commit d6cff0496dcf52655eba340e1e57b1d973040edf
Author: Shuicheng Lin <email address hidden>
Date: Thu Mar 12 14:34:09 2020 +0800
Refresh local registry auth info each time when access local registry
Local registry uses admin account password as authentication info.
And this password may be changed by openstack client at any time.
When try to download images from local registry, auth info cannot
be cached, otherwise it may lead to authentication failure in keystone,
and account be locked at the end.
For this specific case, there is host-swact first, then function
"_upgrade_downgrade_kube_networking" in sysinv conductor is called.
And upgrade-k8s-networking.yml is executed which will try to download
kube network images from local registry. During this period, admin
account password is changed. And lead to account be locked due to
authentication failure in keystone.
With this update, there is still possibility that password be changed
just after get operation. And due to the images download are run in
parallel with multi threads, so account lock may still hit. This
change could minimize the issue rate, but cannot fix all.
Closes-Bug: 1853017
Change-Id: I686616937031a3f7ac6d65e5b118511dc549ab85
Signed-off-by: Shuicheng Lin <email address hidden>
Reviewed: https:/ /review. opendev. org/712823 /git.openstack. org/cgit/ starlingx/ ansible- playbooks/ commit/ ?id=d6cff0496dc f52655eba340e1e 57b1d973040edf
Committed: https:/
Submitter: Zuul
Branch: master
commit d6cff0496dcf526 55eba340e1e57b1 d973040edf
Author: Shuicheng Lin <email address hidden>
Date: Thu Mar 12 14:34:09 2020 +0800
Refresh local registry auth info each time when access local registry
Local registry uses admin account password as authentication info. downgrade_ kube_networking " in sysinv conductor is called. k8s-networking. yml is executed which will try to download
And this password may be changed by openstack client at any time.
When try to download images from local registry, auth info cannot
be cached, otherwise it may lead to authentication failure in keystone,
and account be locked at the end.
For this specific case, there is host-swact first, then function
"_upgrade_
And upgrade-
kube network images from local registry. During this period, admin
account password is changed. And lead to account be locked due to
authentication failure in keystone.
With this update, there is still possibility that password be changed
just after get operation. And due to the images download are run in
parallel with multi threads, so account lock may still hit. This
change could minimize the issue rate, but cannot fix all.
Closes-Bug: 1853017
Change-Id: I686616937031a3 f7ac6d65e5b1185 11dc549ab85
Signed-off-by: Shuicheng Lin <email address hidden>