Closed cgwalters closed 9 months ago
So, for me it was sufficient to do this on all nodes
[root@ocp-ctlplane0 ~]# rm -f /run/ostree/auth.json
But, I also made my mirror-registry okd repo public. So it didn't require authentication. Not sure if that was needed, but since I was removing the auth credentials it made sense to make my repo public as well.
If anyone hits it, that should work for them. MCO kept progressing through all of my nodes after that without issue.
https://gitlab.com/redhat/centos-stream/rpms/rpm-ostree/-/merge_requests/21 merged and should be filtering into the OKD OS builds soon.
rpm-ostree 2022.18 regressed pulling from authenticated registries - https://github.com/containers/containers-image-proxy-rs/issues/44 - this is fixed in 2022.19 which is inbound to c9s now.
Unfortunately, anyone who has upgraded into this will likely need a manual workaround, because the upgrade will work fine, it's just subsequent upgrades that will break.
The easiest workaround will be to
rpm-ostree usroverlay
andrpm -Uvh
on the patched rpm-ostree version on each affected node. In theory, we could actually automate this in the MCO and we may need to do so if we have a lot of reports of affected users.One user reported that deleting
/etc/ostree/auth.json
fixed things, which may be a viable temporary workaround too.