Description of problem: When using the default openshift_master_image_policy_allowed_registries_for_import=["docker.io", "*.docker.io", "*.redhat.com", "gcr.io", "quay.io", "registry.centos.org", "registry.redhat.io", "*.amazonaws.com"] for testing, the following error appears F1105 11:16:39.358842 1 start_api.go:68] could not load config file "/etc/origin/master/master-config.yaml" due to an error: error reading config: v1.MasterConfig.ImagePolicyConfig: v1.ImagePolicyConfig.AllowedRegistriesForImport: v1.AllowedRegistries: readObjectStart: expect { or n, but found ", error found in #10 byte of ...|Import":["artifactor|..., bigger context ...|magePolicyConfig":{"allowedRegistriesForImport":["artifactory.hiddenname.no","docker-registry-default|... the /etc/origin/master/master-config.yaml displays the image config the following way, where the error should be. imagePolicyConfig: allowedRegistriesForImport: - artifactory.hiddenname.no - docker-registry-default.hiddenname.no - '*.redhat.com' - gcr.io - quay.io - registry.centos.org - registry.redhat.io - '*.amazonaws.com' Version-Release number of selected component (if applicable): 3.11.16 How reproducible: Do a install with the example line, but remove docker.io Steps to Reproduce: 1. insert line openshift_master_image_policy_allowed_registries_for_import=["*.redhat.com", "gcr.io", "quay.io", "registry.centos.org", "registry.redhat.io", "*.amazonaws.com"] 2. Run installer 3. Actual results: Installation fails with F1105 11:16:39.358842 1 start_api.go:68] could not load config file "/etc/origin/master/master-config.yaml" due to an error: error reading config: v1.MasterConfig.ImagePolicyConfig: v1.ImagePolicyConfig.AllowedRegistriesForImport: v1.AllowedRegistries: readObjectStart: expect { or n, but found ", error found in #10 byte of ...|Import":["artifactor|..., bigger context ...|magePolicyConfig":{"allowedRegistriesForImport":["artifactory.hiddenname.no","docker-registry-default|... Expected results: Clean installation Additional info: It also fails if you have added multiple internal registries to openshift_docker_additional_registries which are also added to openshift_master_image_policy_allowed_registries_for_import Then it says you need to add the name to openshift_master_image_policy_allowed_registries_for_import even though it is there.
Kim, Are those log entries truncated? `journalctl --no-pager` will provide output that's not truncated. Ben, How should that config be rendered? Is it the single quotes that's messing things up?
AllowedRegistries is an array of RegistryLocation objects: type RegistryLocation struct { // DomainName specifies a domain name for the registry // In case the registry use non-standard (80 or 443) port, the port should be included // in the domain name as well. DomainName string // Insecure indicates whether the registry is secure (https) or insecure (http) // By default (if not specified) the registry is assumed as secure. Insecure bool } so i'd expect it to render as: imagePolicyConfig: allowedRegistriesForImport: - domainName: "artifactory.hiddenname.no" - domainName: "docker-registry-default.hiddenname.no" etc. (you can leave out the insecure field, it defaults to false).
I just get the logs from master-logs api api and master-logs controllers controllers, other than that we just have logs from the docker current and it does not show more than that.
Kim, I mean it's likely that the installer is not generating the value correctly. In the meantime you can probably manually edit the master-config.yaml to align with the example I provided.
Please provide playbook -vvv output, inventory, and contents of master's config. Seems openshift_master_image_policy_allowed_registries_for_import is being treated a string instead of a dictionary; openshift_facts wants a dictionary and sanity_checks seems to want json.
@Michael I cant provide that anymore as i ended up doing it another way, i guess i can make a reproducer but i dont have time atm to do it.
I hit the same issue, I'd guess the example in https://github.com/openshift/openshift-ansible/blob/master/inventory/hosts.example#L105 is just wrong and it needs to be something along the lines of: openshift_master_image_policy_allowed_registries_for_import=[domainName: artifactory.hiddenname.no, domainName: ..., ...] I'll create a case about this
*** This bug has been marked as a duplicate of bug 1650384 ***
*** This bug has been marked as a duplicate of bug 1670473 ***