Bug 1317755

Summary: Should append openshift.node.portal_net to INSECURE_REGISTRY in docker configuration
Product: OpenShift Container Platform Reporter: Ma xiaoqiang <xiama>
Component: InstallerAssignee: Jason DeTiberus <jdetiber>
Status: CLOSED ERRATA QA Contact: Ma xiaoqiang <xiama>
Severity: high Docs Contact:
Priority: high    
Version: 3.2.0CC: aos-bugs, bleanhar, ejacobs, jokerman, mmccomas, tdawson, xtian
Target Milestone: ---Keywords: Regression, TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-12 16:38:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ma xiaoqiang 2016-03-15 06:31:47 UTC 
Description of problem:
Should append openshift.node.portal_net to INSECURE_REGISTRY in docker configuration


Version-Release number of selected component (if applicable):
openshift-ansible-3.0.57-1.git.0.c633ce7.el7.noarch

How reproducible:
100%


Steps to Reproduce:
1. Install  env
2. create a new app
oc new-app nodejs-example
3. check the build log


Actual results:
I0315 02:21:42.817945       1 cfg.go:83] Using serviceaccount user for Docker authentication for image 172.31.189.134:5000/xiaom/cakephp-example:latest
I0315 02:21:42.818033       1 sti.go:257] Using provided push secret for pushing 172.31.189.134:5000/xiaom/cakephp-example:latest image
I0315 02:21:42.818046       1 sti.go:261] Pushing 172.31.189.134:5000/xiaom/cakephp-example:latest image ...
The push refers to a repository [172.31.189.134:5000/xiaom/cakephp-example] (len: 1)
E0315 02:21:42.827883       1 dockerutil.go:85] push for image 172.31.189.134:5000/xiaom/cakephp-example:latest failed, will retry in 5s ...
The push refers to a repository [172.31.189.134:5000/xiaom/cakephp-example] (len: 1)
E0315 02:21:47.832163       1 dockerutil.go:85] push for image 172.31.189.134:5000/xiaom/cakephp-example:latest failed, will retry in 5s ...

Fail to push the images to docker registry

Expected results:
Add openshift.node.portal_net to INSECURE_REGISTRY
Comment 1 Brenton Leanhardt 2016-03-15 14:13:29 UTC 
I think there was a recent refactoring that may have changed this.
Comment 2 Erik M Jacobs 2016-03-15 16:07:30 UTC 
https://github.com/openshift/openshift-ansible/commit/1565bc6e71bdda712d4cfdbf28754f00b38a4674#diff-a3b01e0fba2f0584a64aa9ac03ada32dL48

This appears to be where setting the portal net was removed from the docker role.

This now breaks OpenShift builds because the internal registry is not used as an "insecure registry".
Comment 3 Jason DeTiberus 2016-03-16 03:09:28 UTC 
PR to address this is here: https://github.com/openshift/openshift-ansible/pull/1614
Comment 4 Troy Dawson 2016-03-16 20:43:28 UTC 
This should be in the v3.2.0.4 build which was created today.
Comment 5 Jason DeTiberus 2016-03-16 21:14:17 UTC 
Setting back to assigned, this hasn't been merged yet and is still being tested.
Comment 6 Scott Dodson 2016-03-18 15:26:13 UTC 
Fixed in https://github.com/openshift/openshift-ansible/pull/1614
Comment 7 Ma xiaoqiang 2016-03-21 01:21:24 UTC 
Install env via openshift-ansible 
<--snip-->
openshift_master_portal_net="172.31.0.0/16"
<--snip-->

check the docker configuration
OPTIONS=' --selinux-enabled --insecure-registry=172.31.0.0/16 '

Get the expected result, move this issue to VERIFIED.
Comment 9 errata-xmlrpc 2016-05-12 16:38:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1065