Bootstrap fails when insecure registries are configured
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Lin Shuicheng |
Bug Description
Brief Description
-----------------
Kata containers (containerd) related change breaks bootstrap if insecure registries are configured.
Severity
--------
Critical
Steps to Reproduce
------------------
In localhost.yml, configure the docker_registries as follows:
docker_registries:
quay.io:
url: quay.io
docker.
url: docker.elastic.co
gcr.io:
url: gcr.io
k8s.gcr.io:
url: k8s.gcr.io
docker.io:
url: docker.io
defaults:
type: docker
secure: false
Then run bootstrap playbook to bootstrap the controller-0.
Expected Behavior
------------------
Bootstrap completes successfully and the host is ready for provisioning.
Actual Behavior
----------------
Bootstrap fails during the execution of push-docker-images tasks
2020-02-13 16:08:36,706 p=14546 u=sysadmin | TASK [common/
2020-02-13 16:08:36,739 p=14546 u=sysadmin | ok: [localhost] => (item={
2020-02-13 16:08:36,751 p=14546 u=sysadmin | ok: [localhost] => (item={
2020-02-13 16:08:36,764 p=14546 u=sysadmin | ok: [localhost] => (item={
2020-02-13 16:08:36,776 p=14546 u=sysadmin | ok: [localhost] => (item={
2020-02-13 16:08:36,789 p=14546 u=sysadmin | ok: [localhost] => (item={
2020-02-13 16:08:36,794 p=14546 u=sysadmin | TASK [common/
2020-02-13 16:08:36,862 p=14546 u=sysadmin | TASK [common/
2020-02-13 16:08:37,424 p=14546 u=sysadmin | changed: [localhost]
2020-02-13 16:08:37,428 p=14546 u=sysadmin | TASK [common/
2020-02-13 16:08:37,452 p=14546 u=sysadmin | ok: [localhost]
2020-02-13 16:08:37,456 p=14546 u=sysadmin | TASK [common/
2020-02-13 16:08:37,787 p=14546 u=sysadmin | fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error connecting: Error while fetching server API version: ('Connecti on aborted.', error(104, 'Connection reset by peer'))"}
2020-02-13 16:08:37,788 p=14546 u=sysadmin | PLAY RECAP *******
2020-02-13 16:08:37,788 p=14546 u=sysadmin | localhost : ok=218 changed=105 unreachable=0 failed=1
Relevant logs in daemon.log showed that containerd failed to start
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
2020-02-
This is because a duplicate plugin mirror entry was written to the containerd's config file which caused containerd to fail.
Reproducibility
---------------
<Reproducible/
100% reproducible
System Configuration
-------
All configurations
Branch/Pull Time/Commit
-------
Feb 7th 2020 master build
Last Pass
---------
Jan 21st 2020 build
Timestamp/Logs
--------------
See above
stx.4.0 / high priority - issue introduced by kata container feature.