[OCPBUGS-48490] The installation failed in the disconnected environment due to GetRegistryOverride() does not take SHA into account.

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.18, 4.19
Component/s: HyperShift
Labels:
- triaged

Regression:
None
Release Blocker:
Proposed
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Type:
Release Note Not Required
Release Note Status:
In Progress
Target Version:

4.17.z
Target Backport Versions:

4.18.z, 4.19

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue ~~OCPBUGS-48410~~. The following is the description of the original issue:
—
This is a clone of issue OCPBUGS-48152. The following is the description of the original issue:
—
Description of problem:

    The installation failed in the disconnected environment due to a failure to get controlPlaneOperatorImageLabels: failed to look up image metadata.

Version-Release number of selected component (if applicable):

    4.19 4.18

How reproducible:

    100%

Steps to Reproduce:

    1.disconnected env
    2.create agent hostedcluster

Actual results:

    cluster can be ready

Expected results:

       - lastTransitionTime: "2025-01-05T13:55:14Z"
      message: 'failed to get controlPlaneOperatorImageLabels: failed to look up image
        metadata for registry.ci.openshift.org/ocp/4.18-2025-01-04-031500@sha256:ba93b7791accfb38e76634edbc815d596ebf39c3d4683a001f8286b3e122ae69:
        failed to obtain root manifest for registry.ci.openshift.org/ocp/4.18-2025-01-04-031500@sha256:ba93b7791accfb38e76634edbc815d596ebf39c3d4683a001f8286b3e122ae69:
        manifest unknown: manifest unknown'
      observedGeneration: 2
      reason: ReconciliationError
      status: "False"
      type: ReconciliationSucceeded

Additional info:

    - mirrors:
    - virthost.ostest.test.metalkube.org:5000/localimages/local-release-image
  source: registry.build01.ci.openshift.org/ci-op-p2mqdwjp/release
- mirrors:
    - virthost.ostest.test.metalkube.org:5000/localimages/local-release-image
  source: registry.ci.openshift.org/ocp/4.18-2025-01-04-031500
- mirrors:
    - virthost.ostest.test.metalkube.org:6001/openshifttest
  source: quay.io/openshifttest
- mirrors:
    - virthost.ostest.test.metalkube.org:6001/openshift-qe-optional-operators
  source: quay.io/openshift-qe-optional-operators
- mirrors:
    - virthost.ostest.test.metalkube.org:6001/olmqe
  source: quay.io/olmqe
- mirrors:
    - virthost.ostest.test.metalkube.org:6002
  source: registry.redhat.io
- mirrors:
    - virthost.ostest.test.metalkube.org:6002
  source: brew.registry.redhat.io
- mirrors:
    - virthost.ostest.test.metalkube.org:6002
  source: registry.stage.redhat.io
- mirrors:
    - virthost.ostest.test.metalkube.org:6002
  source: registry-proxy.engineering.redhat.com

clones

OCPBUGS-48410 The installation failed in the disconnected environment due to GetRegistryOverride() does not take SHA into account.

Closed

is blocked by

OCPBUGS-48410 The installation failed in the disconnected environment due to GetRegistryOverride() does not take SHA into account.

Closed

links to

openshift/hypershift#5402: [release-4.17] OCPBUGS-48487,OCPBUGS-48488,OCPBUGS-48490: Fix IPv6 Disconnected HCP deployments

RHBA-2025:1703 OpenShift Container Platform 4.17.z bug fix update

Errata Tool added a comment - 2025/02/26 8:58 PM

Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

For information on the advisory (Moderate: OpenShift Container Platform 4.17.18 security update), and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2025:1703

Errata Tool added a comment - 2025/02/26 8:58 PM Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (Moderate: OpenShift Container Platform 4.17.18 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2025:1703

