Bug 1460930 - docker is using a new configure file to defined registries [NEEDINFO]
docker is using a new configure file to defined registries
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: 3.7.0
Assigned To: Michael Gugino
Wenkai Shi
: TestBlocker
Depends On:
  Show dependency treegraph
Reported: 2017-06-13 03:44 EDT by Wenkai Shi
Modified: 2017-11-28 16:56 EST (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-11-28 16:56:55 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
sdodson: needinfo? (jhonce)

Attachments (Terms of Use)

  None (edit)
Description Wenkai Shi 2017-06-13 03:44:29 EDT
Description of problem:
docker-1.12.6-34 is using "/etc/containers/registries.conf" instead of "/etc/sysconfig/docker" to defined registries. But installer is still add registries to "/etc/sysconfig/docker".

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Install OCP with docker-1.12.6-34

Actual results:
# cat /etc/sysconfig/docker
# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# from the atomic-registries package.
ADD_REGISTRY='--add-registry ... --add-registry registry.access.redhat.com'
BLOCK_REGISTRY='--block-registry registry.hacker.com'
INSECURE_REGISTRY='--insecure-registry ...'

Expected results:
According to document in "/etc/sysconfig/docker", installer should add registries in "/etc/containers/registries.conf".

Additional info:
Comment 1 Scott Dodson 2017-06-26 09:38:32 EDT
Is this a mandatory change or will the old environment files work?
Comment 2 Wenkai Shi 2017-06-26 22:42:14 EDT
(In reply to Scott Dodson from comment #1)
> Is this a mandatory change or will the old environment files work?

According to my testing, the old environment file still works.
Comment 3 Scott Dodson 2017-06-27 08:42:46 EDT
Mine too, moved to 3.7.
Comment 4 Michael Gugino 2017-08-24 17:31:22 EDT
PR created in github:  https://github.com/openshift/openshift-ansible/pull/5205
Comment 5 Brent Baude 2017-08-25 12:22:42 EDT
The original configuration file /etc/sysconfig/docker is still honored and there has been no discussion about EOL'ing it.  The only difference is that registries in the sysconfig/docker file will not be usably by other container runtimes or skopeo.
Comment 6 Michael Gugino 2017-08-25 12:43:07 EDT

There are some discussions on that PR regarding which container runtimes are currently consuming /etc/containers/registries.conf

Having one registry configuration file for all runtimes would be beneficial to openshift-ansible users and allow our codebase to simplify.
Comment 11 liujia 2017-09-29 04:56:08 EDT
When upgrade ocp 3.6 to 3.7 on atomic hosts, met the same issue.

TASK [openshift_node_upgrade : Pre-pull node image] ****************************
fatal: [x.x.x.x]: FAILED! => {"changed": false, "cmd": ["docker", "pull", "openshift3/node:v3.7.0"], "delta": "0:00:00.498253", "end": "2017-09-29 07:41:05.949663", "failed": true, "rc": 1, "start": "2017-09-29 07:41:05.451410", "stderr": "unauthorized: authentication required", "stderr_lines": ["unauthorized: authentication required"], "stdout": "Trying to pull repository docker.io/openshift3/node ... ", "stdout_lines": ["Trying to pull repository docker.io/openshift3/node ... "]}

Comment 12 Michael Gugino 2017-10-02 19:09:08 EDT
PR submitted: https://github.com/openshift/openshift-ansible/pull/5629

Since we're not check/enforcing docker version to incremental releases, we are gong to enable the settings in both files for the time being.
Comment 13 Wenkai Shi 2017-10-09 05:24:48 EDT
Verified with version openshift-ansible-3.7.0-0.143.1.git.0.89248df.el7, settings is in both files now.
Comment 18 errata-xmlrpc 2017-11-28 16:56:55 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.