Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.18
Component/s: oc-mirror
Labels:
- to-be-triaged
- v2

Severity:
Moderate
Regression:
None
Epic Link:
EnclaveV2P3
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.18.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

oc-mirror enclave mirror failed when prepare enterprise registry data with m2m,

Version-Release number of selected component (if applicable):

./oc-mirror version 
WARNING: This version information is deprecated and will be replaced with the output from --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"", Minor:"", GitVersion:"v0.0.0-unknown-5919c186", GitCommit:"5919c186", GitTreeState:"clean", BuildDate:"2024-09-26T07:49:06Z", GoVersion:"go1.23.0", Compiler:"gc", Platform:"linux/amd64"}

How reproducible:

100%

Steps to Reproduce:

1)  The following steps to simulate the enterprise registry : 
Launch cluster ,create registry app and configure the Registry Certificate as trusted for cincinnati
2) mirror with following imageconfigset :
kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v2alpha1
mirror:
  platform:
    graph: true
    channels:
    - name: stable-4.15
execute mirror2miror command : 
`oc-mirror -c config.yaml --workspace  file://outm2m --v2 docker://myregistry-zhouy.apps.yinzhou-27.qe.devcluster.openshift.com  --dest-tls-verify=false --retry-times 10`

3) On web console install the OSUS operator
4)  Create the osus cluster by the updateService.yaml (created by oc-mirror)  in the OSUS operator namespace


5) The following steps to simulate the enclave mirror 
 cat /etc/squid/squid.conf
http_port 3128
coredump_dir /var/spool/squid
acl whitelist dstdomain "/etc/squid/whitelist"
http_access allow whitelist
http_access deny !whitelist


cat /etc/squid/whitelist 
my-route-zhouy.apps.yinzhou-88.qe.devcluster.openshift.com                                    -------------registry route
update-service-oc-mirror-route-openshift-update-service.apps.yinzhou-88.qe.devcluster.openshift.com        ---osus route


export https_proxy=http://127.0.0.1:3128
export http_proxy=http://127.0.0.1:3128


`oc get updateservice update-service-oc-mirror -n openshift-update-service  -o jsonpath='{.status.policyEngineURI}'`
export UPDATE_URL_OVERRIDE=`oc get updateservice update-service-oc-mirror -n openshift-update-service  -o jsonpath='{.status.policyEngineURI}'`/api/upgrades_info/v1/graph


open the url for UPDATE_URL_OVERRIDE on browser , download the ca from brower and save it :
sudo cp /home/fedora/_.apps.yinzhou-88.qe.devcluster.openshift.com /etc/pki/tls/certs/
sudo  update-ca-trust

 Setting registry redirect with : 
cat ~/.config/containers/registries.conf 
[[registry]]
  location = "quay.io"
  insecure = false
  blocked = false
  mirror-by-digest-only = false
  prefix = ""
  [[registry.mirror]]
    location = "my-route-zhouy.apps.yinzhou-88.qe.devcluster.openshift.com"
    insecure = false


6) run the enclave mirror with command : 
./oc-mirror   -c config.yaml file://outenclave --v2

Actual results:

6) ./oc-mirror   -c config.yaml file://outenclave --v2 2024/09/27 07:03:19  [WARN]   : ⚠️  --v2 flag identified, flow redirected to the oc-mirror v2 version. This is Tech Preview, it is still under development and it is not production ready.
2024/09/27 07:03:19  [INFO]   : 👋 Hello, welcome to oc-mirror
2024/09/27 07:03:19  [INFO]   : ⚙️  setting up the environment for you...
2024/09/27 07:03:19  [INFO]   : 🔀 workflow mode: mirrorToDisk 
2024/09/27 07:03:19  [INFO]   : Using the UPDATE_URL_OVERRIDE environment variable
2024/09/27 07:03:19  [INFO]   : 🕵️  going to discover the necessary images...
2024/09/27 07:03:19  [INFO]   : 🔍 collecting release images...
2024/09/27 07:03:19  [INFO]   : Using the UPDATE_URL_OVERRIDE environment variable
2024/09/27 07:03:19  [ERROR]  : http request Get "https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release/sha256=f5bbc3d132a60943b52b4d4c2a34da7f631d5989b27525017c61a45bee61bed2/signature-1": Forbidden
2024/09/27 07:03:19  [INFO]   : 🔍 collecting operator images...
2024/09/27 07:03:19  [INFO]   : 🔍 collecting additional images...
2024/09/27 07:03:19  [INFO]   : 🚀 Start copying the images...
2024/09/27 07:03:19  [INFO]   : images to copy 1 
 ✓   1/1 : (3s) docker://localhost:55000/openshift/graph-image:latest 
2024/09/27 07:03:22  [INFO]   : === Results ===
2024/09/27 07:03:22  [INFO]   : ✅ 1 / 1 release images mirrored successfully
2024/09/27 07:03:22  [INFO]   : 📦 Preparing the tarball archive...
2024/09/27 07:03:23  [INFO]   : mirror time     : 4.382017455s
2024/09/27 07:03:23  [INFO]   : 👋 Goodbye, thank you for using oc-mirror

Expected results:

6) enclave mirror should not failed.

is cloned by

OCPBUGS-42941 enclave mirror failed with error: [ERROR] : http request Get "https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release/sha256=0521a0f1acd2d1b77f76259cb9bae9c743c60c37d9903806a3372c1414253658/signature-1": Forbidden

Closed

Assignee:: Luigi Mario Zuccarelli

Reporter:: ying zhou

QA Contact:: ying zhou

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/09/27 8:09 AM

Updated:: 2024/10/09 8:02 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates