Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pullSecret issue in OKD4 docs #264

Closed
timhughes opened this issue Jul 16, 2020 · 17 comments
Closed

pullSecret issue in OKD4 docs #264

timhughes opened this issue Jul 16, 2020 · 17 comments
Labels
triage/needs-information Indicates an issue needs more information in order to work on it.

Comments

@timhughes
Copy link

Describe the bug
[Documentation]

I just saw that OKD4 has been released GA and was having a go at installing it.

https://www.openshift.com/blog/okd4-is-now-generally-available

I have got to the install-config.yaml part and the docs at https://docs.okd.io/latest/installing/installing_bare_metal/installing-bare-metal.html#installation-bare-metal-config-yaml_installing-bare-metal have a spot for a pullSecret but the announcement on https://www.openshift.com/blog/okd4-is-now-generally-available say that a pullSecret is not required. I have tried setting it to false and removing all together and several other idea but they all were causing an error.

With pullSecret set to empty string

openshift-install create manifests --dir=ignition
FATAL failed to fetch Master Machines: failed to load asset "Install Config": invalid "install-config.yaml" file: pullSecret: Invalid value: "": unexpected end of JSON input

With pullSecret set to false

openshift-install create manifests --dir=ignition
FATAL failed to fetch Master Machines: failed to load asset "Install Config": invalid "install-config.yaml" file: pullSecret: Invalid value: "false": json: cannot unmarshal bool into Go value of type validate.imagePullSecret

Eventually found in the restricted docs '{"auths":{"xxxxxxx": {"auth": "xxxxxx","email": "xxxxxx"}}}'

Which allows the ignition files to compile.

The announcement says the following so I am guessing that there is a correct way and the docs haven't caught up yet.

As a community distribution it does not require a pull secret from https://openshift.com/try. All OKD4 images are available without additional authentication.
@vrutkovs vrutkovs mentioned this issue Jul 16, 2020
Closed
@vrutkovs
Copy link
Member

Right, previously it has been tracked in #182.

Ideally the installer would automatically set a dummy pull secret if its not set, the issue is that its a pretty large change and we had issues during periodic rebase. Hopefully that would be solved in 4.6

It appears we need a:

  • pull request to docs to update the wording
  • installer pull-request to autosubstitute the pull secret
  • faq entry?

@vrutkovs vrutkovs added the triage/needs-information Indicates an issue needs more information in order to work on it. label Jul 16, 2020
@anjannath anjannath mentioned this issue Jul 22, 2020
Closed
@jkassis
Copy link

jkassis commented Jul 28, 2020

image

@fager
Copy link

fager commented Aug 17, 2020

I got the same build-errors with the fake-pull-secret.

OKD Version: 4.5.0-0.okd-2020-08-12-020541
Fake-Pull-Secret used from okd/README.md
openshift/php ImageStream changed to https://raw.githubusercontent.com/openshift/library/master/community/php/imagestreams/php-centos7.json because images where not synced from the registy.

Error like mentioned by @jkassis and shown in the attachment

Logfile and BuildConfig:
cotd-2-2.log
buildconfig-cotd-2.yaml.txt

@anjannath
Copy link

@jkandasa @fager Can you try this dummy pull secret instead of the one mentioned in the readme, this should make the validation happy

{"auths":{"fake":{"auth": "Zm9vOmJhcgo="}}}

@cgruver
Copy link

cgruver commented Oct 6, 2020

I can vouch for that as well. I had to do that for my OKD disconnected install to mirror, as well as for the OKD CRC build.

It's looking for valid base64 that is can parse in the form of user:password.

@openshift-bot
Copy link

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 4, 2021
@Reamer Reamer mentioned this issue Jan 21, 2021
Closed
@openshift-bot
Copy link

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

@openshift-ci-robot openshift-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Feb 3, 2021
@robertoyoc
Copy link

@jkandasa @fager Can you try this dummy pull secret instead of the one mentioned in the readme, this should make the validation happy

{"auths":{"fake":{"auth": "Zm9vOmJhcgo="}}}

@vrutkovs Maybe adding this workaround somewhere in the documentation? It says pull secret its optional but it doesnt' specify how to avoid its validation when installing.

@vrutkovs
Copy link
Member

We have it mentioned in https://github.com/openshift/okd#getting-started. I don't think its worth updating docs.okd.io when its clearly a bug

@Reamer
Copy link
Contributor

Reamer commented Mar 23, 2021

I have encountered the following error more than three times now. Because the command oc fails, Podman is used to extract the image.
Sometimes Podman fails and with it the whole update (Latest Podman error #566).
Changing the auth to a parsable structure solves this problem. We should document a parsable dummy authentication.

