Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable content trust in admiral does not work if you have whitelist enabled already #6258

Open
mhagen-vmware opened this issue Sep 8, 2017 · 3 comments
Open

Enable content trust in admiral does not work if you have whitelist enabled already #6258

mhagen-vmware opened this issue Sep 8, 2017 · 3 comments
Labels
kind/defect Behavior that is inconsistent with what's intended priority/p2

Comments

@mhagen-vmware
Copy link
Contributor

If you install a VCH with a whiltelist enabled already (docker hub):

./vic-machine-linux create --no-tlsverify --target x.x.x.x --user administrator@vsphere.local --password xxx --name default-vch --public-network /ha-datacenter/network/vm-network --bridge-network /ha-datacenter/network/bridge --compute-resource /ha-datacenter/host/cls/Resources --image-store datastore1 --thumbprint BA:22:27:2E:AC:B1:5A:52:DC:0F:07:DF:37:70:21:69:8F:2D:89:F0 --registry-ca ca.crt --whitelist-registry registry.hub.docker.com

Then enable content trust within admiral, the whitelist will not be changed and you can never add harbor as a whitelisted registry:

Sep  8 2017 19:17:41.117Z WARN  error getting config from source: config not modified
Sep  8 2017 19:17:41.117Z ERROR error updating config: whitelist merge allows entries that are not in the original whitelist
@mhagen-vmware mhagen-vmware added kind/defect Behavior that is inconsistent with what's intended priority/p2 labels Sep 8, 2017
@mdubya66 mdubya66 added the impact/doc/note Requires creation of or changes to an official release note label Sep 8, 2017
@stuclem
Copy link
Contributor

stuclem commented Sep 12, 2017

Attempted release note:

  • Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
    If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

@mhagen-vmware is this OK?

@stuclem stuclem mentioned this issue Sep 12, 2017
Closed
@mhagen-vmware
Copy link
Contributor Author

LGTM

@mhagen-vmware mhagen-vmware mentioned this issue Sep 12, 2017
Closed
@stuclem
Copy link
Contributor

stuclem commented Sep 12, 2017

Thanks @mhagen-vmware

@stuclem stuclem removed the impact/doc/note Requires creation of or changes to an official release note label Sep 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/defect Behavior that is inconsistent with what's intended priority/p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mdubya66 @stuclem @mhagen-vmware