Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: 6.18.1
Affects Version/s: 6.17.2
Component/s: API, Container Image Management
Labels:
- CEE.neXT
- TAM
- snap-6.18.1-1.0
- team-triaged
- triaged

Story Points:
2
Target Version:

6.18.1
Blocked:
False
Fixed in Build:
rubygem-katello-4.18.0.4
External issue URL:
https://projects.theforeman.org/issues/38744
GitHub Issue:
https://github.com/Katello/katello/pull/11506
Sprint:
Artemis Sprint 158
AssignedTeam:
sat-artemis

Release Note Type:
None
Release Note Text:
None
Release Note Status:
None

PX Impact Score:
PX Review Complete:
SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Test Coverage:

Automated
Regression:
Yes

Market:

A customer has recently upgraded from 6.16 to 6.17.2 and is facing an issue with a workflow they previously constructed for container image pulls with Satellite.

Previously in Satellite 6.16, the Satellite would allow the clients to pull container images using an alias for the Satellite hostname as seen in the example below (hostnames have been obfuscated by the customer):

Using 'podman pull' with actual hostname (hostname1.dhs.gov) of Satellite server is successful
podman pull hostname1.dhs.gov/hart-infrastructure_container_images-infrastructure-containers_redhat-openjdk21-runtime:1.21-1.1733995527
Trying to pull hostname1.dhs.gov/hart-infrastructure_container_images-infrastructure-containers_redhat-openjdk21-runtime:1.21-1.1733995527...
Getting image source signatures
Copying blob a9575729856e done |
Copying blob cce554572411 done |
Copying config 39884d7845 done |
Writing manifest to image destination
39884d7845ee24331fed24cd0c1748f58d392217a40779bab6d8d9e3ee003e24
Using 'podman pull' with DNS alias (satellite1.dhs.gov) fails
podman pull satellite1.dhs.gov/hart-infrastructure_container_images-infrastructure-containers_redhat-openjdk21-runtime:1.21-1.1733995527
Trying to pull satellite1.dhs.gov/hart-infrastructure_container_images-infrastructure-containers_redhat-openjdk21-runtime:1.21-1.1733995527...
Error: parsing image configuration: fetching blob: received unexpected HTTP status: 500 Internal Server Error

After upgrading the Satellite to 6.17, the alias image pull no longer works. The customer needs to have this working as they have already built an entire pipeline off this functionality.

Minimal reproducer steps:

Add a DNS alias to your environment:
- Modifying `/etc/hosts` is a good option. Add a line like `x.x.x.x address.example.com alias.example.com`.
- Message Quinn James (me) if you'd like a way to do this "properly" without loopback.
Change foreman's `config/settings.yaml` file and add the following:

# Configure hostnames for ActionDispatch::HostAuthorization
# Only hostnames are supported. Regular expressions and IP addresses/ranges are not.
# https://guides.rubyonrails.org/v6.1/configuring.html#configuring-middleware
:hosts:  
  - alias.example.com

Run `podman login alias.example.com --tls-verify=false`. It should work.
Run `podman push XXXXXX alias.example.com/org_label/product_label/repo_name --tls-verify=false`. It should work.
Run `podman pull alias.example.com/org_label/product_label/repo_name --tls-verify=false`. It should fail.

is cloned by

SAT-40257 Image pull using DNS alias fails after 6.17 upgrade

Closed

links to

RHBA-2025:156193 Important: Satellite 6.18.1 Async Update

Assignee:: Quinn James

Reporter:: Amar Ganbat

Contributors:: Amar Ganbat

QA Contact:: Sam Bible

Reviewer:: Ian Ballou

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/11/06 12:44 PM

Updated:: 2025/11/21 12:20 PM

Resolved:: 2025/11/20 8:31 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide