
Installing in a airgapped environment fails

Using the offline bundle I get the following:

# ./openshift-mirror-registry install -v

INFO[2021-08-27 11:36:08] Install has begun
DEBU[2021-08-27 11:36:08] Quay Image: quay.io/projectquay/quay
DEBU[2021-08-27 11:36:08] Redis Image: docker.io/centos/redis-5-centos8
DEBU[2021-08-27 11:36:08] Postgres Image: docker.io/centos/postgresql-10-centos8
INFO[2021-08-27 11:36:08] Found execution environment at /root/execution-environment.tar
INFO[2021-08-27 11:36:08] Loading execution environment from execution-environment.tar
Loaded image(s): quay.io/quay/openshift-mirror-registry-ee:latest
INFO[2021-08-27 11:36:20] Detected an installation to localhost
INFO[2021-08-27 11:36:20] Did not find SSH key in default location. Attempting to set up SSH keys.
INFO[2021-08-27 11:36:20] Generating SSH Key
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/quay_installer.
Your public key has been saved in /root/.ssh/quay_installer.pub.
The key fingerprint is:
SHA256:zM+84+cyYvaD4d5tEa65Gmd/1jjQ2Ho/gVeQdW4WBBw root@registry.lab.example.com
The key's randomart image is:
+---[RSA 2048]----+
|            .E+=o|
|             .o.o|
|               .+|
|       o    .  o.|
|        S  . =. .|
|        .+  =.oo |
|       ..o*o +.o.|
|        *=B++ *..|
|       +o=*X++ oo|
INFO[2021-08-27 11:36:21] Generated SSH Key at /root/.ssh/quay_installer
INFO[2021-08-27 11:36:21] Adding key to ~/.ssh/authorized_keys
INFO[2021-08-27 11:36:21] Successfully set up SSH keys
INFO[2021-08-27 11:36:21] Attempting to set SELinux rules on SSH key
INFO[2021-08-27 11:36:21] Found image archive at /root/image-archive.tar
INFO[2021-08-27 11:36:21] Detected an installation to localhost
INFO[2021-08-27 11:36:21] Loading image archive from /root/image-archive.tar
Loaded image(s): quay.io/projectquay/quay:latest,docker.io/centos/redis-5-centos8:latest,docker.io/centos/postgresql-10-centos8:latest
INFO[2021-08-27 11:38:27] Attempting to set SELinux rules on image archive
INFO[2021-08-27 11:38:27] Running install playbook. This may take some time. To see playbook output run the installer with -v (verbose) flag.
INFO[2021-08-27 11:38:27] Detected an installation to localhost
DEBU[2021-08-27 11:38:27] Running command: sudo podman run --rm --interactive --tty --workdir /runner/project --net host -v /root/image-archive.tar:/runner/image-archive.tar -v /root/.ssh/quay_installer:/runner/env/ssh_key -e RUNNER_OMIT_EVENTS=False -e RUNNER_ONLY_FAILED_EVENTS=False -e ANSIBLE_HOST_KEY_CHECKING=False -e ANSIBLE_CONFIG=/runner/project/ansible.cfg --quiet --name ansible_runner_instance quay.io/quay/openshift-mirror-registry-ee ansible-playbook -i root@localhost, --private-key /runner/env/ssh_key -e "init_password=nPTW9uZpb50hCzYU138A247VlM6xcNEy quay_image=quay.io/projectquay/quay redis_image=docker.io/centos/redis-5-centos8 postgres_image=docker.io/centos/postgresql-10-centos8 quay_hostname=localhost:8443 local_install=true" install_mirror_appliance.yml

PLAY [Install Mirror Appliance] *************************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************************
ok: [root@localhost]

TASK [mirror_appliance : Install Dependencies] **********************************************************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/install-deps.yaml for root@localhost

TASK [mirror_appliance : Installing Podman] *************************************************************************************************************************************************************************
ok: [root@localhost]

TASK [mirror_appliance : Add IP address of all hosts to all hosts] **************************************************************************************************************************************************
changed: [root@localhost]

TASK [mirror_appliance : Set SELinux Rules] *************************************************************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/set-selinux-rules.yaml for root@localhost

TASK [mirror_appliance : Set container_manage_cgroup flag on and keep it persistent across reboots] *****************************************************************************************************************
skipping: [root@localhost]

TASK [mirror_appliance : Create Podman Pod] *************************************************************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/create-podman-pod.yaml for root@localhost

