Description of problem: cli_docker_additional_registries doesn't take effect work during upgrade. Version-Release number of selected component (if applicable): atomic-openshift-utils-3.0.85 How reproducible: always Steps to Reproduce: 1. install nativaha OSE 3.1 on Atomic Hosts with cli_docker_additional_registries cli_docker_additional_registries=registry.example.com:5000 cli_docker_insecure_registries=registry.example.com:5000 2. Don't specify the new parameter openshift_docker_additional_registries and upgrade to OSE 3.2 ansible-playbook -i config/hostnative /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml 3. check the /etc/sysconfig/docker after upgrade Actual results: -bash-4.2# cat /etc/sysconfig/docker|egrep 'ADD_REGISTRY|INSECURE_REGISTRY'|grep -v '#' ADD_REGISTRY='--add-registry registry.access.redhat.com' INSECURE_REGISTRY='--insecure-registry registry.example.com:5000' Expected results: registry.example.com:5000 was in ADD_REGISTRY. Additional info: the substitute openshift_docker_additional_registries works well.
The private registry server name was removed too if there isn't option cli_docker_insecure_registries in inventory file. I think the upgrade shouldn't modify docker configuration files except for there is options against docker in the inventory file. The openshift administrator may set significant options manually that make the difference between Ansible inventory files and the real configuration. I think the rule "Don’t modify existing options unless needed" should be following during upgrade. The detail as following: 1) Update /etc/sysconfig/docker. and your private registry in ADD_REGISTRY. for example: ADD_REGISTRY='--add-registry registry.access.redhat.com --add-registry myregistry.example.com' 2) Don't specify any docker related options in inventory file. 3) upgrade to 3.2. 4) after upgrade, we will found the private registry name was removed from ADD_REGISTRY. ADD_REGISTRY='--add-registry registry.access.redhat.com"
I'm wondering if the fix for Bug #1326045 will fix this too.
Don't think it will help, the additional registries are just not part of upgrade today. I will trace down what it would take to get them into play.
I know the docker role is applied during upgrade. My thought was that it wasn't getting picked up because of the previous backward compatibility problem.
Fixed the cli_* registries in https://github.com/openshift/openshift-ansible/pull/1869. There are other problems related to adding a new registry and then running upgrade (without re-running config in between) that I'm going to work on as a separate PR, however that is not part of this bug.
The fix work well with atomic-openshift-utils-3.0.89. waiting for errata package to verify it.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1208