Description of problem: Overcloud deployment fails when containers images are pulled from remote satellite(not from undercloud). The overcloud nodes do not get INSECURE_REGISTRY set in /etc/sysconfig/docker so pulling the docker images fails because: Nov 23 16:00:48 controller-0 dockerd-current: time="2018-11-23T16:00:48.154066648-05:00" level=error msg="Attempting next endpoint for pull after error: Get https://rhos-compute-node-08.lab.eng.rdu2.redhat.com:5000/v1/_ping: x509: certificate signed by unknown authority" Version-Release number of selected component (if applicable): openstack-tripleo-heat-templates-9.0.1-0.20181013060890.el7ost.noarch openstack-tripleo-common-9.4.1-0.20181012010878.el7ost.noarch How reproducible: 100% Steps to Reproduce: openstack overcloud deploy \ --timeout 100 \ --templates /usr/share/openstack-tripleo-heat-templates \ --stack overcloud \ --libvirt-type kvm \ --ntp-server clock.redhat.com \ -e /home/stack/virt/internal.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \ -e /home/stack/virt/network/network-environment.yaml \ -e /home/stack/virt/enable-tls.yaml \ -e /home/stack/virt/inject-trust-anchor.yaml \ -e /home/stack/virt/public_vip.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml \ -e /home/stack/virt/hostnames.yml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml \ -e /home/stack/virt/debug.yaml \ -e /home/stack/virt/nodes_data.yaml \ --environment-file /usr/share/openstack-tripleo-heat-templates/environments/rhsm.yaml \ -e ~/containers-prepare-parameter.yaml \ -e /home/stack/virt/overcloud_satellite.yaml \ --log-file overcloud_deployment_76.log Actual results: Deployment fails because overcloud nodes are unable to pull images Expected results: Deployment succeeds. Additional info:
Created attachment 1508319 [details] /var/lib/mistral/overcloud Attaching /var/lib/mistral/overcloud
Assigning to docs for triage, we need to document when it is required to set a value for DockerInsecureRegistryAddress
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:0045