Container image uploader should not use http for "no verify" registries
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Medium
|
Alex Schultz |
Bug Description
A deployment using a downstream registry that happens to have an invalid SSL certificate is failing because the container image uploader switches from HTTPS to HTTP. The registry in question (docker-
Starting new HTTPS connection (1): docker-
Starting new HTTPS connection (2): docker-
https:/
https:/
imagename: docker-
...
Starting new HTTP connection (1): docker-
http://
http://
...
Image prepare failed: 503 Server Error: Service Unavailable for url: http://
Traceback (most recent call last):
File "/usr/bin/
env, roles_data, cleanup=
File "/usr/lib/
uploader.
File "/usr/lib/
uploader.
File "/usr/lib/
local_
File "/usr/lib/
return uploader.
File "/usr/lib/
password=
File "/usr/lib/
return self.call(f, *args, **kw)
File "/usr/lib/
do = self.iter(
File "/usr/lib/
raise retry_exc.reraise()
File "/usr/lib/
raise self.last_
File "/usr/lib64/
return self.__get_result()
File "/usr/lib64/
raise self._exception
File "/usr/lib/
result = fn(*args, **kwargs)
File "/usr/lib/
r.raise_
File "/usr/lib/
raise HTTPError(
requests.
Registries with an invalid SSL certificate may be insecure, but still need to be accessed using HTTPS.
Changed in tripleo: | |
assignee: | Alan Bishop (alan-bishop) → Alex Schultz (alex-schultz) |
Fix proposed to branch: master /review. opendev. org/701411
Review: https:/