I0128 13:27:36.063700  353146 run.go:18] Running: nice -- ionice -c 3 oc image extract --path /:/run/mco-machine-os-content/os-content-063878889 --registry-config /var/lib/kubelet/config.json quay.io/openshift/okd-content@sha256:95034a94e28949af41a53b9efb2fbb0651454a7c37bab002b0646e73c4721829
error: unable to load --registry-config: error occurred while trying to unmarshal json
W0128 13:27:36.360277  353146 run.go:44] nice failed: running nice -- ionice -c 3 oc image extract --path /:/run/mco-machine-os-content/os-content-063878889 --registry-config /var/lib/kubelet/config.json quay.io/openshift/okd-content@sha256:95034a94e28949af41a53b9efb2fbb0651454a7c37bab002b0646e73c4721829 failed: error: unable to load --registry-config: error occurred while trying to unmarshal json

@Reamer
Copy link
Contributor

Reamer commented Mar 23, 2021

/remove-lifecycle rotten

@openshift-ci-robot openshift-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Mar 23, 2021
@Reamer Reamer mentioned this issue Mar 30, 2021
Merged
@Reamer
Copy link
Contributor

Reamer commented Mar 30, 2021

/close

@openshift-ci-robot
Copy link

@Reamer: You can't close an active issue/PR unless you authored it or you are a collaborator.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@vrutkovs
Copy link
Member

All docs updated to use valid pull secret

@andreaskaris
Copy link

Sorry for reopening this, but ...

I do not know which docs were updated, but clearly not this page:
https://docs.okd.io/latest/installing/installing_aws/installing-aws-default.html

Nor anything else in docs.okd.io

I'm reopening this because I'd expect that any installation related documentation should also mention

You will also be prompted for a pull-secret that will be made available to all of of your machines - for OKD4 you should either paste the pull-secret you use for your registry, or paste {"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}} to bypass the required value check (see bug #182).

Or that it should clearly point non-RH registered users to a decent way to obtain a pull-secret.

Or how else are non-RH customers supposed to get a valid pull-secret?

@andreaskaris andreaskaris mentioned this issue May 7, 2021
Closed
@fossxplorer
Copy link

@andreaskaris
You can create an account for free and obtain the pull secret.

@andreaskaris
Copy link

@fossxplorer It's o.k., there really was an issue in our docs and it was fixed with #627

binnes pushed a commit to binnes/okd that referenced this issue Jul 11, 2023
@travier
docs/index: Update Slack channel & mailing list links (okd-project#264)
f894622 
* docs/index: Remove "Review our Apache 2 license"

The license is already mentionned elsewhere and not primarily relevant
as a first step for new users to get started.

* docs/index: Update Slack channel & mailing list links
binnes added a commit to binnes/okd that referenced this issue Jul 11, 2023
@binnes @travier
@brianinnes @JaimeMagiera @LuminousCoder
Tooling update and subgroup menu change + misc fixes (okd-project#275)
d7e49b5 
* update (okd-project#5)

* docs/index: Update Slack channel & mailing list links (okd-project#264)

* docs/index: Remove "Review our Apache 2 license"

The license is already mentionned elsewhere and not primarily relevant
as a first step for new users to get started.

* docs/index: Update Slack channel & mailing list links

* add Charter  (okd-project#265)

* add link to ignore file to overcome 403 return code (okd-project#254) (okd-project#3)

* ignore link to https://medium.com/@casonadams/edgerouter-x-adguardhome-b9d453f5725b as site returns 403

Signed-off-by: Brian Innes <binnes@uk.ibm.com>

Co-authored-by: Brian Innes <brian@binnes.me.uk>

Co-authored-by: Brian Innes <brian@binnes.me.uk>

* added Charter + mkdoc fixes

Co-authored-by: Brian Innes <brian@binnes.me.uk>
Co-authored-by: Brian Innes <brianinnes@users.noreply.github.com>

* added meeting minutes

* fixed location

* fixed affilations

* adding minutes to menu and re-arranging

* cleaning up minutes

* explicit link

* updated mkdocs.yaml

* exclude minutes from spell checking

* replace dead link for Faros

* Color accessibility tweaks (okd-project#271)

* Test commit

* Revert "Test commit"

This reverts commit bc8bd34bbf5308c6533ee05a72d30746910e04ca.

* Updating copyright

* Style updates

* More color adjustments

* Padding tweaks on homepage

* Linear gradient for sidebar navs

* Admonition bg color update

* Code typography color tweak

Co-authored-by: Timothée Ravier <tim@siosm.fr>
Co-authored-by: Brian Innes <brian@binnes.me.uk>
Co-authored-by: Brian Innes <brianinnes@users.noreply.github.com>
Co-authored-by: Cloud User <ec2-user@kashmir.emergentcommunitysystems.com>
Co-authored-by: Jaime Magiera <39681031+JaimeMagiera@users.noreply.github.com>
Co-authored-by: Jaime Magiera <jaimelm@umich.edu>
Co-authored-by: LuminousCoder <brandon@luminouscoder.com>

* fix typo

* additional technical content

* update tooling versions

* Update requirements.txt

reduce version as github runner doesn't appear to be up to date with available releases

* Update main.yml

switch to fedora container

Co-authored-by: Timothée Ravier <tim@siosm.fr>
Co-authored-by: Brian Innes <brian@binnes.me.uk>
Co-authored-by: Brian Innes <brianinnes@users.noreply.github.com>
Co-authored-by: Cloud User <ec2-user@kashmir.emergentcommunitysystems.com>
Co-authored-by: Jaime Magiera <39681031+JaimeMagiera@users.noreply.github.com>
Co-authored-by: Jaime Magiera <jaimelm@umich.edu>
Co-authored-by: LuminousCoder <brandon@luminouscoder.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage/needs-information Indicates an issue needs more information in order to work on it.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests