Description of problem: 1. In 3.2.0.15, given the following settings in the inventory for the byo playbook: openshift_master_portal_net=172.24.0.0/14 osm_cluster_network_cidr=172.20.0.0/14 The install would set /etc/sysconfig/docker OPTIONS to: OPTIONS=' --selinux-enabled --insecure-registry=172.24.0.0/14' This is correct. 2. In 3.2.0.17, given the same settings in the inventory, it sets OPTIONS to OPTIONS=' --selinux-enabled --insecure-registry=172.30.0.0/16' which results in an unusable registry. The registry IP is outside of the insecure range. Version-Release number of selected component (if applicable): 3.2.0.17 How reproducible: Always Steps to Reproduce: 1. Install using an inventory with the following settings: openshift_master_portal_net=172.24.0.0/14 osm_cluster_network_cidr=172.20.0.0/14 2. After the install check /etc/sysconfig/docker Actual results: OPTIONS=' --selinux-enabled --insecure-registry=172.30.0.0/16' Expected results: Honor the network mask/CIDR settings in the inventory. OPTIONS=' --selinux-enabled --insecure-registry=172.24.0.0/14'
Additional info: all installs I've personally seen this on are AWS
openshift-ansible-3.0.80-1 works fine , openshift-ansible-3.0.82-1 can not set --insecure-registry incorrectly in docker. it has nothing with openshift and inventories. thx
@xiaoqiang I ran two tests with identical playbooks. The only difference was the openshift-ansible commit level. Test 1: openshift-ansible commit level is 55e36e376858d023203f4a3d7884c830109bc122. No changes from April 20. Result: OPTIONS=' --selinux-enabled --insecure-registry=172.24.0.0/14 ' Test 2: openshift-ansible commit level is fd2eef29ab0b34ee55920b25226d570bd0501ed0 (3 new commits on April 20) Result: OPTIONS=' --selinux-enabled --insecure-registry=172.30.0.0/16 '
comment 4 : should be "identical inventories". Playbook is openshift-ansible/playbooks/byo/config.yml
Looks like it was caused by this PR https://github.com/openshift/openshift-ansible/pull/1588/files where the portal_net property was renamed to openshift_portal_net, and may not be properly backward compatible. Will test, verify and fix shortly today.
Fixed in: https://github.com/openshift/openshift-ansible/pull/1783 Just a complication from the move to another role and a couple missed uses.
Should be fixed in openshift-ansible-3.0.84-1.git.0.04b5245.el7
Verified by running the same inventory which failed initially
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1065