Liangquan Li added a comment - 2025/02/14 9:01 AM

/tmp/hcp create cluster agent --cluster-cidr fd03::/48 --service-cidr fd04::/112 --additional-trust-bundle=/tmp/secret/registry.2.crt --network-type=OVNKubernetes --olm-disable-default-sources --name=de0428e1dce139723baf --pull-secret=/tmp/.dockerconfigjson --agent-namespace=hypershift-agents --namespace local-cluster --base-domain=ostest.test.metalkube.org --api-server-address=api.de0428e1dce139723baf.ostest.test.metalkube.org --image-content-sources /tmp/secret/mgmt_icsp.yaml --ssh-key=/tmp/secret/id_rsa.pub --release-image virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:b55a2f49fb151126177e402ec9f9102ece78b2d03399f7b0c603789583ae9a85
2025-02-14T08:10:20Z	INFO	WARNING: Unable to access the payload, skipping the Architectures check.	{"error": "failed to retrieve manifest virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:b55a2f49fb151126177e402ec9f9102ece78b2d03399f7b0c603789583ae9a85: failed to create repository client for https://virthost.ostest.test.metalkube.org:5000: Get \"https://virthost.ostest.test.metalkube.org:5000/v2/\": tls: failed to verify certificate: x509: certificate signed by unknown authority"}
2025-02-14T08:10:20Z	INFO	Applied Kube resource	{"kind": "Namespace", "namespace": "", "name": "local-cluster"}
2025-02-14T08:10:20Z	INFO	Applied Kube resource	{"kind": "ConfigMap", "namespace": "local-cluster", "name": "user-ca-bundle"}
2025-02-14T08:10:20Z	INFO	Applied Kube resource	{"kind": "Secret", "namespace": "local-cluster", "name": "de0428e1dce139723baf-pull-secret"}
2025-02-14T08:10:20Z	INFO	Applied Kube resource	{"kind": "Secret", "namespace": "local-cluster", "name": "de0428e1dce139723baf-ssh-key"}
2025-02-14T08:10:20Z	INFO	Applied Kube resource	{"kind": "Role", "namespace": "hypershift-agents", "name": "capi-provider-role"}
2025-02-14T08:10:20Z	INFO	Applied Kube resource	{"kind": "Secret", "namespace": "local-cluster", "name": "de0428e1dce139723baf-etcd-encryption-key"}
2025-02-14T08:10:20Z	INFO	Applied Kube resource	{"kind": "", "namespace": "local-cluster", "name": "de0428e1dce139723baf"}
2025-02-14T08:10:20Z	INFO	Applied Kube resource	{"kind": "NodePool", "namespace": "local-cluster", "name": "de0428e1dce139723baf"}
➜  oc get hostedcluster -A                                                                                      
NAMESPACE       NAME                   VERSION                         KUBECONFIG                              PROGRESS    AVAILABLE   PROGRESSING   MESSAGE
local-cluster   de0428e1dce139723baf   4.17.0-0.ci-2025-02-13-221352   de0428e1dce139723baf-admin-kubeconfig   Completed   True        False         The hosted control plane is available
➜  make get-node-internal-ip
Node: master-0.ostest.test.metalkube.org  InternalIP: fd2e:6f44:5dd8:c956::14
Node: master-1.ostest.test.metalkube.org  InternalIP: fd2e:6f44:5dd8:c956::15
Node: master-2.ostest.test.metalkube.org  InternalIP: fd2e:6f44:5dd8:c956::16
Node: worker-0.ostest.test.metalkube.org  InternalIP: fd2e:6f44:5dd8:c956::17
Node: worker-1.ostest.test.metalkube.org  InternalIP: fd2e:6f44:5dd8:c956::18
Node: worker-2.ostest.test.metalkube.org  InternalIP: fd2e:6f44:5dd8:c956::19
➜  export KUBECONFIG=hostedcluster.kubeconfig              
➜  oc get clusterversion                                                      
NAME      VERSION                         AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.17.0-0.ci-2025-02-13-221352   True        False         21m     Cluster version is 4.17.0-0.ci-2025-02-13-221352
➜  make get-node-internal-ip
Node: ostest-extraworker-0  InternalIP: fd2e:6f44:5dd8:c956::1a
Node: ostest-extraworker-1  InternalIP: fd2e:6f44:5dd8:c956::1b
Node: ostest-extraworker-2  InternalIP: fd2e:6f44:5dd8:c956::1c

looks good, so we can move to verified.

