Bug 1550932

Summary: deployment fails as --insecure-registry in /etc/sysconfig/docker not set by director on overcloud nodes
Product: Red Hat OpenStack Reporter: Anil Dhingra <adhingra>
Component: documentationAssignee: RHOS Documentation Team <rhos-docs>
Status: CLOSED NOTABUG QA Contact: RHOS Documentation Team <rhos-docs>
Severity: high Docs Contact:
Priority: medium    
Version: 12.0 (Pike)CC: adhingra, agurenko, aschultz, dprince, emacchi, hbrock, ipilcher, jliberma, jpichon, jslagle, mburns, nsantos, rhel-osp-director-maint, sbaker, srevivo
Target Milestone: zstreamKeywords: Triaged, ZStream
Target Release: 12.0 (Pike)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1522978 Environment:
Last Closed: 2019-03-07 00:26:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1522978    
Bug Blocks:    

Description Anil Dhingra 2018-03-02 10:09:51 UTC 
Installation fails , as -insecure-registry in /etc/sysconfig/docker not set by director on overcloud nodes

result in fail to pull images on all overcloud nodes

Failed to pull image: 192.168.24.1:8787/rhosp12/openstack-cron:12.0-20180124.1\", \n        \"2018-03-02 08:44:15,815 WARNING: 20357 -- docker pull failed: Get https://192.168.24.1:8787/v1/_ping: http: server gave HTTP response to HTTPS client\", \n        \"2018-03-02 08:44:15,815 WARNING: 20359 -- docker pull failed: Get https://192.168.24.1:8787/v1/_ping: http: server gave HTTP response to HTTPS client\", \n        \"2018-03-02 08:44:15,815 WARNING: 20357 -- retrying pulling image: 192.168.24.1:8787/rhosp12/openstack-ceilometer-central:12.0-20180124.1\", \n        \"2018-03-02 08:44:15,815 WARNING: 20359 -- retrying pulling image: 192.168.24.1:8787/rhosp12/openstack-nova-compute:12.0-20180124.1\", \n        \"2018-03-02 08:44:15,815 ERROR: 20357 -- Failed to pull image: 192.168.24.1:8787/rhosp12/openstack-ceilometer-central:12.0-20180124.1\", \n        \"2018-03-02 08:44:15,815 ERROR: 20359 -- Failed to pull image: 192.168.24.1:8787/rhosp12/openstack-nova-compute:12.0-20180124.1\", \n  


(undercloud) [stack@dell-430-36 ~]$ rpm -qa | grep -i python-tripleoclient
python-tripleoclient-7.3.3-7.el7ost.noarch

[root@overcloud-compute-1 ~]# tail /etc/sysconfig/docker
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false

# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest
[root@overcloud-compute-1 ~]#
Comment 1 Anil Dhingra 2018-03-02 16:15:20 UTC 
looks like below parameter is missing during file generation , it supposed to be added auto in overcloud_images.yaml

  DockerInsecureRegistryAddress:
  - 192.168.24.1:8787
Comment 2 Alex Schultz 2018-03-02 17:42:00 UTC 
I think this might be a docs bug because I think this is supposed to be handled automatically for you during item #5 from section 5.3 of the install guide.

https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/director_installation_and_usage/Configuring-Registry_Details#Configuring-Preparing_the_Container_Images_File

I think the output env file should have that entry in it.  Either way it would be good to explicitly say this configuration is necessary when using the local registry.
Comment 3 Alex Schultz 2018-03-02 20:42:00 UTC 
Yes I have confirmed the following part will put that value in the output file.

openstack overcloud container image prepare --namespace=192.168.24.1:8787/rhosp12 --prefix=openstack- --tag=12.0-20180124.1 --output-env-file=/home/stack/overcloud_images.yaml

The resulting /home/stack/overcloud_images.yaml has:

...<snip...>
  DockerHorizonImage: 192.168.24.1:8787/rhosp12/openstack-horizon:12.0-20180124.1
  DockerInsecureRegistryAddress:
  - 192.168.24.1:8787
  DockerKeystoneConfigImage: 192.168.24.1:8787/rhosp12/openstack-keystone:12.0-20180124.1
...<snip>...


This file should be included as part of the deployment command via -e /home/stack/overcloud_images.yaml.


It would be a good idea to ensure that we mention that this value needs to be provided when using the local repository but is automatically included in the prepare command output.
Comment 4 Steve Baker 2019-03-07 00:26:45 UTC 
I think this might be related to another issue where specifying custom undercloud.conf container_insecure_registries overwrote the DockerInsecureRegistryAddress entry for the undercloud registry. This was later fixed upstream.