{"id":3307,"date":"2015-05-14T17:38:47","date_gmt":"2015-05-14T23:38:47","guid":{"rendered":"http:\/\/benincosa.com\/?p=3307"},"modified":"2015-05-14T17:38:47","modified_gmt":"2015-05-14T23:38:47","slug":"coreos-ansible-openstack-and-a-private-registry","status":"publish","type":"post","link":"https:\/\/benincosa.com\/?p=3307","title":{"rendered":"CoreOS, Ansible, OpenStack, and a Private Registry"},"content":{"rendered":"<p>This took me longer than I want to admit to figure out, so I thought I&#8217;d post this solution here. \u00a0I&#8217;m doing this on Cisco&#8217;s OpenStack Private Cloud (COPC) (formerly known as Metacloud).<\/p>\n<p>Problem: \u00a0Want to deploy a CoreOS instance that can access docker images from a private registry. \u00a0I want to do this with Ansible.<\/p>\n<p>Why its hard: \u00a0Not a lot of good documentation on this put in one place. \u00a0I\u00a0kept getting this error:<\/p>\n<pre class=\"lang:sh decode:true \">FATA[0004] Error: v1 ping attempt failed with error: Get https:\/\/10.2.3.7:5000\/v1\/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 10.2.3.7:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at \/etc\/docker\/certs.d\/10.2.3.7:5000\/ca.crt \r\n<\/pre>\n<p>Really started to aggravate me.<\/p>\n<h3>Ansible Playbook<\/h3>\n<p>Here&#8217;s the playbook in its final glory:<\/p>\n<pre class=\"lang:yaml decode:true \">- name: Ensure Test image is up. \r\n  connection: local\r\n  hosts: local\r\n  vars_files:\r\n   - vars\/metacloud_vars.yml\r\n\r\n  tasks: \r\n  - name: Ensure Test Image is up. \r\n    nova_compute:\r\n      state: present\r\n      auth_url: \"{{ lookup('env', 'OS_AUTH_URL') }}\"\r\n      login_username: \"{{ lookup('env', 'OS_USERNAME') }}\"\r\n      login_password: \"{{ lookup('env', 'OS_PASSWORD') }}\"\r\n      login_tenant_name: \"{{ lookup('env', 'OS_TENANT_NAME') }}\"\r\n      name: coreostest\r\n      image_name: \"{{ coreos_image_name }}\"\r\n      key_name: \"{{ keypair }}\"\r\n      flavor_id: \"{{ m1large }}\"\r\n      meta: \r\n        group: web-servers\r\n      security_groups: \"{{ security_group }}\"\r\n      user_data:  \"{{ lookup('file', 'files\/coreos-cloud-config.yaml') }}\"<\/pre>\n<p>The coreos-cloud-config.yaml file looks like this:<\/p>\n<pre class=\"lang:sh decode:true\">#cloud-config\r\n\r\ncoreos:\r\n  units:\r\n    - name: docker.service\r\n      drop-ins: \r\n        - name: 50-insecure-registry.conf\r\n          content: |\r\n            [Service]\r\n            Environment='DOCKER_OPTS=--insecure-registry=ci:5000 '<\/pre>\n<p>There were a few things to note:<\/p>\n<ol>\n<li>If I used the config_drive: yes like it said on some documentation somewhere with this then I had some problems.<\/li>\n<li>I was using a different configuration for the cloud-config that had me do files instead. \u00a0Not sure why I did this, but figured it out by using the other flag. \u00a0As you can see <a href=\"https:\/\/github.com\/coreos\/coreos-cloudinit\/issues\/342\">I even opened up a problem on CoreOS github repo<\/a>. \u00a0 I think this is what you need to do in order to solve your own problems. \u00a0And the reason we all need a rubber duck.<\/li>\n<li>The CoreOS documentation shows a IP address range, but I just put in the actual registry for this and it works great.<\/li>\n<\/ol>\n<p>Hoping that helps someone else not struggle like I did for hours&#8230;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This took me longer than I want to admit to figure out, so I thought I&#8217;d post this solution here. \u00a0I&#8217;m doing this on Cisco&#8217;s OpenStack Private Cloud (COPC) (formerly known as Metacloud). Problem: \u00a0Want to deploy a CoreOS instance that can access docker images from a private registry. \u00a0I want to do this with&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1013],"tags":[530,733,731,1011,735,176,740,739],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/3307"}],"collection":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3307"}],"version-history":[{"count":1,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/3307\/revisions"}],"predecessor-version":[{"id":3308,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/3307\/revisions\/3308"}],"wp:attachment":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}