Open ElCoyote27 opened 3 weeks ago
I have a working proxy registry located at: docker://registry.lasthome.solace.krynn:5000 It properly proxies for quay.io, registry.redhat.io, etc...
When I configure kcli to use my registry, like this:
disconnected_user: openshift disconnected_password: OBFUSCATED
I see this being configured in the kcli install config:
imageContentSources: - mirrors: - registry.lasthome.solace.krynn:5000/openshift/release source: quay.io/openshift-release-dev/ocp-v4.0-art-dev - mirrors: - registry.lasthome.solace.krynn:5000/openshift/release-images source: quay.io/ocp-release
As a result, the bootstrap node fails to come up fully and spits out this message
Aug 20 11:09:56 ocp4d-bootstrap release-image-download.sh[363447]: Error: initializing source docker://registry.lasthome.solace.krynn:5000/openshift/release-images:4.16.5-x86_64: reading manifest 4.16.5-x86_64 in registry.lasthome.solace.krynn:5000/openshift/release-images: manifest unknown
I believe this configuration is wrong and that the following configuration should be used instead:
- mirrors: - registry.lasthome.solace.krynn:5000/openshift-release-dev/ocp-v4.0-art-dev source: quay.io/openshift-release-dev/ocp-v4.0-art-dev - mirrors: - registry.lasthome.solace.krynn:5000/ocp-release source: quay.io/ocp-release
When I check the upstream of these repos, I see this:
$ docker login quay.io Authenticating with existing credentials... Login Succeeded $ docker pull quay.io/openshift/release-images:4.16.5-x86_64 Error response from daemon: unauthorized: access to the requested resource is not authorized $ docker pull quay.io/openshift-release-dev/ocp-release:4.16.5-x86_64 4.16.5-x86_64: Pulling from openshift-release-dev/ocp-release Digest: sha256:ac78ebf77f95ab8ff52847ecd22592b545415e1ff6c7ff7f66bf81f158ae4f5e Status: Downloaded newer image for quay.io/openshift-release-dev/ocp-release:4.16.5-x86_64 quay.io/openshift-release-dev/ocp-release:4.16.5-x86_64
To me, the first URL is wrong (even if present in some docs) whereas the older URL works...
With the following patch to kcli, I am able to deploy with my disconnected registry without issues:
diff -r -u 1/usr/lib/python3.6/site-packages/kvirt/cluster/openshift/__init__.py 2/usr/lib/python3.6/site-packages/kvirt/cluster/openshift/__init__.py --- 1/usr/lib/python3.6/site-packages/kvirt/cluster/openshift/__init__.py 2024-08-16 20:54:49.920500082 +0200 +++ 2/usr/lib/python3.6/site-packages/kvirt/cluster/openshift/__init__.py 2024-08-16 20:43:03.029192666 +0200 @@ -150,7 +150,7 @@ for extra_release in extra_releases: tag_and_arch = re.search(r":(.+)$", extra_release).group(1) synccmd = f"oc adm release mirror -a {pull_secret} --from={extra_release} " - synccmd += f"--to-release-image={disconnected_url}/openshift/release-images:{tag_and_arch} " + synccmd += f"--to-release-image={disconnected_url}/openshift-release-dev/ocp-release:{tag_and_arch} " synccmd += f"--to={disconnected_url}/openshift/release" pprint(f"Running {synccmd}") call(synccmd, shell=True) @@ -978,7 +978,7 @@ update_pull_secret(pull_secret, disconnected_url, disconnected_user, disconnected_password) data['ori_tag'] = tag if '/' not in str(tag): - tag = f'{disconnected_url}/openshift/release-images:{tag}-{arch}' + tag = f'{disconnected_url}/openshift-release-dev/ocp-release:{tag}-{arch}' os.environ['OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE'] = tag pprint(f"Setting OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to {tag}") data['openshift_release_image'] = tag diff -r -u 1/usr/lib/python3.6/site-packages/kvirt/cluster/openshift/install-config.yaml 2/usr/lib/python3.6/site-packages/kvirt/cluster/openshift/install-config.yaml --- 1/usr/lib/python3.6/site-packages/kvirt/cluster/openshift/install-config.yaml 2024-08-16 20:54:49.923500125 +0200 +++ 2/usr/lib/python3.6/site-packages/kvirt/cluster/openshift/install-config.yaml 2024-08-16 19:46:05.904662601 +0200 @@ -127,10 +127,10 @@ source: registry.build01.ci.openshift.org/{{ release }}/stable {% else %} - mirrors: - - {{ disconnected_url }}/openshift/release + - {{ disconnected_url }}/openshift-release-dev/ocp-v4.0-art-dev source: quay.io/openshift-release-dev/ocp-v4.0-art-dev - mirrors: - - {{ disconnected_url }}/openshift/release-images + - {{ disconnected_url }}/openshift-release-dev/ocp-release {% if ':' in tag|string %} source: {{ openshift_release_image.split('/')[0] }}/{{ (tag|string).split(':')[0] }} {% elif 'registry.ci' in openshift_release_image %}
the mapping is done this way to match what's done when using oc-mirror, which has turnt into the standard way to mirror ocp content.
I have a working proxy registry located at: docker://registry.lasthome.solace.krynn:5000 It properly proxies for quay.io, registry.redhat.io, etc...
When I configure kcli to use my registry, like this:
I see this being configured in the kcli install config:
As a result, the bootstrap node fails to come up fully and spits out this message
I believe this configuration is wrong and that the following configuration should be used instead:
When I check the upstream of these repos, I see this:
To me, the first URL is wrong (even if present in some docs) whereas the older URL works...
With the following patch to kcli, I am able to deploy with my disconnected registry without issues: