Missing or incorrect pause image
Closed this issue ยท 10 comments
opuk commented
Related to #4
Installing the downstream offline bundle https://mirror.openshift.com/pub/openshift-v4/clients/mirror-registry/1.0/ fails when installing in an environment without Internet.
It tries to pull the image k8s.gcr.io/pause which is not one of the bundled images. It should probably use the ubi pause image instead that's already bundled, i.e registry.access.redhat.com/ubi8/pause
TASK [mirror_appliance : Starting Pod with ports 80 and 443 exposed] *************************************************************************
fatal: [root@localhost]: FAILED! => {"changed": false, "msg": "Can't create pod quay-pod", "stderr": "Error: repository name must have at least one component\n", "stderr_lines": ["Error: repository name must have at least one component"], "stdout": "initializing source docker://k8s.gcr.io/pause:3.5: pinging container registry k8s.gcr.io: Get "http://k8s.gcr.io/v2/\": dial tcp 173.194.73.82:80: i/o timeout\n", "stdout_lines": ["initializing source docker://k8s.gcr.io/pause:3.5: pinging container registry k8s.gcr.io: Get "http://k8s.gcr.io/v2/": dial tcp 173.194.73.82:80: i/o timeout"]}
HammerMeetNail commented
@opuk Can you provide more logs? What command was run to trigger install? The pause image should be used by default for all offline installs. Also curious what version of podman is installed?
yigitpolat commented
Same issue.
I was trying to install mirror-registry on top of RHEL VM in GCP VPC environment behind the firewall. I had to talk with the network admin to allow k8s.gcr.io URL.
It may require to a full image path definition in the playbook as follows: registry.access.redhat.com/ubi8/pause
pbertera commented
The mirror registry uses the image registry.access.redhat.com/ubi8/pause:latest.
the pod is created with podman pod create (see create-podman-pod.yaml ), without specifying the infra image, thus we pull the infra-image defined in containers.conf (see infra_image).
HammerMeetNail commented
Yep, awesome find. Looks like we need to make sure to add that to the task: https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_pod_module.html#parameter-infra_image
HammerMeetNail commented
@opuk @yigitpolat Can you try out the most recent RC and see if that resolves your issue? It includes the changes @pbertera added in #50
https://github.com/quay/mirror-registry/releases/tag/1.1.0-RC1
opuk commented
@opuk @yigitpolat Can you try out the most recent RC and see if that resolves your issue? It includes the changes @pbertera added in #50
https://github.com/quay/mirror-registry/releases/tag/1.1.0-RC1
This one works much better in my environment.
# ./mirror-registry install --quayHostname $(hostname -f) --initPassword $pwd
__ __
/ \ / \ ______ _ _ __ __ __
/ /\ / /\ \ / __ \ | | | | / \ \ \ / /
/ / / / \ \ | | | | | | | | / /\ \ \ /
\ \ \ \ / / | |__| | | |__| | / ____ \ | |
\ \/ \ \/ / \_ ___/ \____/ /_/ \_\ |_|
\__/ \__/ \ \__
\___\ by Red Hat
Build, Store, and Distribute your Containers
INFO[2022-03-03 08:42:52] Install has begun
INFO[2022-03-03 08:42:52] Found execution environment at /root/mirror-registry/execution-environment.tar
INFO[2022-03-03 08:42:52] Loading execution environment from execution-environment.tar
INFO[2022-03-03 08:43:04] Detected an installation to localhost
INFO[2022-03-03 08:43:04] Found SSH key at /root/.ssh/quay_installer
INFO[2022-03-03 08:43:04] Attempting to set SELinux rules on /root/.ssh/quay_installer
INFO[2022-03-03 08:43:04] Found image archive at /root/mirror-registry/image-archive.tar
INFO[2022-03-03 08:43:04] Detected an installation to localhost
INFO[2022-03-03 08:43:04] Unpacking image archive from /root/mirror-registry/image-archive.tar
INFO[2022-03-03 08:43:36] Loading pause image archive from pause.tar
INFO[2022-03-03 08:43:39] Loading redis image archive from redis.tar
INFO[2022-03-03 08:43:47] Loading postgres image archive from postgres.tar
INFO[2022-03-03 08:43:56] Loading Quay image archive from quay.tar
INFO[2022-03-03 08:44:37] Attempting to set SELinux rules on image archive
INFO[2022-03-03 08:44:37] Running install playbook. This may take some time. To see playbook output run the installer with -v (verbose) flag.
