Installing airgapped fails when setting --quayRoot to non-default
pdfruth opened this issue · 5 comments
I have downloaded offline tarball for release 1.0.0-RC2 from;
https://github.com/quay/openshift-mirror-registry/releases/download/1.0.0-RC2/openshift-mirror-registry-offline.tar.gz
Installation to a non-default --quayRoot location fails as follows;
sudo ./openshift-mirror-registry install --initPassword=passw0rd --targetHostname=installer.internal.net --ssh-key=/root/.ssh/id_rsa --quayRoot=/opt/registry/quay-install --sslCert=/home/ibmdemo/setup-quay-mirror-registry/mirror-registry.crt --sslKey=/home/ibmdemo/setup-quay-mirror-registry/mirror-registry.key --verbose
__ __
/ \ / \ ______ _ _ __ __ __
/ /\ / /\ \ / __ \ | | | | / \ \ \ / /
/ / / / \ \ | | | | | | | | / /\ \ \ /
\ \ \ \ / / | |__| | | |__| | / ____ \ | |
\ \/ \ \/ / \_ ___/ \____/ /_/ \_\ |_|
\__/ \__/ \ \__
\___\ by Red Hat
Build, Store, and Distribute your Containers
INFO[2022-01-01 23:49:42] Install has begun
DEBU[2022-01-01 23:49:42] Ansible Execution Environment Image: quay.io/quay/openshift-mirror-registry-ee:latest
DEBU[2022-01-01 23:49:42] Redis Image: registry.access.redhat.com/ubi8/pause:latest
DEBU[2022-01-01 23:49:42] Quay Image: registry.redhat.io/quay/quay-rhel8:v3.6.1
DEBU[2022-01-01 23:49:42] Redis Image: registry.redhat.io/rhel8/redis-6:1-25
DEBU[2022-01-01 23:49:42] Postgres Image: registry.redhat.io/rhel8/postgresql-10:1-161
INFO[2022-01-01 23:49:42] Found execution environment at /home/ibmdemo/setup-quay-mirror-registry/execution-environment.tar
INFO[2022-01-01 23:49:42] Loading execution environment from execution-environment.tar
DEBU[2022-01-01 23:49:42] Importing execution enviornment with command: /bin/bash -c sudo /usr/bin/podman image import \
--change 'ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
--change 'ENV HOME=/home/runner' \
--change 'ENV container=oci' \
--change 'ENTRYPOINT=["entrypoint"]' \
--change 'WORKDIR=/runner' \
--change 'EXPOSE=6379' \
--change 'VOLUME=/runner' \
--change 'CMD ["ansible-runner", "run", "/runner"]' \
- quay.io/quay/openshift-mirror-registry-ee:latest < /home/ibmdemo/setup-quay-mirror-registry/execution-environment.tar
Getting image source signatures
Copying blob 0ae606e5d5d2 skipped: already exists
Copying config c852b7f2d0 done
Writing manifest to image destination
Storing signatures
sha256:c852b7f2d05f6c3743b03363aab7f69653ba12fde2fa66f7dca9b01710f794d7
INFO[2022-01-01 23:49:45] Loading SSL certificate file /home/ibmdemo/setup-quay-mirror-registry/mirror-registry.crt
INFO[2022-01-01 23:49:45] Loading SSL key file /home/ibmdemo/setup-quay-mirror-registry/mirror-registry.key
INFO[2022-01-01 23:49:45] SSL certificate check succeeded
INFO[2022-01-01 23:49:45] Attempting to set SELinux rules on /home/ibmdemo/setup-quay-mirror-registry/mirror-registry.crt
chcon: can't apply partial context to unlabeled file '/home/ibmdemo/setup-quay-mirror-registry/mirror-registry.crt'
WARN[2022-01-01 23:49:45] Could not set SELinux rule. If your system does not have SELinux enabled, you may ignore this.
INFO[2022-01-01 23:49:45] Attempting to set SELinux rules on /home/ibmdemo/setup-quay-mirror-registry/mirror-registry.key
chcon: can't apply partial context to unlabeled file '/home/ibmdemo/setup-quay-mirror-registry/mirror-registry.key'
WARN[2022-01-01 23:49:45] Could not set SELinux rule. If your system does not have SELinux enabled, you may ignore this.
INFO[2022-01-01 23:49:45] Found SSH key at /root/.ssh/id_rsa
INFO[2022-01-01 23:49:45] Attempting to set SELinux rules on /root/.ssh/id_rsa
chcon: can't apply partial context to unlabeled file '/root/.ssh/id_rsa'
WARN[2022-01-01 23:49:45] Could not set SELinux rule. If your system does not have SELinux enabled, you may ignore this.
INFO[2022-01-01 23:49:45] Found image archive at /home/ibmdemo/setup-quay-mirror-registry/image-archive.tar
INFO[2022-01-01 23:49:45] Attempting to set SELinux rules on image archive
chcon: can't apply partial context to unlabeled file '/home/ibmdemo/setup-quay-mirror-registry/image-archive.tar'
WARN[2022-01-01 23:49:45] Could not set SELinux rule. If your system does not have SELinux enabled, you may ignore this.
INFO[2022-01-01 23:49:45] Running install playbook. This may take some time. To see playbook output run the installer with -v (verbose) flag.
