Bug 1331389

Summary: cli_docker_additional_registries doesn't take effect during upgrade
Product: OpenShift Container Platform Reporter: Anping Li <anli>
Component: Cluster Version OperatorAssignee: Devan Goodwin <dgoodwin>
Status: CLOSED ERRATA QA Contact: Anping Li <anli>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.2.0CC: aos-bugs, bleanhar, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-07 10:55:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anping Li 2016-04-28 12:33:17 UTC 
Description of problem:
cli_docker_additional_registries doesn't take effect work during upgrade. 

Version-Release number of selected component (if applicable):
atomic-openshift-utils-3.0.85

How reproducible:
always

Steps to Reproduce:
1. install nativaha OSE 3.1 on Atomic Hosts with cli_docker_additional_registries
   cli_docker_additional_registries=registry.example.com:5000
   cli_docker_insecure_registries=registry.example.com:5000
2. Don't specify the new parameter openshift_docker_additional_registries and upgrade to OSE 3.2
   ansible-playbook -i config/hostnative /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
3. check the /etc/sysconfig/docker after upgrade


Actual results:
-bash-4.2# cat /etc/sysconfig/docker|egrep 'ADD_REGISTRY|INSECURE_REGISTRY'|grep -v '#'
ADD_REGISTRY='--add-registry registry.access.redhat.com'
INSECURE_REGISTRY='--insecure-registry registry.example.com:5000'


Expected results:
registry.example.com:5000 was in ADD_REGISTRY.

Additional info:
the substitute openshift_docker_additional_registries works well.
Comment 1 Anping Li 2016-05-04 07:57:24 UTC 
The private registry server name was removed too if there isn't option cli_docker_insecure_registries in inventory file.

I think the upgrade shouldn't modify docker configuration files except for there is options against docker in the inventory file.  The openshift administrator may set significant options manually that make the difference  between Ansible inventory files and the real configuration.
I think the rule "Don’t modify existing options unless needed" should be following during upgrade.


The detail as following:
1) Update /etc/sysconfig/docker. and your private registry in ADD_REGISTRY. for example:
  ADD_REGISTRY='--add-registry registry.access.redhat.com  --add-registry myregistry.example.com'

2) Don't specify any docker related options in inventory file. 

3) upgrade to 3.2. 
4) after upgrade, we will found the private registry name was removed from ADD_REGISTRY.
   ADD_REGISTRY='--add-registry registry.access.redhat.com"
Comment 2 Brenton Leanhardt 2016-05-05 18:43:07 UTC 
I'm wondering if the fix for Bug #1326045 will fix this too.
Comment 3 Devan Goodwin 2016-05-06 12:11:15 UTC 
Don't think it will help, the additional registries are just not part of upgrade today. I will trace down what it would take to get them into play.
Comment 4 Brenton Leanhardt 2016-05-06 13:29:39 UTC 
I know the docker role is applied during upgrade.  My thought was that it wasn't getting picked up because of the previous backward compatibility problem.
Comment 5 Devan Goodwin 2016-05-09 15:03:31 UTC 
Fixed the cli_* registries in https://github.com/openshift/openshift-ansible/pull/1869.

There are other problems related to adding a new registry and then running upgrade (without re-running config in between) that I'm going to work on as a separate PR, however that is not part of this bug.
Comment 7 Anping Li 2016-05-16 05:09:46 UTC 
The fix work well with atomic-openshift-utils-3.0.89. waiting for errata package to verify it.
Comment 9 errata-xmlrpc 2016-06-07 10:55:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1208