Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1684278 - Run tripleo-container-image-prepare logged to /var/log/tripleo-container-image-prepare.log task fails when using insecure registry
Summary: Run tripleo-container-image-prepare logged to /var/log/tripleo-container-imag...
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-common
Version: 15.0 (Stein)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: ---
Assignee: Cédric Jeanneret
QA Contact: Sasha Smolyak
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-28 21:28 UTC by Marius Cornea
Modified: 2019-04-11 15:35 UTC (History)
7 users (show)

Fixed In Version: openstack-tripleo-common-10.4.1-0.20190313060345.1377727.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Gerrithub.io 447338 None None None 2019-03-08 06:36:40 UTC
OpenStack gerrit 639037 None master: MERGED tripleo-common: Allow PythonImageUploader to accept unknown CA (I00b2e59d3da5374f20dc2eac9bb13e2482ed524b) 2019-03-05 10:51:00 UTC
OpenStack gerrit 639405 None master: MERGED tripleo-heat-templates: container-image-prepare: redirect all output to logfile (I66e846bda2bef0d27a2a26a4083249c583982e... 2019-03-05 10:50:54 UTC
OpenStack gerrit 640941 None None None 2019-03-05 13:18:31 UTC

Description Marius Cornea 2019-02-28 21:28:44 UTC
Description of problem:
Run tripleo-container-image-prepare logged to /var/log/tripleo-container-image-prepare.log task fails when using insecure registry without providing a comprehensible reason of the error:

Starting new HTTPS connection (1): 192.168.24.1:8787
Using config files: ['/tmp/tmphg533y4n']
container_images JSON: [{'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-cron:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-glance-api:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-haproxy:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-heat-api-cfn:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-heat-api:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-heat-engine:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-ironic-api:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-ironic-conductor:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-ironic-inspector:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-ironic-pxe:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-ironic-neutron-agent:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-iscsid:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-keepalived:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-keystone:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-mariadb:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-memcached:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-mistral-api:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-mistral-engine:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-mistral-executor:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-mistral-event-engine:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-neutron-dhcp-agent:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-neutron-l3-agent:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-neutron-openvswitch-agent:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-neutron-server:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-nova-api:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-nova-compute-ironic:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-nova-conductor:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-nova-placement-api:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-nova-scheduler:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-qdrouterd:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-rabbitmq:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-swift-account:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-swift-container:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-swift-object:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-swift-proxy-server:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-tripleo-ui:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-zaqar-wsgi:20190226.1', 'push_destination': '192.168.24.1:8787'}, {'image_source': 'kolla', 'imagename': 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-tempest:20190226.1', 'push_destination': '192.168.24.1:8787'}]
Starting new HTTPS connection (1): brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888
imagename: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhosp15/openstack-tempest:20190226.1
Starting new HTTP connection (1): 192.168.24.1:8787
http://192.168.24.1:8787 "GET /v2/ HTTP/1.1" 200 2
http://192.168.24.1:8787/v2/ status code 200
http://192.168.24.1:8787 "POST /v2/rhosp15/openstack-tempest/blobs/uploads/ HTTP/1.1" 404 241
Starting new HTTP connection (1): brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888
http://brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 "GET /v2/ HTTP/1.1" 200 2
http://brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/v2/ status code 200
http://brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 "GET /v2/rhosp15/openstack-tempest/manifests/20190226.1 HTTP/1.1" 302 581
Starting new HTTPS connection (1): brew-pulp-docker01.web.prod.ext.phx2.redhat.com:443
http://brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 "GET /v2/rhosp15/openstack-tempest/manifests/20190226.1 HTTP/1.1" 302 581
Starting new HTTPS connection (2): brew-pulp-docker01.web.prod.ext.phx2.redhat.com:443
http://brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 "GET /v2/rhosp15/openstack-tempest/manifests/20190226.1 HTTP/1.1" 302 581
Starting new HTTPS connection (3): brew-pulp-docker01.web.prod.ext.phx2.redhat.com:443
http://brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 "GET /v2/rhosp15/openstack-tempest/manifests/20190226.1 HTTP/1.1" 302 581
Starting new HTTPS connection (4): brew-pulp-docker01.web.prod.ext.phx2.redhat.com:443
Resetting dropped connection: brew-pulp-docker01.web.prod.ext.phx2.redhat.com
http://brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 "GET /v2/rhosp15/openstack-tempest/manifests/20190226.1 HTTP/1.1" 302 581
Starting new HTTPS connection (5): brew-pulp-docker01.web.prod.ext.phx2.redhat.com:443

Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-10.3.1-0.20190227020336.7adc623.el8ost.noarch
python3-tripleo-common-10.4.1-0.20190227000340.1d415e6.el8ost.noarch
openstack-tripleo-common-10.4.1-0.20190227000340.1d415e6.el8ost.noarch
openstack-tripleo-common-containers-10.4.1-0.20190227000340.1d415e6.el8ost.noarc

Comment 1 Cédric Jeanneret 2019-03-04 14:51:17 UTC
Hey,

So for the TLS issue, the mentioned patch will be enough, since a downstream patch will add the internal registry in the NO_VERIFY_REGISTRIES set. So it's "work in progress", patch is in upstream gate right now.

Comment 2 Cédric Jeanneret 2019-03-05 11:36:07 UTC
Linked internal gerrit for the addition of the internal registry.

Comment 3 Cédric Jeanneret 2019-03-05 13:18:31 UTC
So apparently there were some more work to do in the image_uploader.py ... the scoping is this file is terrible :(.

Comment 4 Cédric Jeanneret 2019-03-07 11:20:43 UTC
Hello Marius,

Small update on this:
- this patch is needed as it addresses the last issues: https://review.openstack.org/640941
- as discussed, the particular case of the internal registry needs a particular solution - in this case, infrared should install the IT CA on the undercloud in order to avoid this issue. Care to point me where to push a patch for that?

Cheers,

C.

Comment 5 Cédric Jeanneret 2019-03-08 06:36:41 UTC
Hello Marius,

All is merged - do we have anything to do for downstream?

Cheers,

C.


Note You need to log in before you can comment on or make changes to this bug.