A deployment using a downstream registry that happens to have an invalid SSL certificate is failing because the container image uploader switches from HTTPS to HTTP. The registry in question (docker-registry.upshift.redhat.com) doesn't support HTTP. Here are the relevant entries from tripleo-container-image-prepare.log:
Starting new HTTPS connection (1): docker-registry.upshift.redhat.com:443
Starting new HTTPS connection (2): docker-registry.upshift.redhat.com:443
https://docker-registry.upshift.redhat.com:443 "GET /v2 HTTP/1.1" 301 39
https://docker-registry.upshift.redhat.com:443 "GET /v2/ HTTP/1.1" 401 87
imagename: docker-registry.upshift.redhat.com/ceph/rhceph-4.0-rhel8:latest
...
Starting new HTTP connection (1): docker-registry.upshift.redhat.com:80
http://docker-registry.upshift.redhat.com:80 "GET /v2/ HTTP/1.1" 503 None
http://docker-registry.upshift.redhat.com/v2/ status code 503
...
Image prepare failed: 503 Server Error: Service Unavailable for url: http://docker-registry.upshift.redhat.com/v2/
Traceback (most recent call last):
File "/usr/bin/tripleo-container-image-prepare", line 131, in <module>
env, roles_data, cleanup=args.cleanup, dry_run=args.dry_run)
File "/usr/lib/python3.6/site-packages/tripleo_common/image/kolla_builder.py", line 213, in container_images_prepare_multi
uploader.upload()
File "/usr/lib/python3.6/site-packages/tripleo_common/image/image_uploader.py", line 237, in upload
uploader.run_tasks()
File "/usr/lib/python3.6/site-packages/tripleo_common/image/image_uploader.py", line 1818, in run_tasks
local_images.extend(upload_task(args=self.upload_tasks.pop()))
File "/usr/lib/python3.6/site-packages/tripleo_common/image/image_uploader.py", line 1874, in upload_task
return uploader.upload_image(task)
File "/usr/lib/python3.6/site-packages/tripleo_common/image/image_uploader.py", line 1105, in upload_image
password=source_password
File "/usr/lib/python3.6/site-packages/tenacity/__init__.py", line 292, in wrapped_f
return self.call(f, *args, **kw)
File "/usr/lib/python3.6/site-packages/tenacity/__init__.py", line 358, in call
do = self.iter(retry_state=retry_state)
File "/usr/lib/python3.6/site-packages/tenacity/__init__.py", line 331, in iter
raise retry_exc.reraise()
File "/usr/lib/python3.6/site-packages/tenacity/__init__.py", line 167, in reraise
raise self.last_attempt.result()
File "/usr/lib64/python3.6/concurrent/futures/_base.py", line 425, in result
return self.__get_result()
File "/usr/lib64/python3.6/concurrent/futures/_base.py", line 384, in __get_result
raise self._exception
File "/usr/lib/python3.6/site-packages/tenacity/__init__.py", line 361, in call
result = fn(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/tripleo_common/image/image_uploader.py", line 394, in authenticate
r.raise_for_status()
File "/usr/lib/python3.6/site-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 503 Server Error: Service Unavailable for url: http://docker-registry.upshift.redhat.com/v2/
Registries with an invalid SSL certificate may be insecure, but still need to be accessed using HTTPS.
Fix proposed to branch: master
Review: https:/