Comments (6)
The exact error is happening when oc-bundle
is trying to pull down the index image to create the diff. Looks like the resolver is not exported for the registry. We would just need that exported so we can set the resolver options with the credentials we want.
https://github.com/estroz/operator-registry/blob/1787329c541ff5c4533d680df5f208805eee93ea/pkg/image/containerdregistry/registry.go#L50. @afflom @estroz FYSA.
from oc-mirror.
Pull secret seems to be ignored when pulling operators when it's only defined under "ocp" and not the operator definition. Using "create full".
apiVersion: tmp-redhatgov.com/v1alpha1
kind: ImageSetConfiguration
mirror:
ocp:
channels:
- name: stable-4.8
graph: true
pullSecret: '{"auths":{"cloud.openshift.com":{"auth":"...."}}}'
operators:
- catalog: registry.redhat.io/redhat/redhat-operator-index:v4.8
headsOnly: true
Which results in this:
Success
Update image: openshift/release:4.8.5-x86_64
To upload local images to a registry, run:
oc image mirror --from-dir=ocbundle-data/src 'file://openshift/release:4.8.5-x86_64*' REGISTRY/REPOSITORY
INFO Channel Latest version 4.8.5
INFO trying next host error=failed to authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized host=registry.redhat.io
FATAL error generating diff: error rendering new refs: render reference "registry.redhat.io/redhat/redhat-operator-index:v4.8": error resolving name : failed to authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized
Using the secret's authentication, I can pull the image successful using podman.
from oc-mirror.
@bit4man , you are correct. Each operator catalog take it's own pull secret value, but you also have the option to just put all of your pulll secrets in your .docker/config.json. If a pull secret value is not provided with the operator catalog in the config, it will just default to that file.
from oc-mirror.
@bit4man , you are correct. Each operator catalog take it's own pull secret value, but you also have the option to just put all of your pulll secrets in your .docker/config.json. If a pull secret value is not provided with the operator catalog in the config, it will just default to that file.
@jpower432 Unfortunately, I get the same error when I put the pullSecret in the operator catalog entry.
from oc-mirror.
@bit4man , you are correct. Each operator catalog take it's own pull secret value, but you also have the option to just put all of your pulll secrets in your .docker/config.json. If a pull secret value is not provided with the operator catalog in the config, it will just default to that file.
@jpower432 Unfortunately, I get the same error when I put the pullSecret in the operator catalog entry.
@bit4man if you put your pull secret in your config.json, the error will go away. This ticket is actually capturing the issue you are seeing. When the catalog diff data is generated it uses a docker resolver that we are not passing credentials to because it is unexported. Thank you for adding more information about the error, by the way. That is very helpful in explaining what is happening. :)
from oc-mirror.
Using .docker/config.json
will have to suffice until the operator download code from operator-registry allows for configured credentials. My suggestion going forward is: keep the secrets out of the config file and allow for a separate auth-file reference when our operator-registry import allows.
from oc-mirror.
Related Issues (20)
- Add options to set temporary directory HOT 9
- RFE Ability to alter the path of the oc-mirror stateful image on push HOT 4
- Rendering catalog image processing results in 403 forbidden status code from registry using read/write access control HOT 4
- Using oc-mirror with headsonly fails digest errors referring to article #6138332 HOT 6
- targetCatalog with OCI source catalog results in error: unable to parse reference oci://<targetCatalog> HOT 2
- Disconnected install - skip-tls not respected? HOT 5
- Error redhat-operator-index is an OCI File Based Container: OriginalRef field is mandatory HOT 4
- RFE The resulted ICSP should contain details for all operators not just for newly added HOT 9
- oc-mirror doesn't pull latest version in channel after removing maxversion/minversion HOT 4
- oc mirror from imagesets failed to build catalog image HOT 4
- "could not parse reference:" Error while Mirroring an image set to a mirror registry using oc-mirror HOT 4
- "oc-mirror version" command complaints about read-only file system
- oc-mirror unexpectedly deletes images from the registry (or from the generated index if we use the --skip-pruning option to avoid deletion of images from the registry) HOT 3
- Each output starts with "Logging to .oc-mirror.log" HOT 1
- Allow oc mirror without default channel in imagesetconfiguration HOT 6
- oc mirror very slow, failure prone / inconsistent on bandwidth constrained network HOT 11
- oc-mirror does not account for umask restrictions on host machine HOT 3
- oc-mirror v2 itms missing HOT 1
- Mirroring fails when minVersion or maxVersion removed from config. HOT 2
- How can community members best engage with Red Hat Product/Engineering in this repo? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oc-mirror.