INFO[2022-03-03 08:44:37] Detected an installation to localhost
PLAY [Install Mirror Appliance] ***************************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************************************
ok: [root@localhost]
TASK [mirror_appliance : Install Dependencies] ************************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/install-deps.yaml for root@localhost
TASK [mirror_appliance : Add IP address of all hosts to all hosts] ****************************************************************************************************************
ok: [root@localhost]
TASK [mirror_appliance : Set SELinux Rules] ***************************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/set-selinux-rules.yaml for root@localhost
TASK [mirror_appliance : Set container_manage_cgroup flag on and keep it persistent across reboots] *******************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Install Quay Pod Service] ********************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/install-pod-service.yaml for root@localhost
TASK [mirror_appliance : Copy Quay Pod systemd service file] **********************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Check if pod pause image is loaded] **********************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Pull Infra image] ****************************************************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Start Quay Pod service] **********************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Autodetect Image Archive] ********************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/autodetect-image-archive.yaml for root@localhost
TASK [mirror_appliance : Checking for Image Archive] ******************************************************************************************************************************
ok: [root@localhost -> localhost]
TASK [mirror_appliance : Create install directory for image-archive.tar dest] *****************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Copy Images if /runner/image-archive.tar exists] *********************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Unpack Images if /runner/image-archive.tar exists] *******************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Loading Redis if redis.tar exists] ***********************************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Loading Quay if quay.tar exists] *************************************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Loading Postgres if postgres.tar exists] *****************************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Install Postgres Service] ********************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/install-postgres-service.yaml for root@localhost
TASK [mirror_appliance : Create necessary directory for Postgres persistent data] *************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Set permissions on data directory] ***********************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Copy Postgres systemd service file] **********************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Check if Postgres image is loaded] ***********************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Pull Postgres image] *************************************************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Start Postgres service] **********************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Wait for pg_trgm to be installed] ************************************************************************************************************************
FAILED - RETRYING: Wait for pg_trgm to be installed (20 retries left).
changed: [root@localhost]
TASK [mirror_appliance : Install Redis Service] ***********************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/install-redis-service.yaml for root@localhost
TASK [mirror_appliance : Copy Redis systemd service file] *************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Check if Redis image is loaded] **************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Pull Redis image] ****************************************************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Start Redis service] *************************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Install Quay Service] ************************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/install-quay-service.yaml for root@localhost
TASK [mirror_appliance : Create necessary directory for Quay local storage] *******************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Create necessary directory for Quay config bundle] *******************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Set permissions on local storage directory] **************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Copy Quay config.yaml file] ******************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Check if SSL Cert exists] ********************************************************************************************************************************
ok: [root@localhost -> localhost]
TASK [mirror_appliance : Check if SSL Key exists] *********************************************************************************************************************************
ok: [root@localhost -> localhost]
TASK [mirror_appliance : Create necessary directory for Quay rootCA files] ********************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Create OpenSSL Config] ***********************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Create root CA key] **************************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Create root CA pem] **************************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Create ssl key] ******************************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Create CSR] **********************************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Create self-signed cert] *********************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Create chain cert] ***************************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Replace ssl cert with chain cert] ************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Copy SSL certificate] ************************************************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Copy SSL key] ********************************************************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Set permissions for key] *********************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Set permissions for cert] ********************************************************************************************************************************
ok: [root@localhost]
TASK [mirror_appliance : Copy Quay systemd service file] **************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Check if Quay image is loaded] ***************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Pull Quay image] *****************************************************************************************************************************************
skipping: [root@localhost]
TASK [mirror_appliance : Start Quay service] **************************************************************************************************************************************
changed: [root@localhost]
TASK [mirror_appliance : Wait for Quay] *******************************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/wait-for-quay.yaml for root@localhost
TASK [mirror_appliance : Waiting up to 3 minutes for Quay to become alive at https://registry.lab.example.com:8443/health/instance] ***************************************************
FAILED - RETRYING: Waiting up to 3 minutes for Quay to become alive at https://registry.lab.example.com:8443/health/instance (10 retries left).
ok: [root@localhost]
TASK [mirror_appliance : Create init user] ****************************************************************************************************************************************
included: /runner/project/roles/mirror_appliance/tasks/create-init-user.yaml for root@localhost
TASK [mirror_appliance : Creating init user at endpoint https://registry.lab.example.com:8443/api/v1/user/initialize] *****************************************************************
ok: [root@localhost]
PLAY RECAP ************************************************************************************************************************************************************************
root@localhost : ok=47 changed=30 unreachable=0 failed=0 skipped=12 rescued=0 ignored=0
INFO[2022-03-03 08:45:54] Quay installed successfully, permanent data are stored in /etc/quay-install
# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.redhat.io/quay/quay-rhel8 v3.6.1 4c536f372bcb 2 minutes ago 1.04 GB
registry.redhat.io/rhel8/postgresql-10 1-161 a6dfbb8355ce 2 minutes ago 435 MB
registry.redhat.io/rhel8/redis-6 1-25 de95c247466c 2 minutes ago 273 MB
registry.access.redhat.com/ubi8/pause latest dd50cd26290f 2 minutes ago 3.47 MB
quay.io/quay/mirror-registry-ee latest e019c661ba40 3 minutes ago 398 MB
yigitpolat commented
@HammerMeetNail I cannot test it as the environment does not have access to GitHub.
When do you think it will be avalable on mirror.openshift.com?
HammerMeetNail commented
@yigitpolat The downstream release is currently scheduled for 2022-03-17.
yigitpolat commented
@HammerMeetNail wanted to let you know, it works. Thanks.