Bug 1646207 - openshift_master_image_policy_allowed_registries_for_import errors out during setup
Summary: openshift_master_image_policy_allowed_registries_for_import errors out during...
Keywords:
Status: CLOSED DUPLICATE of bug 1670473
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.11.z
Assignee: Scott Dodson
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-05 11:30 UTC by Kim Borup
Modified: 2019-03-05 16:54 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-12-21 13:06:50 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Kim Borup 2018-11-05 11:30:11 UTC 
Description of problem:
When using the default openshift_master_image_policy_allowed_registries_for_import=["docker.io", "*.docker.io", "*.redhat.com", "gcr.io", "quay.io", "registry.centos.org", "registry.redhat.io", "*.amazonaws.com"] 

for testing, the following error appears 

F1105 11:16:39.358842       1 start_api.go:68] could not load config file "/etc/origin/master/master-config.yaml" due to an error: error reading config: v1.MasterConfig.ImagePolicyConfig: v1.ImagePolicyConfig.AllowedRegistriesForImport: v1.AllowedRegistries: readObjectStart: expect { or n, but found ", error found in #10 byte of ...|Import":["artifactor|..., bigger context ...|magePolicyConfig":{"allowedRegistriesForImport":["artifactory.hiddenname.no","docker-registry-default|...

the /etc/origin/master/master-config.yaml displays the image config the following way, where the error should be. 

imagePolicyConfig:
  allowedRegistriesForImport:
  - artifactory.hiddenname.no
  - docker-registry-default.hiddenname.no
  - '*.redhat.com'
  - gcr.io
  - quay.io
  - registry.centos.org
  - registry.redhat.io
  - '*.amazonaws.com'


Version-Release number of selected component (if applicable):
3.11.16

How reproducible:
Do a install with the example line, but remove docker.io

Steps to Reproduce:
1. insert line openshift_master_image_policy_allowed_registries_for_import=["*.redhat.com", "gcr.io", "quay.io", "registry.centos.org", "registry.redhat.io", "*.amazonaws.com"]
2. Run installer
3.


Actual results:
Installation fails with 
F1105 11:16:39.358842       1 start_api.go:68] could not load config file "/etc/origin/master/master-config.yaml" due to an error: error reading config: v1.MasterConfig.ImagePolicyConfig: v1.ImagePolicyConfig.AllowedRegistriesForImport: v1.AllowedRegistries: readObjectStart: expect { or n, but found ", error found in #10 byte of ...|Import":["artifactor|..., bigger context ...|magePolicyConfig":{"allowedRegistriesForImport":["artifactory.hiddenname.no","docker-registry-default|...

Expected results:
Clean installation
Additional info:
It also fails if you have added multiple internal registries to 
openshift_docker_additional_registries which are also added to openshift_master_image_policy_allowed_registries_for_import

Then it says you need to add the name to openshift_master_image_policy_allowed_registries_for_import even though it is there.
Comment 1 Scott Dodson 2018-11-05 13:22:09 UTC 
Kim,

Are those log entries truncated? `journalctl --no-pager` will provide output that's not truncated.

Ben,

How should that config be rendered? Is it the single quotes that's messing things up?
Comment 2 Ben Parees 2018-11-05 15:50:47 UTC 
AllowedRegistries is an array of RegistryLocation objects:

type RegistryLocation struct {
	// DomainName specifies a domain name for the registry
	// In case the registry use non-standard (80 or 443) port, the port should be included
	// in the domain name as well.
	DomainName string
	// Insecure indicates whether the registry is secure (https) or insecure (http)
	// By default (if not specified) the registry is assumed as secure.
	Insecure bool
}


so i'd expect it to render as:

imagePolicyConfig:
  allowedRegistriesForImport:
  - domainName: "artifactory.hiddenname.no"
  - domainName: "docker-registry-default.hiddenname.no"


etc.  (you can leave out the insecure field, it defaults to false).
Comment 3 Kim Borup 2018-11-07 09:11:28 UTC 
I just get the logs from master-logs api api and master-logs controllers controllers, other than that we just have logs from the docker current and it does not show more than that.
Comment 4 Ben Parees 2018-11-07 14:55:10 UTC 
Kim, I mean it's likely that the installer is not generating the value correctly.  

In the meantime you can probably manually edit the master-config.yaml to align with the example I provided.
Comment 5 Michael Gugino 2018-11-29 20:42:04 UTC 
Please provide playbook -vvv output, inventory, and contents of master's config.

Seems openshift_master_image_policy_allowed_registries_for_import is being treated a string instead of a dictionary; openshift_facts wants a dictionary and sanity_checks seems to want json.
Comment 6 Kim Borup 2018-12-21 08:49:59 UTC 
@Michael I cant provide that anymore as i ended up doing it another way, i guess i can make a reproducer but i dont have time atm to do it.
Comment 7 Klaas Demter 2019-01-25 14:02:12 UTC 
I hit the same issue, I'd guess the example in https://github.com/openshift/openshift-ansible/blob/master/inventory/hosts.example#L105 is just wrong and it needs to be something along the lines of:
openshift_master_image_policy_allowed_registries_for_import=[domainName: artifactory.hiddenname.no, domainName: ..., ...] I'll create a case about this
Comment 8 Brenton Leanhardt 2019-03-05 16:51:27 UTC 

*** This bug has been marked as a duplicate of bug 1650384 ***
Comment 9 Brenton Leanhardt 2019-03-05 16:54:46 UTC 

*** This bug has been marked as a duplicate of bug 1670473 ***
Note You need to log in before you can comment on or make changes to this bug.