Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36953

oc-mirror v2 --authfile option doesn't work for mirror registry authentication

XMLWordPrintable

    • Moderate
    • None
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          The --authfile option is not working as expected for the mirror registry.
      
      When the credentials file is copied into $XDG_RUNTIME_DIR/containers/auth.json or ~.docker/config.json, it works fine.
      
      Tried this on both RHEL 8 and RHEL 9 and the results are always the same.
      
      [ec2-user@ip-10-0-102-187 ~]$ oc-mirror --config imageset.yaml --authfile pull-secret.json --workspace file:///tmp/mirror docker://ec2-13-234-232-121.ap-south-1.compute.amazonaws.com:8443 --v22024/07/12 20:29:03  [WARN]   : ⚠️  --v2 flag identified, flow redirected to the oc-mirror v2 version. This is Tech Preview, it is still under development and it is not production ready.
      2024/07/12 20:29:03  [INFO]   : 👋 Hello, welcome to oc-mirror
      2024/07/12 20:29:03  [INFO]   : ⚙️  setting up the environment for you...
      2024/07/12 20:29:03  [INFO]   : 🔀 workflow mode: mirrorToMirror 
      2024/07/12 20:29:03  [INFO]   : 🕵️  going to discover the necessary images...
      2024/07/12 20:29:03  [INFO]   : 🔍 collecting release images...
      2024/07/12 20:29:20  [ERROR]  : [ReleaseImageCollector] HEAD https://ec2-13-234-232-121.ap-south-1.compute.amazonaws.com:8443/v2/openshift/graph-image/manifests/sha256:b02c8b1373fe1cc71b79ad0a9c6c28e156dc68300696b4dd67fb18187471b47a: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
      2024/07/12 20:29:20  [INFO]   : 👋 Goodbye, thank you for using oc-mirror
      2024/07/12 20:29:20  [ERROR]  : HEAD https://ec2-13-234-232-121.ap-south-1.compute.amazonaws.com:8443/v2/openshift/graph-image/manifests/sha256:b02c8b1373fe1cc71b79ad0a9c6c28e156dc68300696b4dd67fb18187471b47a: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) 
      [ec2-user@ip-10-0-102-187 ~]$ 
      [ec2-user@ip-10-0-102-187 ~]$ 
      [ec2-user@ip-10-0-102-187 ~]$ cp -p pull-secret.json $XDG_RUNTIME_DIR/containers/auth.json
      [ec2-user@ip-10-0-102-187 ~]$
      [ec2-user@ip-10-0-102-187 ~]$
      [ec2-user@ip-10-0-102-187 ~]$ oc-mirror --config imageset.yaml --workspace file:///tmp/mirror docker://ec2-13-234-232-121.ap-south-1.compute.amazonaws.com:8443 --v22024/07/12 20:31:45  [WARN]   : ⚠️  --v2 flag identified, flow redirected to the oc-mirror v2 version. This is Tech Preview, it is still under development and it is not production ready.
      2024/07/12 20:31:45  [INFO]   : 👋 Hello, welcome to oc-mirror
      2024/07/12 20:31:45  [INFO]   : ⚙️  setting up the environment for you...
      2024/07/12 20:31:45  [INFO]   : 🔀 workflow mode: mirrorToMirror 
      2024/07/12 20:31:45  [INFO]   : 🕵️  going to discover the necessary images...
      2024/07/12 20:31:45  [INFO]   : 🔍 collecting release images...
      2024/07/12 20:31:59  [INFO]   : 🔍 collecting operator images...
      2024/07/12 20:33:26  [INFO]   : 🔍 collecting additional images...
      2024/07/12 20:33:26  [INFO]   : 🚀 Start copying the images...
      2024/07/12 20:33:49  [INFO]   : === Overall Progress -  image 1 / 213 ===
      2024/07/12 20:33:49  [INFO]   :  release image 1 / 185
      2024/07/12 20:33:49  [INFO]   :  operator image 0 / 26
      2024/07/12 20:33:49  [INFO]   :  additional image 0 / 2
      2024/07/12 20:33:49  [INFO]   :  image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d0ac3715fa6fa362bf4327a06285095578c2fc2e3bdae28277c378ba81e07a2a
      2024/07/12 20:33:49  [INFO]   : =========================================
      2024/07/12 20:33:57  [INFO]   : === Overall Progress -  image 2 / 213 ===
      2024/07/12 20:33:57  [INFO]   :  release image 2 / 185
      2024/07/12 20:33:57  [INFO]   :  operator image 0 / 26
      2024/07/12 20:33:57  [INFO]   :  additional image 0 / 2
      2024/07/12 20:33:57  [INFO]   :  image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d686e511141b93c4ca8ddb3a363325caecde948590cd1e2cbbe3c75fe1a71f2d
      2024/07/12 20:33:57  [INFO]   : =========================================
      2024/07/12 20:34:18  [INFO]   : === Overall Progress -  image 3 / 213 ===
      2024/07/12 20:34:18  [INFO]   :  release image 3 / 185
      2024/07/12 20:34:18  [INFO]   :  operator image 0 / 26
      2024/07/12 20:34:18  [INFO]   :  additional image 0 / 2
      2024/07/12 20:34:18  [INFO]   :  image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:49a0183895afe73ef8ed17cea7cca3da252049688231bbd609209838fcc1f55d
      2024/07/12 20:34:18  [INFO]   : =========================================

      Version-Release number of selected component (if applicable):

      4.16    

      How reproducible:

          100%

      Steps to Reproduce:

          1. Install mirror registry for Red Hat OpenShift
          2. Add the credentials for the mirror registry to the pull-secret as per the oc-mirror documentation.
          3. Create a sample imagetset file.
          4. Run the oc-mirror command with --authfile and --v2. The error appears if the pull-secret is not in $XDG_RUNTIME_DIR/containers/auth.json or ~.docker/config.json.     

      Actual results:

          Authentication fails for mirror registry

      Expected results:

          Mirroring should proceed without authentication errors.

      Additional info:

          

              luzuccar@redhat.com Luigi Mario Zuccarelli
              rhn-support-alosingh Alok Singh
              ying zhou ying zhou
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: