I'm creating this as a new topic, although it has partly been discussed earlier.
Now I have a better understanding of the problem so its best discussed as a new topic.
The issue is that the certificate that is generated by the ansible installer for the docker repository is not correct, so any builder process that tries to push to the repo fails with an error like this:
error: build error: Failed to push image: Get https://docker-registry.Looking at the /etc/origin/master/registry.
default.svc:5000/v1/_ping: x509: certificate is valid for docker-registry-default.os. informaticsmatters.com, 172.30.148.243, not docker-registry.default.svc crt certificate that is generated on the master node its contents confirm this. The key part is this:
X509v3 Subject Alternative Name:Indeed, docker-registry.default.svc is not included in the names.
os.informaticsmatters.com, DNS:172.30.148.243, IP Address:172.30.148.243
The os.informaticsmatters.com related hostname comes from the value of the openshift_master_cluster_
public_hostname and/or the
subdomain variables in the inventory file. Is this present to allow the registry to be exposed externally?
But I'm baffled as to why this is happening. Looking at the code it looks like this is the key player:
openshift-ansible/blob/ 9d4a0c00b0c554a8b7bd7242438806 ce901831bc/playbooks/common/ openshift-cluster/redeploy- certificates/registry.yml#L70
And if that is the case then it looks like docker-registry.default.svc should be added.
Is this a bug? If so presumably it should be affecting everyone?
This is using OpenShift Origin 3.6, installing using the ansible installer from the master branch.
users mailing list
users lists openshift redhat