TASK [mirror_appliance : Starting Pod with ports 80 and 443 exposed] ************************************************************************************************************************************************
fatal: [root@localhost]: FAILED! => {"changed": false, "msg": "Can't create pod quay-pod", "stderr": "time=\"2021-08-27T11:39:00+02:00\" level=warning msg=\"failed, retrying in 1s ... (1/3). Error: Error initializing source docker://registry.access.redhat.com/ubi8/pause:latest: error pinging docker registry registry.access.redhat.com: Get \\\"https://registry.access.redhat.com/v2/\\\": dial tcp connect: connection refused\"\ntime=\"2021-08-27T11:39:02+02:00\" level=warning msg=\"failed, retrying in 1s ... (2/3). Error: Error initializing source docker://registry.access.redhat.com/ubi8/pause:latest: error pinging docker registry registry.access.redhat.com: Get \\\"https://registry.access.redhat.com/v2/\\\": dial tcp connect: connection refused\"\ntime=\"2021-08-27T11:39:07+02:00\" level=warning msg=\"failed, retrying in 1s ... (3/3). Error: Error initializing source docker://registry.access.redhat.com/ubi8/pause:latest: error pinging docker registry registry.access.redhat.com: Get \\\"https://registry.access.redhat.com/v2/\\\": dial tcp connect: connection refused\"\ntime=\"2021-08-27T11:39:11+02:00\" level=error msg=\"Error freeing pod lock after failed creation: no such file or directory\"\nError: error adding Infra Container: error pulling infra-container image: Error initializing source docker://registry.access.redhat.com/ubi8/pause:latest: error pinging docker registry registry.access.redhat.com: Get \"https://registry.access.redhat.com/v2/\": dial tcp connect: connection refused\n", "stderr_lines": ["time=\"2021-08-27T11:39:00+02:00\" level=warning msg=\"failed, retrying in 1s ... (1/3). Error: Error initializing source docker://registry.access.redhat.com/ubi8/pause:latest: error pinging docker registry registry.access.redhat.com: Get \\\"https://registry.access.redhat.com/v2/\\\": dial tcp connect: connection refused\"", "time=\"2021-08-27T11:39:02+02:00\" level=warning msg=\"failed, retrying in 1s ... (2/3). Error: Error initializing source docker://registry.access.redhat.com/ubi8/pause:latest: error pinging docker registry registry.access.redhat.com: Get \\\"https://registry.access.redhat.com/v2/\\\": dial tcp connect: connection refused\"", "time=\"2021-08-27T11:39:07+02:00\" level=warning msg=\"failed, retrying in 1s ... (3/3). Error: Error initializing source docker://registry.access.redhat.com/ubi8/pause:latest: error pinging docker registry registry.access.redhat.com: Get \\\"https://registry.access.redhat.com/v2/\\\": dial tcp connect: connection refused\"", "time=\"2021-08-27T11:39:11+02:00\" level=error msg=\"Error freeing pod lock after failed creation: no such file or directory\"", "Error: error adding Infra Container: error pulling infra-container image: Error initializing source docker://registry.access.redhat.com/ubi8/pause:latest: error pinging docker registry registry.access.redhat.com: Get \"https://registry.access.redhat.com/v2/\": dial tcp connect: connection refused"], "stdout": "", "stdout_lines": []}

PLAY RECAP **********************************************************************************************************************************************************************************************************
root@localhost             : ok=6    changed=1    unreachable=0    failed=1    skipped=1    rescued=0    ignored=0

Me too.

I used the latest offline installer - v0.1.4. And after seeing this issue I decided to try again without any network access and it did not work. In the same step!

@opuk @tomazb I have encountered the same issue, this is because the registry.access.redhat.com/ubi8/pause:latest is missing from the image-archive.tar bundle. The workaround is to download the pause image to your offline environment before running the installer, for example:

podman save registry.access.redhat.com/ubi8/pause:latest > pause.tar
# Copy the pause.tar to your offline environment and run the following command to load the image
podman load -i pause.tar

I just created a PR and hopefully will fix this issue for later releases.

@opuk @tomazb @theodor2311 Can you provide some more information about the host the cli is being run on? The pause image shouldn't be needed. For CI we spin up a new RHEL8 host, drop the tarball on it, and then trigger install. See here for a recent run: https://github.com/quay/openshift-mirror-registry/runs/4488715365?check_suite_focus=true

It was quite some time ago since I tried it but I'm 99% sure it was on a rhel8 box registered to a Satellite.

@HammerMeetNail I am using RHEL8.4 and I believe the pause image is used at the podman pod creation.

The pause image is indeed used by podman pods.

@opuk @tomazb @theodor2311 Can everyone confirm which version of podman is being used? We were under the impression that the pause image comes included with podman 3. If it is included in version 3, would there be any objections to updating podman instead of adding the image to the offline archive?

If you're finding it's not included with podman 3, we can definitely include it in the archive.

I can confirm that RHEL8.4 with podman version 3.0.2-dev does not come with the pause image.

Thanks, we'll bundle the pause image into the archive.

We've pulled in a handful of changes in prep of 1.0 release. The pause image is now included in the master branch. Should have a new bundle out next week that includes everything. If you want to get a head start, feel free to build from source. Note that you will need to log into registry.access.redhat.com in order to pull images.

Here's the release, https://github.com/quay/openshift-mirror-registry/releases/tag/1.0.0-RC1

Expecting this to include everything in the 1.0 release. Most outstanding PRs have been merged.