StarlingX

insecure registries config is ignored

Bug #2016187 reported by Jerry Sun on 2023-04-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	Medium	Jerry Sun

Bug Description

Brief Description
-----------------
Configuring insecure registries through service parameters or bootstrap overrides have no effect.

Severity
--------
Major: System/Feature is usable but degraded

Steps to Reproduce
------------------
configure a system with insecure registries. try to pull image from the insecure registries configured for bootstrap

Expected Behavior
------------------
image pull successful

Actual Behavior
----------------
image pull fails

Reproducibility
---------------
Reproducible

System Configuration
--------------------
2 node system

Branch/Pull Time/Commit
-----------------------
pull 2023-04-13

Tags:

Jerry Sun (jerry-sun-u) on 2023-04-13

Changed in starlingx:
assignee:	nobody → Jerry Sun (jerry-sun-u)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-04-13: Fix proposed to stx-puppet (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/stx-puppet/+/880392

Changed in starlingx:
status:	New → In Progress

Ghada Khalil (gkhalil) on 2023-04-14

Changed in starlingx:
importance:	Undecided → Medium
tags:	added: stx.9.0 stx.config stx.containers

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-04-14: Fix merged to stx-puppet (master)

Reviewed: https://review.opendev.org/c/starlingx/stx-puppet/+/880392
Committed: https://opendev.org/starlingx/stx-puppet/commit/27a980f8f4399e84e36d4c7e40bf067c1350794f
Submitter: "Zuul (22348)"
Branch: master

commit 27a980f8f4399e84e36d4c7e40bf067c1350794f
Author: Jerry Sun <email address hidden>
Date: Thu Apr 13 17:44:02 2023 -0400

Fix puppet ignoring insecure registries

    Puppet upversioning changed the behavior of our puppet code to
    configure insecure registries. The new puppet always comes up with
    an empty list. This commit fixes this issue so insecure registries
    can be configured again.

Testing

    PASS: Bootstrap a system with insecure registries. ensure that
          /etc/docker/demon.json is updated correctly with the insecure
          registries. Ensure /etc/containerd/config.toml is also updated.

    PASS: Test functionality by manually converting registry.local:9001
          to an insecure registry. Ensure pulls fails.
          Add insecure registry entries to the containerd and docker
          config files above and restart services. Ensure pulls
          are successful through both docker and containerd.

    Change-Id: Iac2c47a75c473a85faf8f2b9e10435e6e106a407
    Closes-bug: 2016187
    Signed-off-by: Jerry Sun <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.