ibm-mas
DRO task oddities
DRO task sets redhat-marketplace-pull-secret value to be ibm-entitlement key. Can't be right. At least its complaining "failed to unmarshal secret: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type v1.Secret'"
Another problem with this forced Red Hat Marketplace setup is, check the image. Why is it forced whenits not available everywhere.
@jalepisto can u provide logs from the ansible tasks? i would like to see at what step this error occurs. also can you confirm the IBM entitlement key used here was of the correct format without any whitespaces?
If you get the key from either (must me logged in)
https://swc.saas.ibm.com/en-us/redhat-marketplace/account/keys
https://swc.saas.ibm.com/en-us/software-central/account/keys
Create it as name: redhat-marketplace-pull-secret
If you get the key from here https://myibm.ibm.com/products-services/containerlibrary
Create it as name: ibm-entitlement-key
Data Reporter Operator and IBM Metrics Operator container images are hosted on quay.io
You can check the ibm-metrics-operator logs to ensure your key is decoded correctly
oc -n redhat-marketplace logs $(oc -n redhat-marketplace get pod -l redhat.marketplace.com/name=ibm-metrics-operator -o jsonpath='{.items..metadata.name}')
And check the MarketPlaceConfig Status for any other warnings
oc -n redhat-marketplace describe marketplaceconfig
I have linked an account to Redhat Marketplace and created/downloaded a pull secret. As it has a pull secret of its own I don't get how IBM pull secret is supposed to work. I'd be tempted to say it didn't. Now it seems to work with RH marketplace pull secret.
The secret still has annotations: marketplace.redhat.com/rhm-operator-secret-message: 'failed to unmarshal secret: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type v1.Secret' marketplace.redhat.com/rhm-operator-secret-status: error
which where there with the original IBM pull secret. I just replaced it with the pull secret from RH marketplace.
If you go to website of RH Marketplace it tells you its not available for all countries (Finland and Sweden included that I am concerned,) So how come this is forced,
Marketplace conditions are good except registration. I don't know what that registration is referring to. OCP is registered. Complete True 14 May 2024, 08:12 FinishedInstall Finished Installing necessary components Installing False 14 May 2024, 08:12 FinishedInstall Finished Installing necessary components RHMAccountExists True 14 May 2024, 08:12 RHMAccountExists RHM/Software Central account exists Registered False 14 May 2024, 08:12 ClusterRegistered Cluster registration pending: UNREGISTERED
-janne
From: Daniel Cleyrat @.> Sent: Friday, May 17, 2024 9:30 PM To: ibm-mas/ansible-devops @.> Cc: Janne Lepistö @.>; Mention @.> Subject: Re: [ibm-mas/ansible-devops] DRO task oddities (Issue #1304)
You don't often get email from @.*** Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification
If you get the key from either (must me logged in) https://swc.saas.ibm.com/en-us/redhat-marketplace/account/keys https://swc.saas.ibm.com/en-us/software-central/account/keys Create it as name: redhat-marketplace-pull-secret
If you get the key from here https://myibm.ibm.com/products-services/containerlibrary Create it as name: ibm-entitlement-key
Data Reporter Operator and IBM Metrics Operator container images are hosted on quay.io
You can check the ibm-metrics-operator logs to ensure your key is decoded correctly
oc -n redhat-marketplace logs $(oc -n redhat-marketplace get pod -l redhat.marketplace.com/name=ibm-metrics-operator -o jsonpath='{.items..metadata.name}')
And check the MarketPlaceConfig Status for any other warnings
oc -n redhat-marketplace describe marketplaceconfig
— Reply to this email directly, view it on GitHubhttps://github.com/ibm-mas/ansible-devops/issues/1304#issuecomment-2118171427, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A5PJ3JICSWWT35VLSNLWQT3ZCZEETAVCNFSM6AAAAABHUCTXO6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJYGE3TCNBSG4. You are receiving this because you were mentioned.
When you are creating ibm-entitlement-key on cluster
Obtain from https://myibm.ibm.com/products-services/containerlibrary
Create as
oc create secret docker-registry ibm-entitlement-key -n redhat-marketplace --docker-server=cp.icr.io --docker-username=cp --docker-password=$IBM_ENTITLEMENT_KEY
As per typical documentation by Cloud Pak https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-preparing-online-cluster#er
If you were not aware of the creation difference, apologies for not being specific. RHM/SWC does externally document ibm-entitlement-key path as it is currently only intended for CP auto-installing ibm-metrics-operator, and having an auth without the need for the RHM/SWC pull secret. This auth mechanism also lacks certain identifying information, so it is least preferred if a user is using the RHM/SWC portal, and configuring the operator on their own.
The RHM/SWC pull secret
Obtained from https://swc.saas.ibm.com/en-us/redhat-marketplace/account/keys https://swc.saas.ibm.com/en-us/software-central/account/keys
Created as
oc -n redhat-marketplace create secret generic redhat-marketplace-pull-secret --from-literal=PULL_SECRET=$RHM_PULL_SECRET