DEBU[2022-01-01 23:49:45] Running command: sudo podman run --rm --interactive --tty --workdir /runner/project --net host -v /home/ibmdemo/setup-quay-mirror-registry/image-archive.tar:/runner/image-archive.tar -v /home/ibmdemo/setup-quay-mirror-registry/mirror-registry.crt:/runner/certs/quay.cert:Z -v /home/ibmdemo/setup-quay-mirror-registry/mirror-registry.key:/runner/certs/quay.key:Z -v /root/.ssh/id_rsa:/runner/env/ssh_key -e RUNNER_OMIT_EVENTS=False -e RUNNER_ONLY_FAILED_EVENTS=False -e ANSIBLE_HOST_KEY_CHECKING=False -e ANSIBLE_CONFIG=/runner/project/ansible.cfg --quiet --name ansible_runner_instance quay.io/quay/openshift-mirror-registry-ee ansible-playbook -i root@installer.internal.net, --private-key /runner/env/ssh_key -e "init_password=passw0rd quay_image=registry.redhat.io/quay/quay-rhel8:v3.6.1 redis_image=registry.redhat.io/rhel8/redis-6:1-25 postgres_image=registry.redhat.io/rhel8/postgresql-10:1-161 quay_hostname=installer.internal.net:8443 local_install=false quay_root=/opt/registry/quay-install" install_mirror_appliance.yml
PLAY [Install Mirror Appliance] ***************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************************
ok: [root@installer.internal.net]
TASK [mirror_appliance : Install Dependencies] ************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/install-deps.yaml for root@installer.internal.net
TASK [mirror_appliance : Add IP address of all hosts to all hosts] ****************************************************************************************************
ok: [root@installer.internal.net]
TASK [mirror_appliance : Set SELinux Rules] ***************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/set-selinux-rules.yaml for root@installer.internal.net
TASK [mirror_appliance : Set container_manage_cgroup flag on and keep it persistent across reboots] *******************************************************************
skipping: [root@installer.internal.net]
TASK [mirror_appliance : Create Podman Pod] ***************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/create-podman-pod.yaml for root@installer.internal.net
TASK [mirror_appliance : Starting Pod with ports 80 and 443 exposed] **************************************************************************************************
changed: [root@installer.internal.net]
TASK [mirror_appliance : Autodetect Image Archive] ********************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/autodetect-image-archive.yaml for root@installer.internal.net
TASK [mirror_appliance : Checking for Image Archive] ******************************************************************************************************************
ok: [root@installer.internal.net -> localhost]
TASK [mirror_appliance : Create install directory for image-archive.tar dest] *****************************************************************************************
changed: [root@installer.internal.net]
TASK [mirror_appliance : Copy Images if /runner/image-archive.tar exists] *********************************************************************************************
changed: [root@installer.internal.net]
TASK [mirror_appliance : Unpack Images if /runner/image-archive.tar exists] *******************************************************************************************
changed: [root@installer.internal.net]
TASK [mirror_appliance : Loading Redis if redis.tar exists] ***********************************************************************************************************
fatal: [root@installer.internal.net]: FAILED! => {"changed": true, "cmd": "podman image import --change 'ENV PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' --change 'ENV container=oci' --change 'ENV STI_SCRIPTS_URL=image:///usr/libexec/s2i' --change 'ENV STI_SCRIPTS_PATH=/usr/libexec/s2i' --change 'ENV APP_ROOT=/opt/app-root' --change 'ENV HOME=/var/lib/redis' --change 'ENV PLATFORM=el8' --change 'ENV REDIS_VERSION=6' --change 'ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/redis' --change 'ENV REDIS_PREFIX=/usr' --change 'ENTRYPOINT=[\"container-entrypoint\"]' --change 'USER=1001' --change 'WORKDIR=/opt/app-root/src' --change 'EXPOSE=6379' --change 'VOLUME=/var/lib/redis/data' --change 'CMD [\"run-redis\"]' - registry.redhat.io/rhel8/redis-6:1-25 < /etc/quay-install/redis.tar", "delta": "0:00:00.003741", "end": "2022-01-01 23:51:45.598822", "msg": "non-zero return code", "rc": 1, "start": "2022-01-01 23:51:45.595081", "stderr": "/bin/sh: /etc/quay-install/redis.tar: No such file or directory", "stderr_lines": ["/bin/sh: /etc/quay-install/redis.tar: No such file or directory"], "stdout": "", "stdout_lines": []}
PLAY RECAP ************************************************************************************************************************************************************
root@installer.internal.net : ok=11 changed=4 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
ERRO[2022-01-01 23:51:45] An error occurred: exit status 2
A hint if it helps...
I was able to fix the problem by making a simple change to the following file inside of execution-environment.tar;
./runner/project/roles/mirror_appliance/tasks/autodetect-image-archive.yaml
I changed all [3] occurrences of /etc/quay-install
to {{ quay_root }}
I think our internal QE team caught this recently too. It should work with local install, issue is exclusively with the remote install.
We'll have a fix out this week. Thanks for raising the issue.
We've merged in a fix - expecting to have a new RC out in the next day or so
Give this new RC a shot and let us know if you have any issues https://github.com/quay/openshift-mirror-registry/releases/tag/1.0.0-RC3
I can confirm that the changes in RC3 work as expected