Description of problem: Should append openshift.node.portal_net to INSECURE_REGISTRY in docker configuration Version-Release number of selected component (if applicable): openshift-ansible-3.0.57-1.git.0.c633ce7.el7.noarch How reproducible: 100% Steps to Reproduce: 1. Install env 2. create a new app oc new-app nodejs-example 3. check the build log Actual results: I0315 02:21:42.817945 1 cfg.go:83] Using serviceaccount user for Docker authentication for image 172.31.189.134:5000/xiaom/cakephp-example:latest I0315 02:21:42.818033 1 sti.go:257] Using provided push secret for pushing 172.31.189.134:5000/xiaom/cakephp-example:latest image I0315 02:21:42.818046 1 sti.go:261] Pushing 172.31.189.134:5000/xiaom/cakephp-example:latest image ... The push refers to a repository [172.31.189.134:5000/xiaom/cakephp-example] (len: 1) E0315 02:21:42.827883 1 dockerutil.go:85] push for image 172.31.189.134:5000/xiaom/cakephp-example:latest failed, will retry in 5s ... The push refers to a repository [172.31.189.134:5000/xiaom/cakephp-example] (len: 1) E0315 02:21:47.832163 1 dockerutil.go:85] push for image 172.31.189.134:5000/xiaom/cakephp-example:latest failed, will retry in 5s ... Fail to push the images to docker registry Expected results: Add openshift.node.portal_net to INSECURE_REGISTRY
I think there was a recent refactoring that may have changed this.
https://github.com/openshift/openshift-ansible/commit/1565bc6e71bdda712d4cfdbf28754f00b38a4674#diff-a3b01e0fba2f0584a64aa9ac03ada32dL48 This appears to be where setting the portal net was removed from the docker role. This now breaks OpenShift builds because the internal registry is not used as an "insecure registry".
PR to address this is here: https://github.com/openshift/openshift-ansible/pull/1614
This should be in the v3.2.0.4 build which was created today.
Setting back to assigned, this hasn't been merged yet and is still being tested.
Fixed in https://github.com/openshift/openshift-ansible/pull/1614
Install env via openshift-ansible <--snip--> openshift_master_portal_net="172.31.0.0/16" <--snip--> check the docker configuration OPTIONS=' --selinux-enabled --insecure-registry=172.31.0.0/16 ' Get the expected result, move this issue to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1065