Installation fails , as -insecure-registry in /etc/sysconfig/docker not set by director on overcloud nodes result in fail to pull images on all overcloud nodes Failed to pull image: 192.168.24.1:8787/rhosp12/openstack-cron:12.0-20180124.1\", \n \"2018-03-02 08:44:15,815 WARNING: 20357 -- docker pull failed: Get https://192.168.24.1:8787/v1/_ping: http: server gave HTTP response to HTTPS client\", \n \"2018-03-02 08:44:15,815 WARNING: 20359 -- docker pull failed: Get https://192.168.24.1:8787/v1/_ping: http: server gave HTTP response to HTTPS client\", \n \"2018-03-02 08:44:15,815 WARNING: 20357 -- retrying pulling image: 192.168.24.1:8787/rhosp12/openstack-ceilometer-central:12.0-20180124.1\", \n \"2018-03-02 08:44:15,815 WARNING: 20359 -- retrying pulling image: 192.168.24.1:8787/rhosp12/openstack-nova-compute:12.0-20180124.1\", \n \"2018-03-02 08:44:15,815 ERROR: 20357 -- Failed to pull image: 192.168.24.1:8787/rhosp12/openstack-ceilometer-central:12.0-20180124.1\", \n \"2018-03-02 08:44:15,815 ERROR: 20359 -- Failed to pull image: 192.168.24.1:8787/rhosp12/openstack-nova-compute:12.0-20180124.1\", \n (undercloud) [stack@dell-430-36 ~]$ rpm -qa | grep -i python-tripleoclient python-tripleoclient-7.3.3-7.el7ost.noarch [root@overcloud-compute-1 ~]# tail /etc/sysconfig/docker # Controls the /etc/cron.daily/docker-logrotate cron job status. # To disable, uncomment the line below. # LOGROTATE=false # docker-latest daemon can be used by starting the docker-latest unitfile. # To use docker-latest client, uncomment below lines #DOCKERBINARY=/usr/bin/docker-latest #DOCKERDBINARY=/usr/bin/dockerd-latest #DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest #DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest [root@overcloud-compute-1 ~]#
looks like below parameter is missing during file generation , it supposed to be added auto in overcloud_images.yaml DockerInsecureRegistryAddress: - 192.168.24.1:8787
I think this might be a docs bug because I think this is supposed to be handled automatically for you during item #5 from section 5.3 of the install guide. https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/director_installation_and_usage/Configuring-Registry_Details#Configuring-Preparing_the_Container_Images_File I think the output env file should have that entry in it. Either way it would be good to explicitly say this configuration is necessary when using the local registry.
Yes I have confirmed the following part will put that value in the output file. openstack overcloud container image prepare --namespace=192.168.24.1:8787/rhosp12 --prefix=openstack- --tag=12.0-20180124.1 --output-env-file=/home/stack/overcloud_images.yaml The resulting /home/stack/overcloud_images.yaml has: ...<snip...> DockerHorizonImage: 192.168.24.1:8787/rhosp12/openstack-horizon:12.0-20180124.1 DockerInsecureRegistryAddress: - 192.168.24.1:8787 DockerKeystoneConfigImage: 192.168.24.1:8787/rhosp12/openstack-keystone:12.0-20180124.1 ...<snip>... This file should be included as part of the deployment command via -e /home/stack/overcloud_images.yaml. It would be a good idea to ensure that we mention that this value needs to be provided when using the local repository but is automatically included in the prepare command output.
I think this might be related to another issue where specifying custom undercloud.conf container_insecure_registries overwrote the DockerInsecureRegistryAddress entry for the undercloud registry. This was later fixed upstream.