tripleo

image_uploader: a registry is seen as secure if URL returns 404

Bug #1805184 reported by Emilien Macchi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Emilien Macchi
tripleo stein-2

Bug Description

There is a bug in the code where if the URL of the registry is returning 404 (e.g. a satellite URL which provides the image), we don't test SSL at all and the registry is considered as secured. Which is wrong.

We need to test SSL on an URL that returns something so DockerInsecureRegistryAddress gets properly populated.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (master)

Fix proposed to branch: master
Review: https://review.openstack.org/620117

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/620168

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/620172

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-common (master)

Change abandoned by Alex Schultz (<email address hidden>) on branch: master
Review: https://review.openstack.org/620168
Reason: Clearing the gate. Do not retore this until being given the all clear. See http://lists.openstack.org/pipermail/openstack-discuss/2018-November/000368.html

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (stable/rocky)

Reviewed: https://review.openstack.org/620172
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=58ff892e7830802de24911c1a2000b0d15770ff1
Submitter: Zuul
Branch: stable/rocky

commit 58ff892e7830802de24911c1a2000b0d15770ff1
Author: Emilien Macchi <email address hidden>
Date: Mon Nov 26 17:00:45 2018 -0500

    image_uploader: use /v2 suffix to validate SSL

    When testing if the registry is secure or not, let's use the actual
    registry URL which containers /v2 so we don't hit 404 when Satellite is
    used and provides another web server configuration.

    Change-Id: I356d00b2c730903c9276b19a676cdd524121945b
    Closes-Bug: #1805184
    (cherry picked from commit 3a0cc642b5e5e4ecf42f673a5dbb7f5fa1c9053d)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (master)

Reviewed: https://review.openstack.org/620168
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=3a0cc642b5e5e4ecf42f673a5dbb7f5fa1c9053d
Submitter: Zuul
Branch: master

commit 3a0cc642b5e5e4ecf42f673a5dbb7f5fa1c9053d
Author: Emilien Macchi <email address hidden>
Date: Mon Nov 26 17:00:45 2018 -0500

    image_uploader: use /v2 suffix to validate SSL

    When testing if the registry is secure or not, let's use the actual
    registry URL which containers /v2 so we don't hit 404 when Satellite is
    used and provides another web server configuration.

    Change-Id: I356d00b2c730903c9276b19a676cdd524121945b
    Closes-Bug: #1805184

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 10.2.0

This issue was fixed in the openstack/tripleo-common 10.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-common (master)

Change abandoned by Emilien Macchi (<email address hidden>) on branch: master
Review: https://review.openstack.org/620117
Reason: not in our plans for now

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 9.5.0

This issue was fixed in the openstack/tripleo-common 9.5.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.