Details
-
Bug
-
Resolution: Done
-
Blocker
-
quay-v3.6.0
Description
Description:
This is an issue found when use Quay 3.6.0 Operator to deploy Quay, when specify to use managed route without specify the server hostname and not provide SSL key pairs, Quay App POD was crashed, get error "Installing extra certificates found in /quay-registry/conf/stack/extra_ca_certs directory
/quay-registry/conf/init/certs_install.sh: line 24: /.local/lib/python3.8/site-packages/certifi/cacert.pem: No such file or directory"
Note: This issue can be reproduced even with unmanaged route and unmanaged TLS
see following error message:
oc get pod NAME READY STATUS RESTARTS AGE quay-operator.v3.6.0-774b678574-5sqv4 1/1 Running 0 8m7s quay360-clair-app-5cd94c4695-c95np 1/1 Running 0 107s quay360-clair-app-5cd94c4695-t5fld 1/1 Running 0 94s quay360-clair-postgres-5c8f96bf48-jhg2v 1/1 Running 1 3m19s quay360-quay-app-7d9dd5ff97-rcbcw 0/1 CrashLoopBackOff 3 98s quay360-quay-app-7d9dd5ff97-vq9hf 0/1 Error 4 107s quay360-quay-app-upgrade-c89tj 0/1 Completed 0 115s quay360-quay-config-editor-6dc5765c58-cfzlb 0/1 CrashLoopBackOff 4 107s quay360-quay-database-66c69cc644-frvtj 0/1 ContainerCreating 0 107s quay360-quay-database-679b458-blwc6 1/1 Running 0 3m19s quay360-quay-mirror-647679f47c-2rp7v 0/1 Init:0/1 0 77s quay360-quay-mirror-647679f47c-tt6m6 0/1 Init:0/1 0 77s quay360-quay-postgres-init-dj9d6 1/1 Running 0 109s quay360-quay-redis-5f774b5f55-4h9vt 1/1 Running 0 3m19s oc logs quay360-quay-app-7d9dd5ff97-rcbcw __ __ / \ / \ ______ _ _ __ __ __ / /\ / /\ \ / __ \ | | | | / \ \ \ / / / / / / \ \ | | | | | | | | / /\ \ \ / \ \ \ \ / / | |__| | | |__| | / ____ \ | | \ \/ \ \/ / \_ ___/ \____/ /_/ \_\ |_| \__/ \__/ \ \__ \___\ by Red Hat Build, Store, and Distribute your Containers Running all default registry services without migration Running init script '/quay-registry/conf/init/certs_create.sh' Generating a RSA private key ....................................................................................................++++ .................................++++ writing new private key to 'mitm-key.pem' ----- Running init script '/quay-registry/conf/init/certs_install.sh' Installing extra certificates found in /quay-registry/conf/stack/extra_ca_certs directory /quay-registry/conf/init/certs_install.sh: line 24: /.local/lib/python3.8/site-packages/certifi/cacert.pem: No such file or directory oc get pod quay360-quay-app-7d9dd5ff97-rcbcw -o json | jq '.spec.containers[0].image' "registry.redhat.io/quay/quay-rhel8@sha256:c78ebbddf1f57beb40741d782745855f8438bfe09accdc0756bd62335d9d1e81" oc get pod quay-operator.v3.6.0-774b678574-5sqv4 -o json | jq '.spec.containers[0].image' "registry.redhat.io/quay/quay-operator-rhel8@sha256:0b3bdc165abce9ca20af6c97420756349df22228530ea2affb07b62f5ecd1487"
Quay config.yaml:
cat config.yaml FEATURE_GENERAL_OCI_SUPPORT: true FEATURE_HELM_OCI_SUPPORT: true SUPER_USERS: - quay - admin DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: - default DISTRIBUTED_STORAGE_PREFERENCE: - default DISTRIBUTED_STORAGE_CONFIG: default: - S3Storage - s3_bucket: quay360 storage_path: /quay360 s3_access_key: ****** s3_secret_key: ****** host: s3.us-east-2.amazonaws.com
QuayRegistry:
cat quayregistry_s3.yaml
apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
name: quay360
spec:
configBundleSecret: config-bundle-secret
components:
- kind: objectstorage
managed: false
Index Image:
Index image v4.7: registry-proxy.engineering.redhat.com/rh-osbs/iib:91291
Steps:
- Deploy Quay 3.6.0 Operator on OCP single namespace
- Create config bundle secret
- Create QuayRegistry
- Check the status of QuayRegistry
Expected Results:
QuayRegistry should be in healthy status.
Actual Results:
Quay App POD was crashed.