Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36953

[v2] oc-mirror --authfile option doesn't work for mirror registry authentication

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

          The --authfile option is not working as expected for the mirror registry.

When the credentials file is copied into $XDG_RUNTIME_DIR/containers/auth.json or ~.docker/config.json, it works fine.

Tried this on both RHEL 8 and RHEL 9 and the results are always the same.

[ec2-user@ip-10-0-102-187 ~]$ oc-mirror --config imageset.yaml --authfile pull-secret.json --workspace file:///tmp/mirror docker://ec2-13-234-232-121.ap-south-1.compute.amazonaws.com:8443 --v22024/07/12 20:29:03  [WARN]   : ⚠️  --v2 flag identified, flow redirected to the oc-mirror v2 version. This is Tech Preview, it is still under development and it is not production ready.
2024/07/12 20:29:03  [INFO]   : 👋 Hello, welcome to oc-mirror
2024/07/12 20:29:03  [INFO]   : ⚙️  setting up the environment for you...
2024/07/12 20:29:03  [INFO]   : 🔀 workflow mode: mirrorToMirror 
2024/07/12 20:29:03  [INFO]   : 🕵️  going to discover the necessary images...
2024/07/12 20:29:03  [INFO]   : 🔍 collecting release images...
2024/07/12 20:29:20  [ERROR]  : [ReleaseImageCollector] HEAD https://ec2-13-234-232-121.ap-south-1.compute.amazonaws.com:8443/v2/openshift/graph-image/manifests/sha256:b02c8b1373fe1cc71b79ad0a9c6c28e156dc68300696b4dd67fb18187471b47a: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
2024/07/12 20:29:20  [INFO]   : 👋 Goodbye, thank you for using oc-mirror
2024/07/12 20:29:20  [ERROR]  : HEAD https://ec2-13-234-232-121.ap-south-1.compute.amazonaws.com:8443/v2/openshift/graph-image/manifests/sha256:b02c8b1373fe1cc71b79ad0a9c6c28e156dc68300696b4dd67fb18187471b47a: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) 
[ec2-user@ip-10-0-102-187 ~]$ 
[ec2-user@ip-10-0-102-187 ~]$ 
[ec2-user@ip-10-0-102-187 ~]$ cp -p pull-secret.json $XDG_RUNTIME_DIR/containers/auth.json
[ec2-user@ip-10-0-102-187 ~]$
[ec2-user@ip-10-0-102-187 ~]$
[ec2-user@ip-10-0-102-187 ~]$ oc-mirror --config imageset.yaml --workspace file:///tmp/mirror docker://ec2-13-234-232-121.ap-south-1.compute.amazonaws.com:8443 --v22024/07/12 20:31:45  [WARN]   : ⚠️  --v2 flag identified, flow redirected to the oc-mirror v2 version. This is Tech Preview, it is still under development and it is not production ready.
2024/07/12 20:31:45  [INFO]   : 👋 Hello, welcome to oc-mirror
2024/07/12 20:31:45  [INFO]   : ⚙️  setting up the environment for you...
2024/07/12 20:31:45  [INFO]   : 🔀 workflow mode: mirrorToMirror 
2024/07/12 20:31:45  [INFO]   : 🕵️  going to discover the necessary images...
2024/07/12 20:31:45  [INFO]   : 🔍 collecting release images...
2024/07/12 20:31:59  [INFO]   : 🔍 collecting operator images...
2024/07/12 20:33:26  [INFO]   : 🔍 collecting additional images...
2024/07/12 20:33:26  [INFO]   : 🚀 Start copying the images...
2024/07/12 20:33:49  [INFO]   : === Overall Progress -  image 1 / 213 ===
2024/07/12 20:33:49  [INFO]   :  release image 1 / 185
2024/07/12 20:33:49  [INFO]   :  operator image 0 / 26
2024/07/12 20:33:49  [INFO]   :  additional image 0 / 2
2024/07/12 20:33:49  [INFO]   :  image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d0ac3715fa6fa362bf4327a06285095578c2fc2e3bdae28277c378ba81e07a2a
2024/07/12 20:33:49  [INFO]   : =========================================
2024/07/12 20:33:57  [INFO]   : === Overall Progress -  image 2 / 213 ===
2024/07/12 20:33:57  [INFO]   :  release image 2 / 185
2024/07/12 20:33:57  [INFO]   :  operator image 0 / 26
2024/07/12 20:33:57  [INFO]   :  additional image 0 / 2
2024/07/12 20:33:57  [INFO]   :  image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d686e511141b93c4ca8ddb3a363325caecde948590cd1e2cbbe3c75fe1a71f2d
2024/07/12 20:33:57  [INFO]   : =========================================
2024/07/12 20:34:18  [INFO]   : === Overall Progress -  image 3 / 213 ===
2024/07/12 20:34:18  [INFO]   :  release image 3 / 185
2024/07/12 20:34:18  [INFO]   :  operator image 0 / 26
2024/07/12 20:34:18  [INFO]   :  additional image 0 / 2
2024/07/12 20:34:18  [INFO]   :  image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:49a0183895afe73ef8ed17cea7cca3da252049688231bbd609209838fcc1f55d
2024/07/12 20:34:18  [INFO]   : =========================================

      Version-Release number of selected component (if applicable):

      4.16

      How reproducible:

          100%

      Steps to Reproduce:

          1. Install mirror registry for Red Hat OpenShift
    2. Add the credentials for the mirror registry to the pull-secret as per the oc-mirror documentation.
    3. Create a sample imagetset file.
    4. Run the oc-mirror command with --authfile and --v2. The error appears if the pull-secret is not in $XDG_RUNTIME_DIR/containers/auth.json or ~.docker/config.json.    

      Actual results:

          Authentication fails for mirror registry

      Expected results:

          Mirroring should proceed without authentication errors.

      Additional info:

              Unassigned Unassigned
              rhn-support-alosingh Alok Singh
              None
              None
              Ying Zhou Ying Zhou
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: