Failed to mirror OpenShift image repository when private registry is insecure

Solution Verified - Updated

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4.X

Issue

  • Unable to install or upgrade OpenShift Container Platform due to failure in mirroring the OpenShift image registry.

  • oc client fails to mirror the OpenShift image repository to use during cluster installation or upgrade in disconnected environment with error:

error: unable to connect to X.X.X.X:5000/ocp4/openshift4: Get https://X.X.X.X:5000/v2/: http: server gave HTTP response to HTTPS client
  • How to mirror images to an insecure registry?

Resolution

  • If the mirror registry is insecure, then flag --insecure=true needs to be used:
# oc adm -a ${LOCAL_SECRET_JSON} release mirror      --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}      --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}      --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE} --insecure=true

Diagnostic Steps

  • Mirroring the images to insecure registry using below command throws error:
# oc adm -a ${LOCAL_SECRET_JSON} release mirror      --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}      --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}      --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}
info: Mirroring 99 images to X.X.X.X:5000/ocp4/openshift4 ...

error: unable to connect to X.X.X.X:5000/ocp4/openshift4: Get https://X.X.X.X:5000/v2/: http: server gave HTTP response to HTTPS client
error: unable to connect to X.X.X.X:5000/ocp4/openshift4: Get https://X.X.X.X:5000/v2/: http: server gave HTTP response to HTTPS client
...
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.