Hi, in which place I should add DockerInsecureRegistryAddress ? 
In which Level? I have added in 2 levels
parameter_defaults:
 ContainerImagePrepare:
 - DockerInsecureRegistryAddress: harbor.vgtu.lt
   set:
     ceph_alertmanager_image: alertmanager
     ceph_alertmanager_namespace: harbor.vgtu.lt/prom
     ceph_alertmanager_tag: v0.16.2
     ceph_grafana_image: grafana
     ceph_grafana_namespace: harbor.vgtu.lt/grafana
     ceph_grafana_tag: 5.4.3
     ceph_image: daemon
     ceph_namespace: harbor.vgtu.lt/ceph
     ceph_node_exporter_image: node-exporter
     ceph_node_exporter_namespace: harbor.vgtu.lt/prom
     ceph_node_exporter_tag: v0.17.0
     ceph_prometheus_image: prometheus
     ceph_prometheus_namespace: harbor.vgtu.lt/prom
     ceph_prometheus_tag: v2.7.2
     ceph_tag: v4.0.12-stable-4.0-nautilus-centos-7-x86_64
     default_tag: true
     name_prefix: centos-binary-
     name_suffix: ''
     namespace: harbor.vgtu.lt/testukas
     insecure: true
     DockerInsecureRegistryAddress: harbor.vgtu.lt
     neutron_driver: ovn
     rhel_containers: false
     tag: current-tripleo
   tag_from_label: rdo_version

And I have launched tcpdump with filter: host harbor.vgtu.lt and port 80 and I do not receive any.
Also it is in undercloud.conf insecure list (first and last one, twice :) and it is in registries.conf in /etc/containers



On Tue, 6 Oct 2020 at 16:09, Alex Schultz <aschultz@redhat.com> wrote:
On Tue, Oct 6, 2020 at 1:15 AM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:
>
> Hi all,
>
> I have been trying to use containers from local container image repo which is insecure, but it is always trying to use TLS version, and I do not have https there. even if I would have, I would not have CERT signed, so still it is insecure. It is always trying to access over WWW:443.
>
> my registries.conf [1] and I am able to fetch image from the registry [1] and my container image prepare file contains updated repos, I have even added insecure: true
>
> any tips? I am following [2] and [3]
>

Use DockerInsecureRegistryAddress to configure the list of insecure
registries. You can include this in the container image prepare file.
If you are using push_destination: true, be sure to add the undercloud
in there by default. We have logic to magically add this if
DockerInsecureRegistryAddress is not configured and push_destination:
true is set. It'll configure the local ip and an undercloud ctlplane
host name as well.

Unfortunately docker/podman always attempt https first and fallback to
http if not available (this can get weird). If the host is not in the
insecure list, it won't fall back to http.

> [1] http://paste.openstack.org/show/cYQM2k77bIh14Zzr5Kjn/
> [2] https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/deployment/container_image_prepare.html
> [3] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/transitioning_to_containerized_services/installing-an-undercloud-with-containers
>
>
>
> --
> Ruslanas Gžibovskis
> +370 6030 7030



--
Ruslanas Gžibovskis
+370 6030 7030