search

openshift / oc-mirror

Lifecycle manager for internet-disconnected OpenShift environments
Apache License 2.0
82 stars 80 forks source link

oc-mirror command fails with status code 401 Unauthorized when rendering catalog OCP 4.12 redhat-operator-index #870

Open 1Darshan opened 4 weeks ago

1Darshan commented 4 weeks ago

Version

$ oc-mirror version
Client Version: version.Info{Major:"", Minor:"", GitVersion:"4.13.0-202405141537.p0.g02367d7.assembly.stream.el8-02367d7", GitCommit:"02367d7a9d25ca823fd52710a5a8484f09454884", GitTreeState:"clean", BuildDate:"2024-05-15T05:51:03Z", GoVersion:"go1.19.13 X:strictfipsruntime", Compiler:"gc", Platform:"linux/amd64"}

What happened?

I'm trying to create a Airgap OCP cluster, in order to do that I need to mirror the images from the below image set configuration to the following registry us-svl-registry.fyre.ibm.com/olm-mirror(Quay server). So I had already created the image set configuration and stored the credentials in /run/user/0/containers/auth.json & ~/.docker/config.json as a root user in bastion server. And while running the oc-mirror command I'm facing below issue,

The rendered catalog is invalid.

Run "oc-mirror list operators --catalog CATALOG-NAME --package PACKAGE-NAME" for more information.

error: error rendering new refs: render reference "registry.redhat.io/redhat/redhat-operator-index:v4.12": error resolving name : pulling from host registry.redhat.io failed with status code [manifests v4.12]: 401 Unauthorized

And I'm facing this issue only when creating OCP 4.12 cluster and for OCP 4.14, it works fine. Also I had followed this solution but it still didn't work for me. Can anyone help me on this issue?

cat /tmp/olm-manifests/airgap12t/imageset-config.yaml
kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig:
  registry:
    imageURL: us-svl-registry.fyre.ibm.com/olm-mirror
mirror:
  platform:
    channels:
    - name: stable-4.12
      type: ocp
    graph: false                                                     
  operators:
  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.12
    packages:
    - name: advanced-cluster-management
    - name: local-storage-operator
    - name: mcg-operator
    - name: multicluster-engine
    - name: ocs-operator
    - name: odf-csi-addons-operator
    - name: odf-multicluster-orchestrator
    - name: odf-operator
    - name: odr-cluster-operator
    - name: odr-hub-operator
    - name: openshift-cert-manager-operator
    - name: openshift-gitops-operator
    - name: redhat-oadp-operator
  additionalImages:
  - name: registry.redhat.io/ubi8/ubi:latest
  helm: {}

Attach the relevant portions of your .oc-mirror.log.

image

What did you expect to happen?

oc-mirror command needs to work properly and need to mirror all images to registry server

oc mirror --config=/tmp/olm-manifests/airgap12t/imageset-config.yaml docker://us-svl-registry.fyre.ibm.com/olm-mirror --max-per-registry=1 --skip-cleanup --ignore-history

Anything else we need to know?

I'm using podman

podman version
Client:       Podman Engine
Version:      4.9.4-rhel
API Version:  4.9.4-rhel
Go Version:   go1.21.7 (Red Hat 1.21.7-1.el9)
Built:        Mon Apr 15 05:33:08 2024
OS/Arch:      linux/amd64

References

Enter text here.