Ceph » Orchestrator

https://pulpito.ceph.com/swagner-2021-01-06_08:53:53-rados:cephadm-wip-swagner-testing-2021-01-05-1550-distro-basic-smithi/5759671/

Sebastian Wagner wrote:

https://pulpito.ceph.com/swagner-2021-01-06_08:53:53-rados:cephadm-wip-swagner-testing-2021-01-05-1550-distro-basic-smithi/5759671/

This is not the same thing

Hm. I can still the the error:

https://pulpito.ceph.com/swagner-2021-01-07_14:03:38-rados:cephadm-wip-swagner-testing-2021-01-07-1213-distro-basic-smithi/5762634

2021-01-08T12:40:46.647 INFO:tasks.workunit.client.0.smithi165.stderr:Non-zero exit code 125 from /usr/bin/podman run --rm --ipc=host --net=host --entrypoint ceph -e CONTAINER_IMAGE=docker.io/ceph/daemon-base:latest-octopus -e NODE_NAME=smithi165 docker.io/ceph/daemon-base:latest-octopus --version
2021-01-08T12:40:46.648 INFO:tasks.workunit.client.0.smithi165.stderr:ceph: stderr Trying to pull docker.io/ceph/daemon-base:latest-octopus...
2021-01-08T12:40:46.648 INFO:tasks.workunit.client.0.smithi165.stderr:ceph: stderr   toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
2021-01-08T12:40:46.648 INFO:tasks.workunit.client.0.smithi165.stderr:ceph: stderr Error: Error initializing source docker://ceph/daemon-base:latest-octopus: (Mirrors also failed: [docker-mirror.front.sepia.ceph.com:5000/ceph/daemon-base:latest-octopus: error pinging docker registry docker-mirror.front.sepia.ceph.com:5000: Get
 "https://docker-mirror.front.sepia.ceph.com:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0]): docker.io/ceph/daemon-base:latest-octopus: Error reading manifest latest-octopus in docker.io/ceph/daemon-base: toomanyrequests: You ha
ve reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit

Ah. Okay. So this is because you're running podman on Bionic. ceph-cm-ansible isn't expecting this.

See
https://github.com/ceph/ceph-cm-ansible/blob/master/roles/container-host/vars/apt_systems.yml#L3
then
https://github.com/ceph/ceph-cm-ansible/blob/master/roles/container-host/tasks/main.yml#L31-L36

So the cert is getting installed at /etc/docker/certs.d but you're not using docker. Maybe I should just have the cert put in both places on all testnodes.

https://github.com/ceph/ceph-cm-ansible/pull/602

unfortunately, it's still there: https://pulpito.ceph.com/swagner-2021-01-15_09:42:49-rados:cephadm-wip-swagner-testing-2021-01-14-1551-distro-basic-smithi/

https://pulpito.ceph.com/swagner-2021-01-18_11:41:36-rados:cephadm-wip-swagner-testing-2021-01-15-1448-distro-basic-smithi/5798989

https://github.com/ceph/ceph-sepia-secrets/pull/595

dgalloway@gibba008:~$ /usr/bin/podman run --rm --ipc=host --net=host --entrypoint ceph -e CONTAINER_IMAGE=docker-mirror.front.sepia.ceph.com:5000/ceph/daemon-base:latest-octopus -e NODE_NAME=smithi184 docker-mirror.front.sepia.ceph.com:5000/ceph/daemon-base:latest-octopus --version
Trying to pull docker-mirror.front.sepia.ceph.com:5000/ceph/daemon-base:latest-octopus...
Getting image source signatures
Copying blob 7a0437f04f83 done  
Copying blob bd6b109c913e done  
Copying config b4a42a2be8 done  
Writing manifest to image destination
Storing signatures
ceph version 15.2.8 (bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55) octopus (stable)