.3-304-gd176123", GitCommit:"d176123c", GitTreeState:"clean", BuildDate:"2023-08-28T04:00:01Z", GoVersion:"go1.20.4", Compiler:"gc", Platform:"linux/amd64"} [root@preserve-fedora36 testr]# ./oc-mirror --config config.yaml docker://ec2-3-142-174-70.us-east-2.compute.amazonaws.com:5000 --source-skip-tls --source-use-http --dest-skip-tls --oci-registries-config /home1/testr/registry.conf Logging to .oc-mirror.log Checking push permissions for ec2-3-142-174-70.us-east-2.compute.amazonaws.com:5000 Creating directory: oc-mirror-workspace/src/publish Creating directory: oc-mirror-workspace/src/v2 Creating directory: oc-mirror-workspace/src/charts Creating directory: oc-mirror-workspace/src/release-signatures backend is not configured in config.yaml, using stateless mode backend is not configured in config.yaml, using stateless mode No metadata detected, creating new workspace 6 related images processed in 18.920256ms Writing image mapping to oc-mirror-workspace/operators.1693196081/manifests-oci-414-index/mapping.txt ec2-3-142-174-70.us-east-2.compute.amazonaws.com:5000/ openshift-logging/cluster-logging-operator-bundle blobs: localhost:5000/openshift-logging/cluster-logging-operator-bundle sha256:4abdeaddd9189102ef5aeed3ddc98959a5ea2fb16fa03365e08207bcedf295fe 8.036KiB localhost:5000/openshift-logging/cluster-logging-operator-bundle sha256:f1fbea0f7f7dc28c586ccc146df49f941bd8d48d540fa62ae554311932efda01 25.03KiB ...
Since the problem described in this issue should be resolved in a recent advisory, it has been closed.
For information on the advisory (Important: OpenShift Container Platform 4.13.25 bug fix and security update), and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2023:7604