regression in 4.12.0-0.okd-scos-2022-12-02-083740

[cgwalters]

rpm-ostree 2022.18 regressed pulling from authenticated registries - https://github.com/containers/containers-image-proxy-rs/issues/44 - this is fixed in 2022.19 which is inbound to c9s now.

• This revealed a large CI gap on the rpm-ostree side, which I'm working on plugging now
• We should also be gating upgrade tests on OKD

Unfortunately, anyone who has upgraded into this will likely need a manual workaround, because the upgrade will work fine, it's just subsequent upgrades that will break.

The easiest workaround will be to rpm-ostree usroverlay and rpm -Uvh on the patched rpm-ostree version on each affected node. In theory, we could actually automate this in the MCO and we may need to do so if we have a lot of reports of affected users.

One user reported that deleting /etc/ostree/auth.json fixed things, which may be a viable temporary workaround too.

[bshephar]

So, for me it was sufficient to do this on all nodes

 [root@ocp-ctlplane0 ~]# rm -f /run/ostree/auth.json

But, I also made my mirror-registry okd repo public. So it didn't require authentication. Not sure if that was needed, but since I was removing the auth credentials it made sense to make my repo public as well.

If anyone hits it, that should work for them. MCO kept progressing through all of my nodes after that without issue.

[cgwalters]

https://gitlab.com/redhat/centos-stream/rpms/rpm-ostree/-/merge_requests/21 merged and should be filtering into the OKD OS builds soon.