Bug 1317755 - Should append openshift.node.portal_net to INSECURE_REGISTRY in docker configuration
Summary: Should append openshift.node.portal_net to INSECURE_REGISTRY in docker config...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.2.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Jason DeTiberus
QA Contact: Ma xiaoqiang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-15 06:31 UTC by Ma xiaoqiang
Modified: 2016-07-04 00:46 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-12 16:38:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1065 0 normal SHIPPED_LIVE Red Hat OpenShift Enterprise atomic-openshift-utils bug fix update 2016-05-12 20:32:56 UTC

Description Ma xiaoqiang 2016-03-15 06:31:47 UTC 
Description of problem:
Should append openshift.node.portal_net to INSECURE_REGISTRY in docker configuration


Version-Release number of selected component (if applicable):
openshift-ansible-3.0.57-1.git.0.c633ce7.el7.noarch

How reproducible:
100%


Steps to Reproduce:
1. Install  env
2. create a new app
oc new-app nodejs-example
3. check the build log


Actual results:
I0315 02:21:42.817945       1 cfg.go:83] Using serviceaccount user for Docker authentication for image 172.31.189.134:5000/xiaom/cakephp-example:latest
I0315 02:21:42.818033       1 sti.go:257] Using provided push secret for pushing 172.31.189.134:5000/xiaom/cakephp-example:latest image
I0315 02:21:42.818046       1 sti.go:261] Pushing 172.31.189.134:5000/xiaom/cakephp-example:latest image ...
The push refers to a repository [172.31.189.134:5000/xiaom/cakephp-example] (len: 1)
E0315 02:21:42.827883       1 dockerutil.go:85] push for image 172.31.189.134:5000/xiaom/cakephp-example:latest failed, will retry in 5s ...
The push refers to a repository [172.31.189.134:5000/xiaom/cakephp-example] (len: 1)
E0315 02:21:47.832163       1 dockerutil.go:85] push for image 172.31.189.134:5000/xiaom/cakephp-example:latest failed, will retry in 5s ...

Fail to push the images to docker registry

Expected results:
Add openshift.node.portal_net to INSECURE_REGISTRY
Comment 1 Brenton Leanhardt 2016-03-15 14:13:29 UTC 
I think there was a recent refactoring that may have changed this.
Comment 2 Erik M Jacobs 2016-03-15 16:07:30 UTC 
https://github.com/openshift/openshift-ansible/commit/1565bc6e71bdda712d4cfdbf28754f00b38a4674#diff-a3b01e0fba2f0584a64aa9ac03ada32dL48

This appears to be where setting the portal net was removed from the docker role.

This now breaks OpenShift builds because the internal registry is not used as an "insecure registry".
Comment 3 Jason DeTiberus 2016-03-16 03:09:28 UTC 
PR to address this is here: https://github.com/openshift/openshift-ansible/pull/1614
Comment 4 Troy Dawson 2016-03-16 20:43:28 UTC 
This should be in the v3.2.0.4 build which was created today.
Comment 5 Jason DeTiberus 2016-03-16 21:14:17 UTC 
Setting back to assigned, this hasn't been merged yet and is still being tested.
Comment 6 Scott Dodson 2016-03-18 15:26:13 UTC 
Fixed in https://github.com/openshift/openshift-ansible/pull/1614
Comment 7 Ma xiaoqiang 2016-03-21 01:21:24 UTC 
Install env via openshift-ansible 
<--snip-->
openshift_master_portal_net="172.31.0.0/16"
<--snip-->

check the docker configuration
OPTIONS=' --selinux-enabled --insecure-registry=172.31.0.0/16 '

Get the expected result, move this issue to VERIFIED.
Comment 9 errata-xmlrpc 2016-05-12 16:38:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1065
Note You need to log in before you can comment on or make changes to this bug.