--insecure-registry in /etc/sysconfig/docker removed by undercloud upgrade

Bug #1736803 reported by Ian Pilcher on 2017-12-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Critical
Dan Prince

Bug Description

When pulling container images from an internal registry (such as docker-registry.engineering.redhat.com), one is often required to edit /etc/sysconfig/docker and add the internal registry to the INSECURE_REGISTRY line.

This additional entry is removed when "openstack undercloud upgrade" runs.

To reproduce:

1. Edit /etc/sysconfig/docker and add an additional insecure registry.
2. Run 'openstack undercloud upgrade'
3. Check /etc/sysconfig/docker; note that additional insecure registry is no longer there.

This will cause future image pulls, tag checks, etc. to fail until the registry is re-added to INSECURE_REGISTRY in /etc/sysconfig/docker.

Ian Pilcher (arequipeno) on 2017-12-06
tags: added: containers
tags: added: tripleoclient
Changed in tripleo:
status: New → Triaged
importance: Undecided → Critical
milestone: none → queens-3
tags: added: upgrade
Dan Prince (dan-prince) wrote :

As part of the new containers based undercloud I've just proposed added an option called 'docker_insecure_registries'. This would be appended to the list of default Undercloud insecure settings for the local registry and would allow you to pull containers from any set of registries you'd like and would survive an upgrade.

https://review.openstack.org/#/c/526147/3/tripleoclient/v1/undercloud_config.py

Again, this is not yet backported to instack-undercloud although we could look at doing something there as well.

Changed in tripleo:
assignee: nobody → Dan Prince (dan-prince)
status: Triaged → In Progress
Changed in tripleo:
milestone: queens-3 → queens-rc1
Changed in tripleo:
milestone: queens-rc1 → rocky-1
Changed in tripleo:
milestone: rocky-1 → rocky-2
Alex Schultz (alex-schultz) wrote :

This was fixed as part of Bug 1767373

Changed in tripleo:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers