Bug 1460930 - docker is using a new configure file to defined registries
Summary: docker is using a new configure file to defined registries
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.6.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.7.0
Assignee: OCP Installer
QA Contact: Gaoyun Pei
Depends On:
TreeView+ depends on / blocked
Reported: 2017-06-13 07:44 UTC by Wenkai Shi
Modified: 2022-08-02 19:50 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-11-28 21:56:55 UTC
Target Upstream Version:
jhonce: needinfo-

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:3188 0 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update 2017-11-29 02:34:54 UTC

Description Wenkai Shi 2017-06-13 07:44:29 UTC
Description of problem:
docker-1.12.6-34 is using "/etc/containers/registries.conf" instead of "/etc/sysconfig/docker" to defined registries. But installer is still add registries to "/etc/sysconfig/docker".

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Install OCP with docker-1.12.6-34

Actual results:
# cat /etc/sysconfig/docker
# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# from the atomic-registries package.
ADD_REGISTRY='--add-registry ... --add-registry registry.access.redhat.com'
BLOCK_REGISTRY='--block-registry registry.hacker.com'
INSECURE_REGISTRY='--insecure-registry ...'

Expected results:
According to document in "/etc/sysconfig/docker", installer should add registries in "/etc/containers/registries.conf".

Additional info:

Comment 1 Scott Dodson 2017-06-26 13:38:32 UTC
Is this a mandatory change or will the old environment files work?

Comment 2 Wenkai Shi 2017-06-27 02:42:14 UTC
(In reply to Scott Dodson from comment #1)
> Is this a mandatory change or will the old environment files work?

According to my testing, the old environment file still works.

Comment 3 Scott Dodson 2017-06-27 12:42:46 UTC
Mine too, moved to 3.7.

Comment 4 Michael Gugino 2017-08-24 21:31:22 UTC
PR created in github:  https://github.com/openshift/openshift-ansible/pull/5205

Comment 5 Brent Baude 2017-08-25 16:22:42 UTC
The original configuration file /etc/sysconfig/docker is still honored and there has been no discussion about EOL'ing it.  The only difference is that registries in the sysconfig/docker file will not be usably by other container runtimes or skopeo.

Comment 6 Michael Gugino 2017-08-25 16:43:07 UTC

There are some discussions on that PR regarding which container runtimes are currently consuming /etc/containers/registries.conf

Having one registry configuration file for all runtimes would be beneficial to openshift-ansible users and allow our codebase to simplify.

Comment 11 liujia 2017-09-29 08:56:08 UTC
When upgrade ocp 3.6 to 3.7 on atomic hosts, met the same issue.

TASK [openshift_node_upgrade : Pre-pull node image] ****************************
fatal: [x.x.x.x]: FAILED! => {"changed": false, "cmd": ["docker", "pull", "openshift3/node:v3.7.0"], "delta": "0:00:00.498253", "end": "2017-09-29 07:41:05.949663", "failed": true, "rc": 1, "start": "2017-09-29 07:41:05.451410", "stderr": "unauthorized: authentication required", "stderr_lines": ["unauthorized: authentication required"], "stdout": "Trying to pull repository docker.io/openshift3/node ... ", "stdout_lines": ["Trying to pull repository docker.io/openshift3/node ... "]}


Comment 12 Michael Gugino 2017-10-02 23:09:08 UTC
PR submitted: https://github.com/openshift/openshift-ansible/pull/5629

Since we're not check/enforcing docker version to incremental releases, we are gong to enable the settings in both files for the time being.

Comment 13 Wenkai Shi 2017-10-09 09:24:48 UTC
Verified with version openshift-ansible-3.7.0-0.143.1.git.0.89248df.el7, settings is in both files now.

Comment 18 errata-xmlrpc 2017-11-28 21:56:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.