[tripleo][undercloud] use local container images in insecure repo

Alex Schultz aschultz at redhat.com
Tue Oct 6 14:21:54 UTC 2020


It's a top level var and expects a list. So under parameter_defaults.

paramter_defaults:
  DockerInsecureRegistryAddress:
   - harbor.vgtu.lt
  ContainerImagePrepare:
   - set:
     ....

On Tue, Oct 6, 2020 at 8:20 AM Ruslanas Gžibovskis <ruslanas at lpic.lt> wrote:
>
> Hi, in which place I should add DockerInsecureRegistryAddress ?
> In which Level? I have added in 2 levels
> parameter_defaults:
>  ContainerImagePrepare:
>  - DockerInsecureRegistryAddress: harbor.vgtu.lt
>    set:
>      ceph_alertmanager_image: alertmanager
>      ceph_alertmanager_namespace: harbor.vgtu.lt/prom
>      ceph_alertmanager_tag: v0.16.2
>      ceph_grafana_image: grafana
>      ceph_grafana_namespace: harbor.vgtu.lt/grafana
>      ceph_grafana_tag: 5.4.3
>      ceph_image: daemon
>      ceph_namespace: harbor.vgtu.lt/ceph
>      ceph_node_exporter_image: node-exporter
>      ceph_node_exporter_namespace: harbor.vgtu.lt/prom
>      ceph_node_exporter_tag: v0.17.0
>      ceph_prometheus_image: prometheus
>      ceph_prometheus_namespace: harbor.vgtu.lt/prom
>      ceph_prometheus_tag: v2.7.2
>      ceph_tag: v4.0.12-stable-4.0-nautilus-centos-7-x86_64
>      default_tag: true
>      name_prefix: centos-binary-
>      name_suffix: ''
>      namespace: harbor.vgtu.lt/testukas
>      insecure: true
>      DockerInsecureRegistryAddress: harbor.vgtu.lt
>      neutron_driver: ovn
>      rhel_containers: false
>      tag: current-tripleo
>    tag_from_label: rdo_version
>
> And I have launched tcpdump with filter: host harbor.vgtu.lt and port 80 and I do not receive any.
> Also it is in undercloud.conf insecure list (first and last one, twice :) and it is in registries.conf in /etc/containers
>
>
>
> On Tue, 6 Oct 2020 at 16:09, Alex Schultz <aschultz at redhat.com> wrote:
>>
>> On Tue, Oct 6, 2020 at 1:15 AM Ruslanas Gžibovskis <ruslanas at lpic.lt> wrote:
>> >
>> > Hi all,
>> >
>> > I have been trying to use containers from local container image repo which is insecure, but it is always trying to use TLS version, and I do not have https there. even if I would have, I would not have CERT signed, so still it is insecure. It is always trying to access over WWW:443.
>> >
>> > my registries.conf [1] and I am able to fetch image from the registry [1] and my container image prepare file contains updated repos, I have even added insecure: true
>> >
>> > any tips? I am following [2] and [3]
>> >
>>
>> Use DockerInsecureRegistryAddress to configure the list of insecure
>> registries. You can include this in the container image prepare file.
>> If you are using push_destination: true, be sure to add the undercloud
>> in there by default. We have logic to magically add this if
>> DockerInsecureRegistryAddress is not configured and push_destination:
>> true is set. It'll configure the local ip and an undercloud ctlplane
>> host name as well.
>>
>> Unfortunately docker/podman always attempt https first and fallback to
>> http if not available (this can get weird). If the host is not in the
>> insecure list, it won't fall back to http.
>>
>> > [1] http://paste.openstack.org/show/cYQM2k77bIh14Zzr5Kjn/
>> > [2] https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/deployment/container_image_prepare.html
>> > [3] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/transitioning_to_containerized_services/installing-an-undercloud-with-containers
>> >
>> >
>> >
>> > --
>> > Ruslanas Gžibovskis
>> > +370 6030 7030
>>
>
>
> --
> Ruslanas Gžibovskis
> +370 6030 7030




More information about the openstack-discuss mailing list