Bug 1322338

Summary: The upgrade should keep the option insecure-registry=172.30.0.0/16
Product: OpenShift Container Platform Reporter: Anping Li <anli>
Component: Cluster Version OperatorAssignee: Brenton Leanhardt <bleanhar>
Status: CLOSED ERRATA QA Contact: Anping Li <anli>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.2.0CC: aos-bugs, bleanhar, jokerman, mmccomas, tdawson
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openshift-ansible-3.0.68-1.git.0.d80d45e.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-12 16:34:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anping Li 2016-03-30 10:33:30 UTC 
Description of problem:
if there are openshift_docker_additional_registries=XXX and openshift_docker_insecure_registries=XXX in inventory file, and 172.30.0.0/16 was not appended to openshift_docker_insecure_registries. After upgrade,  due to --insecure-registry=172.30.0.0/16 was missing from /etc/sysconfig/docker.  docker will think the inner docker-registry as secuity registry, and docker failed to push images.

The instsallation bug related this issue is https://bugzilla.redhat.com/show_bug.cgi?id=1317755, seem like we also need such similar fix in upgrade ansible playbook.

Version-Release number of selected component (if applicable):
atomic-openshift-utils-3.0.67

How reproducible:
always

Steps to Reproduce:
1. Specify the openshift_docker_additional_registries=XXX and openshift_docker_insecure_registries=XXX before upgrade. but don't set the "172.30.0.0/16" in openshift_docker_insecure_registries
2. ansible-playbook -i config/osecontain /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml | tee upgrade.log
3. After upgrade,  oc start-build an applications

Actual results:
I0330 05:31:19.080731       1 sti.go:267] Registry server User Name: serviceaccount
I0330 05:31:19.080742       1 sti.go:268] Registry server Email: serviceaccount
I0330 05:31:19.080754       1 sti.go:273] Registry server Password: <<non-empty>>
F0330 05:31:19.080781       1 builder.go:204] Error: build error: Failed to push image. Response from registry is: unable to ping registry endpoint https://172.30.33.215:5000/v0/
v2 ping attempt failed with error: Get https://172.30.33.215:5000/v2/: tls: oversized record received with length 20527
 v1 ping attempt failed with error: Get https://172.30.33.215:5000/v1/_ping: tls: oversized record received with length 20527


Expected results:


Additional info:
The workround is to add 172.30.0.0/16 in openshift_docker_insecure_registries as following
openshift_docker_insecure_registries=[ XXX , '172.30.0.0/16 ' ]
Comment 1 Brenton Leanhardt 2016-03-30 17:42:42 UTC 
https://github.com/openshift/openshift-ansible/pull/1682
Comment 4 Anping Li 2016-03-31 07:23:06 UTC 
The fix works well, so move bug to verified.
Comment 6 errata-xmlrpc 2016-05-12 16:34:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:1064