osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tripleo][undercloud] use local container images in insecure repo


Hi, in which place I should add DockerInsecureRegistryAddress ?
In which Level? I have added in 2 levels
parameter_defaults:
 ContainerImagePrepare:
 - DockerInsecureRegistryAddress: harbor.vgtu.lt
   set:
     ceph_alertmanager_image: alertmanager
     ceph_alertmanager_namespace: harbor.vgtu.lt/prom
     ceph_alertmanager_tag: v0.16.2
     ceph_grafana_image: grafana
     ceph_grafana_namespace: harbor.vgtu.lt/grafana
     ceph_grafana_tag: 5.4.3
     ceph_image: daemon
     ceph_namespace: harbor.vgtu.lt/ceph
     ceph_node_exporter_image: node-exporter
     ceph_node_exporter_namespace: harbor.vgtu.lt/prom
     ceph_node_exporter_tag: v0.17.0
     ceph_prometheus_image: prometheus
     ceph_prometheus_namespace: harbor.vgtu.lt/prom
     ceph_prometheus_tag: v2.7.2
     ceph_tag: v4.0.12-stable-4.0-nautilus-centos-7-x86_64
     default_tag: true
     name_prefix: centos-binary-
     name_suffix: ''
     namespace: harbor.vgtu.lt/testukas
     insecure: true
     DockerInsecureRegistryAddress: harbor.vgtu.lt
     neutron_driver: ovn
     rhel_containers: false
     tag: current-tripleo
   tag_from_label: rdo_version

And I have launched tcpdump with filter: host harbor.vgtu.lt and port 80
and I do not receive any.
Also it is in undercloud.conf insecure list (first and last one, twice :)
and it is in registries.conf in /etc/containers



On Tue, 6 Oct 2020 at 16:09, Alex Schultz <aschultz at redhat.com> wrote:

> On Tue, Oct 6, 2020 at 1:15 AM Ruslanas Gžibovskis <ruslanas at lpic.lt>
> wrote:
> >
> > Hi all,
> >
> > I have been trying to use containers from local container image repo
> which is insecure, but it is always trying to use TLS version, and I do not
> have https there. even if I would have, I would not have CERT signed, so
> still it is insecure. It is always trying to access over WWW:443.
> >
> > my registries.conf [1] and I am able to fetch image from the registry
> [1] and my container image prepare file contains updated repos, I have even
> added insecure: true
> >
> > any tips? I am following [2] and [3]
> >
>
> Use DockerInsecureRegistryAddress to configure the list of insecure
> registries. You can include this in the container image prepare file.
> If you are using push_destination: true, be sure to add the undercloud
> in there by default. We have logic to magically add this if
> DockerInsecureRegistryAddress is not configured and push_destination:
> true is set. It'll configure the local ip and an undercloud ctlplane
> host name as well.
>
> Unfortunately docker/podman always attempt https first and fallback to
> http if not available (this can get weird). If the host is not in the
> insecure list, it won't fall back to http.
>
> > [1] http://paste.openstack.org/show/cYQM2k77bIh14Zzr5Kjn/
> > [2]
> https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/deployment/container_image_prepare.html
> > [3]
> https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/transitioning_to_containerized_services/installing-an-undercloud-with-containers
> >
> >
> >
> > --
> > Ruslanas Gžibovskis
> > +370 6030 7030
>
>

-- 
Ruslanas Gžibovskis
+370 6030 7030
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20201006/fbb100dc/attachment.html>