Getting unauthorized error while mirroring the images to the registry which is not supported the deep nested repository configuration beyond a level in RHOCP4

Environment

• Red Hat OpenShift Container Platform 4

Issue

• Mirroring is failing with unauthorized error to the registry where its not supporting deep nested repository path beyond a level.
• Not seeing alternative of --max-components argument which is available in oc adm mirror in oc-mirror.

Resolution

• The option to restrict the number of nested repository path is included in the oc-mirror version 4.12.20 by using the argument --max-nested-paths.
• This issue is tracked with the This content is not included.bug and back ported to oc-mirror 4.12.20 version.

Root Cause

• Some of the registry is not supported deep nested repository configuration beyond a level.
• The option to restrict the repository count in the destination registry was not included initially with oc-mirror binary.

Diagnostic Steps

• Confirm that the destination registry is having any restriction on deep nested repository count. It could be possible to find from registry vendor.
• Execute the oc mirror command.
• Check for below error even though the credentials are valid and this error could be the result if the destination registry is not supported nesting beyond 3 levels deep in this example ( in the output its 4 ).

error: unable to upload blob sha256:11400f2a488cbd05d1f3bb69dce440fecabff7407c8b639fbe8044bfa4dcc101 to registry.xxx.yyy/zzz/xxx/yyyy/openshift4/ose-local-storage-diskmaker: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.