StarlingX

Bootstrap parameter is_secure_registry doesn't apply to each override-able public registry

Bug #1850178 reported by Angie Wang on 2019-10-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	Medium	Angie Wang

Bug Description

Brief Description
-----------------
The bootstrap parameter "is_secure_registry" provides the ability to define an insecure private registry. Currently, it's only relevant when "defaults" registry is used. This parameter should really be added for each override-able public registry.

Steps to Reproduce
------------------
Run ansible bootstrap with the following overrides:
docker_registries:
  docker.io:
    url:
  gcr.io:
    url:
  k8s.gcr.io:
    url:
  quay.io:
    url:
  docker.elastic.co:
    url:
is_secure_registry: False

Expected Behavior
------------------
Each override-able public registry can be configured to insecure private registry.

Actual Behavior
----------------
insecure registry can be configured only when "defaults" registry is configured.

Tags:

Angie Wang (angiewang) on 2019-10-28

Changed in starlingx:
assignee:	nobody → Angie Wang (angiewang)

Ghada Khalil (gkhalil) on 2019-10-28

tags:	added: stx.3.0 stx.containers
tags:	removed: stx.3.0

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2019-10-30:

stx.3.0 / medium priority - this affects Backup & Restore

tags:	added: stx.3.0
Changed in starlingx:
importance:	Undecided → Medium
status:	New → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-31: Fix proposed to config (master)

Fix proposed to branch: master
Review: https://review.opendev.org/692434

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-31: Fix proposed to ansible-playbooks (master)

Fix proposed to branch: master
Review: https://review.opendev.org/692435

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-31: Fix proposed to stx-puppet (master)

Fix proposed to branch: master
Review: https://review.opendev.org/692438

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-31: Fix merged to config (master)

Reviewed: https://review.opendev.org/692434
Committed: https://git.openstack.org/cgit/starlingx/config/commit/?id=4fe28ea10fed422d8089c82e087c2177c88ad4d1
Submitter: Zuul
Branch: master

commit 4fe28ea10fed422d8089c82e087c2177c88ad4d1
Author: Angie Wang <email address hidden>
Date: Tue Oct 29 13:51:17 2019 -0400

Refactor the service parameter "insecure"

    The service parameter "insecure" indicates an insecure registry
    that populated during bootstrap. This commit renames the service
    parameter "insecure" to "secure" to align with the ansible
    parameter and moves it under each registry section.

    Change-Id: I9c04fd81406b688d1c69cd42813bf81514cc21b7
    Partial-Bug: 1850178
    Signed-off-by: Angie Wang <email address hidden>

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-31: Fix merged to ansible-playbooks (master)

Reviewed: https://review.opendev.org/692435
Committed: https://git.openstack.org/cgit/starlingx/ansible-playbooks/commit/?id=f8f6feb53a9e25d24a19a5d53e162692cc5fb984
Submitter: Zuul
Branch: master

commit f8f6feb53a9e25d24a19a5d53e162692cc5fb984
Author: Angie Wang <email address hidden>
Date: Tue Oct 29 10:21:17 2019 -0400

Refactor ansible parameter is_secure_registry

    This commit renames the parameter "is_secure_registry" to "secure"
    and updates it to be able to configure for each override-able public
    registry, not just relevant to "defaults" registry. The default value
    is still True.

    Tests conducted:
     - Error checks (invalid type/secure parameters)
     - bootstrap with different combination settings of secure parameter
       with cumulus registry, aws ecr
     - bootstrap with default values with public registry
     - replay

    Change-Id: Ic057a3707ec9517c75fecfdc2929a88bb413be53
    Depends-On: https://review.opendev.org/#/c/692434/
    Partial-Bug: 1850178
    Signed-off-by: Angie Wang <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-31: Fix merged to stx-puppet (master)

Reviewed: https://review.opendev.org/692438
Committed: https://git.openstack.org/cgit/starlingx/stx-puppet/commit/?id=2dbdb9e1e411721bd331b21f0b22e3e6a01f8a6a
Submitter: Zuul
Branch: master

commit 2dbdb9e1e411721bd331b21f0b22e3e6a01f8a6a
Author: Angie Wang <email address hidden>
Date: Tue Oct 29 13:48:38 2019 -0400

Puppet change to configure insecure registries

    In commit https://review.opendev.org/#/c/692435/,
    it refactors the parameter is_secure_registry to provide the
    ability to configure insecure registry for each override-able
    public registry.

This commit updates the puppet to support multiple insecure
registries.

    Change-Id: I81d2ad271fe9ef2ae3ca4ccf2598f5b04e90c4f6
    Depends-On: https://review.opendev.org/#/c/692434/
    Closes-Bug: 1850178
    Signed-off-by: Angie Wang <email address hidden>

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.