Liangquan Li added a comment - 2025/02/14 9:01 AM /tmp/hcp create cluster agent --cluster-cidr fd03::/48 --service-cidr fd04::/112 --additional-trust-bundle=/tmp/secret/registry.2.crt --network-type=OVNKubernetes --olm-disable- default -sources --name=de0428e1dce139723baf --pull-secret=/tmp/.dockerconfigjson --agent-namespace=hypershift-agents --namespace local-cluster --base-domain=ostest.test.metalkube.org --api-server-address=api.de0428e1dce139723baf.ostest.test.metalkube.org --image-content-sources /tmp/secret/mgmt_icsp.yaml --ssh-key=/tmp/secret/id_rsa.pub --release-image virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:b55a2f49fb151126177e402ec9f9102ece78b2d03399f7b0c603789583ae9a85 2025-02-14T08:10:20Z INFO WARNING: Unable to access the payload, skipping the Architectures check. { "error" : "failed to retrieve manifest virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:b55a2f49fb151126177e402ec9f9102ece78b2d03399f7b0c603789583ae9a85: failed to create repository client for https: //virthost.ostest.test.metalkube.org:5000: Get \" https://virthost.ostest.test.metalkube.org:5000/v2/\ ": tls: failed to verify certificate: x509: certificate signed by unknown authority" } 2025-02-14T08:10:20Z INFO Applied Kube resource { "kind" : "Namespace" , "namespace" : "", " name ": " local-cluster"} 2025-02-14T08:10:20Z INFO Applied Kube resource { "kind" : "ConfigMap" , "namespace" : "local-cluster" , "name" : "user-ca-bundle" } 2025-02-14T08:10:20Z INFO Applied Kube resource { "kind" : "Secret" , "namespace" : "local-cluster" , "name" : "de0428e1dce139723baf-pull-secret" } 2025-02-14T08:10:20Z INFO Applied Kube resource { "kind" : "Secret" , "namespace" : "local-cluster" , "name" : "de0428e1dce139723baf-ssh-key" } 2025-02-14T08:10:20Z INFO Applied Kube resource { "kind" : "Role" , "namespace" : "hypershift-agents" , "name" : "capi-provider-role" } 2025-02-14T08:10:20Z INFO Applied Kube resource { "kind" : "Secret" , "namespace" : "local-cluster" , "name" : "de0428e1dce139723baf-etcd-encryption-key" } 2025-02-14T08:10:20Z INFO Applied Kube resource { "kind" : "", " namespace ": " local-cluster ", " name ": " de0428e1dce139723baf"} 2025-02-14T08:10:20Z INFO Applied Kube resource { "kind" : "NodePool" , "namespace" : "local-cluster" , "name" : "de0428e1dce139723baf" } ➜ oc get hostedcluster -A NAMESPACE NAME VERSION KUBECONFIG PROGRESS AVAILABLE PROGRESSING MESSAGE local-cluster de0428e1dce139723baf 4.17.0-0.ci-2025-02-13-221352 de0428e1dce139723baf-admin-kubeconfig Completed True False The hosted control plane is available ➜ make get-node-internal-ip Node: master-0.ostest.test.metalkube.org InternalIP: fd2e:6f44:5dd8:c956::14 Node: master-1.ostest.test.metalkube.org InternalIP: fd2e:6f44:5dd8:c956::15 Node: master-2.ostest.test.metalkube.org InternalIP: fd2e:6f44:5dd8:c956::16 Node: worker-0.ostest.test.metalkube.org InternalIP: fd2e:6f44:5dd8:c956::17 Node: worker-1.ostest.test.metalkube.org InternalIP: fd2e:6f44:5dd8:c956::18 Node: worker-2.ostest.test.metalkube.org InternalIP: fd2e:6f44:5dd8:c956::19 ➜ export KUBECONFIG=hostedcluster.kubeconfig ➜ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.17.0-0.ci-2025-02-13-221352 True False 21m Cluster version is 4.17.0-0.ci-2025-02-13-221352 ➜ make get-node-internal-ip Node: ostest-extraworker-0 InternalIP: fd2e:6f44:5dd8:c956::1a Node: ostest-extraworker-1 InternalIP: fd2e:6f44:5dd8:c956::1b Node: ostest-extraworker-2 InternalIP: fd2e:6f44:5dd8:c956::1c looks good, so we can move to verified.

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: Errata Tool added a comment - 2025/02/26 8:58 PM

Expand comment: Errata Tool added a comment - 2025/02/26 8:58 PM

Collapse comment: Liangquan Li added a comment - 2025/02/14 9:01 AM

Expand comment: Liangquan Li added a comment - 2025/02/14 9:01 AM

People

Dates