Thanks. That PR seems to fix it.
Tim
On 25/08/2017 14:55, Scott Dodson wrote:
I think we broke this recently, can you try this PR?
https://github.com/openshift/openshift-ansible/pull/5178
On Fri, Aug 25, 2017 at 9:20 AM, Tim Dudgeon <[email protected]
<mailto:[email protected]>> wrote:
I'm creating this as a new topic, although it has partly been
discussed earlier.
Now I have a better understanding of the problem so its best
discussed as a new topic.
The issue is that the certificate that is generated by the ansible
installer for the docker repository is not correct, so any builder
process that tries to push to the repo fails with an error like this:
error: build error: Failed to push image: Get
https://docker-registry.default.svc:5000/v1/_ping
<https://www.google.com/url?q=https%3A%2F%2Fdocker-registry.default.svc%3A5000%2Fv1%2F_ping&sa=D&sntz=1&usg=AFQjCNGK97vHN3_7l5y3l197LvJvBlFWGw>:
x509: certificate is valid for
docker-registry-default.os.informaticsmatters.com
<http://docker-registry-default.os.informaticsmatters.com>,
172.30.148.243, not docker-registry.default.svc
Looking at the /etc/origin/master/registry.crt certificate that is
generated on the master node its contents confirm this. The key
part is this:
X509v3 Subject Alternative Name:
DNS:docker-registry-default.os.informaticsmatters.com
<http://docker-registry-default.os.informaticsmatters.com>,
DNS:172.30.148.243, IP Address:172.30.148.243
Indeed, docker-registry.default.svc is not included in the names.
The os.informaticsmatters.com <http://os.informaticsmatters.com>
related hostname comes from the value of the
openshift_master_cluster_public_hostname and/or the
openshift_master_default_subdomain variables in the inventory
file. Is this present to allow the registry to be exposed externally?
But I'm baffled as to why this is happening. Looking at the code
it looks like this is the key player:
https://github.com/openshift/openshift-ansible/blob/9d4a0c00b0c554a8b7bd7242438806ce901831bc/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml#L70
<https://github.com/openshift/openshift-ansible/blob/9d4a0c00b0c554a8b7bd7242438806ce901831bc/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml#L70>
And if that is the case then it looks like
docker-registry.default.svc should be added.
Is this a bug? If so presumably it should be affecting everyone?
This is using OpenShift Origin 3.6, installing using the ansible
installer from the master branch.
Thanks
Tim
_______________________________________________
users mailing list
[email protected]
<mailto:[email protected]>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
<http://lists.openshift.redhat.com/openshiftmm/listinfo/users>
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
