It's a top level var and expects a list. So under parameter_defaults.
paramter_defaults:
DockerInsecureRegistryAddress:
- harbor.vgtu.lt
ContainerImagePrepare:
- set:
....
On Tue, Oct 6, 2020 at 8:20 AM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:
>
> Hi, in which place I should add DockerInsecureRegistryAddress ?
> In which Level? I have added in 2 levels
> parameter_defaults:
> ContainerImagePrepare:
> - DockerInsecureRegistryAddress: harbor.vgtu.lt
> set:
> ceph_alertmanager_image: alertmanager
> ceph_alertmanager_namespace: harbor.vgtu.lt/prom
> ceph_alertmanager_tag: v0.16.2
> ceph_grafana_image: grafana
> ceph_grafana_namespace: harbor.vgtu.lt/grafana
> ceph_grafana_tag: 5.4.3
> ceph_image: daemon
> ceph_namespace: harbor.vgtu.lt/ceph
> ceph_node_exporter_image: node-exporter
> ceph_node_exporter_namespace: harbor.vgtu.lt/prom
> ceph_node_exporter_tag: v0.17.0
> ceph_prometheus_image: prometheus
> ceph_prometheus_namespace: harbor.vgtu.lt/prom
> ceph_prometheus_tag: v2.7.2
> ceph_tag: v4.0.12-stable-4.0-nautilus-centos-7-x86_64
> default_tag: true
> name_prefix: centos-binary-
> name_suffix: ''
> namespace: harbor.vgtu.lt/testukas
> insecure: true
> DockerInsecureRegistryAddress: harbor.vgtu.lt
> neutron_driver: ovn
> rhel_containers: false
> tag: current-tripleo
> tag_from_label: rdo_version
>
> And I have launched tcpdump with filter: host harbor.vgtu.lt and port 80 and I do not receive any.
> Also it is in undercloud.conf insecure list (first and last one, twice :) and it is in registries.conf in /etc/containers
>
>
>
> On Tue, 6 Oct 2020 at 16:09, Alex Schultz <aschultz@redhat.com> wrote:
>>
>> On Tue, Oct 6, 2020 at 1:15 AM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:
>> >
>> > Hi all,
>> >
>> > I have been trying to use containers from local container image repo which is insecure, but it is always trying to use TLS version, and I do not have https there. even if I would have, I would not have CERT signed, so still it is insecure. It is always trying to access over WWW:443.
>> >
>> > my registries.conf [1] and I am able to fetch image from the registry [1] and my container image prepare file contains updated repos, I have even added insecure: true
>> >
>> > any tips? I am following [2] and [3]
>> >
>>
>> Use DockerInsecureRegistryAddress to configure the list of insecure
>> registries. You can include this in the container image prepare file.
>> If you are using push_destination: true, be sure to add the undercloud
>> in there by default. We have logic to magically add this if
>> DockerInsecureRegistryAddress is not configured and push_destination:
>> true is set. It'll configure the local ip and an undercloud ctlplane
>> host name as well.
>>
>> Unfortunately docker/podman always attempt https first and fallback to
>> http if not available (this can get weird). If the host is not in the
>> insecure list, it won't fall back to http.
>>
>> > [1] http://paste.openstack.org/show/cYQM2k77bIh14Zzr5Kjn/
>> > [2] https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/deployment/container_image_prepare.html
>> > [3] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/transitioning_to_containerized_services/installing-an-undercloud-with-containers
>> >
>> >
>> >
>> > --
>> > Ruslanas Gžibovskis
>> > +370 6030 7030
>>
>
>
> --
> Ruslanas Gžibovskis
> +370 6030 7030