Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-42522

enclave mirror failed when prepare enterprise registry data with m2m

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.18
    • oc-mirror
    • Moderate
    • None
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      oc-mirror enclave mirror failed when prepare enterprise registry data with m2m,

      Version-Release number of selected component (if applicable):

      ./oc-mirror version 
      WARNING: This version information is deprecated and will be replaced with the output from --short. Use --output=yaml|json to get the full version.
      Client Version: version.Info{Major:"", Minor:"", GitVersion:"v0.0.0-unknown-5919c186", GitCommit:"5919c186", GitTreeState:"clean", BuildDate:"2024-09-26T07:49:06Z", GoVersion:"go1.23.0", Compiler:"gc", Platform:"linux/amd64"}

      How reproducible:

      100%

      Steps to Reproduce:

      1)  The following steps to simulate the enterprise registry : 
      Launch cluster ,create registry app and configure the Registry Certificate as trusted for cincinnati
      2) mirror with following imageconfigset :
      kind: ImageSetConfiguration
      apiVersion: mirror.openshift.io/v2alpha1
      mirror:
        platform:
          graph: true
          channels:
          - name: stable-4.15
      execute mirror2miror command : 
      `oc-mirror -c config.yaml --workspace  file://outm2m --v2 docker://myregistry-zhouy.apps.yinzhou-27.qe.devcluster.openshift.com  --dest-tls-verify=false --retry-times 10`
      
      3) On web console install the OSUS operator
      4)  Create the osus cluster by the updateService.yaml (created by oc-mirror)  in the OSUS operator namespace
      
      
      5) The following steps to simulate the enclave mirror 
       cat /etc/squid/squid.conf
      http_port 3128
      coredump_dir /var/spool/squid
      acl whitelist dstdomain "/etc/squid/whitelist"
      http_access allow whitelist
      http_access deny !whitelist
      
      
      cat /etc/squid/whitelist 
      my-route-zhouy.apps.yinzhou-88.qe.devcluster.openshift.com                                    -------------registry route
      update-service-oc-mirror-route-openshift-update-service.apps.yinzhou-88.qe.devcluster.openshift.com        ---osus route
      
      
      export https_proxy=http://127.0.0.1:3128
      export http_proxy=http://127.0.0.1:3128
      
      
      `oc get updateservice update-service-oc-mirror -n openshift-update-service  -o jsonpath='{.status.policyEngineURI}'`
      export UPDATE_URL_OVERRIDE=`oc get updateservice update-service-oc-mirror -n openshift-update-service  -o jsonpath='{.status.policyEngineURI}'`/api/upgrades_info/v1/graph
      
      
      open the url for UPDATE_URL_OVERRIDE on browser , download the ca from brower and save it :
      sudo cp /home/fedora/_.apps.yinzhou-88.qe.devcluster.openshift.com /etc/pki/tls/certs/
      sudo  update-ca-trust
      
       Setting registry redirect with : 
      cat ~/.config/containers/registries.conf 
      [[registry]]
        location = "quay.io"
        insecure = false
        blocked = false
        mirror-by-digest-only = false
        prefix = ""
        [[registry.mirror]]
          location = "my-route-zhouy.apps.yinzhou-88.qe.devcluster.openshift.com"
          insecure = false
      
      
      6) run the enclave mirror with command : 
      ./oc-mirror   -c config.yaml file://outenclave --v2

       

      Actual results:

      6) ./oc-mirror   -c config.yaml file://outenclave --v2 2024/09/27 07:03:19  [WARN]   : ⚠️  --v2 flag identified, flow redirected to the oc-mirror v2 version. This is Tech Preview, it is still under development and it is not production ready.
      2024/09/27 07:03:19  [INFO]   : 👋 Hello, welcome to oc-mirror
      2024/09/27 07:03:19  [INFO]   : ⚙️  setting up the environment for you...
      2024/09/27 07:03:19  [INFO]   : 🔀 workflow mode: mirrorToDisk 
      2024/09/27 07:03:19  [INFO]   : Using the UPDATE_URL_OVERRIDE environment variable
      2024/09/27 07:03:19  [INFO]   : 🕵️  going to discover the necessary images...
      2024/09/27 07:03:19  [INFO]   : 🔍 collecting release images...
      2024/09/27 07:03:19  [INFO]   : Using the UPDATE_URL_OVERRIDE environment variable
      2024/09/27 07:03:19  [ERROR]  : http request Get "https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release/sha256=f5bbc3d132a60943b52b4d4c2a34da7f631d5989b27525017c61a45bee61bed2/signature-1": Forbidden
      2024/09/27 07:03:19  [INFO]   : 🔍 collecting operator images...
      2024/09/27 07:03:19  [INFO]   : 🔍 collecting additional images...
      2024/09/27 07:03:19  [INFO]   : 🚀 Start copying the images...
      2024/09/27 07:03:19  [INFO]   : images to copy 1 
       ✓   1/1 : (3s) docker://localhost:55000/openshift/graph-image:latest 
      2024/09/27 07:03:22  [INFO]   : === Results ===
      2024/09/27 07:03:22  [INFO]   : ✅ 1 / 1 release images mirrored successfully
      2024/09/27 07:03:22  [INFO]   : 📦 Preparing the tarball archive...
      2024/09/27 07:03:23  [INFO]   : mirror time     : 4.382017455s
      2024/09/27 07:03:23  [INFO]   : 👋 Goodbye, thank you for using oc-mirror

       

      Expected results:

      6) enclave mirror should not failed. 
       

       

              luzuccar@redhat.com Luigi Mario Zuccarelli
              yinzhou@redhat.com ying zhou
              ying zhou ying zhou
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: