diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 10b29c889b486849b356d7e5005472be40791092..581ecf053096987e9e5dd51d36b9c5aa222f1cdd 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -89,6 +89,7 @@ docker_registry_email:
 docker_registry:
 docker_namespace: "kolla"
 docker_registry_username:
+docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}"
 
 # Valid options are [ never, on-failure, always, unless-stopped ]
 docker_restart_policy: "unless-stopped"
diff --git a/ansible/roles/baremetal/templates/docker_systemd_service.j2 b/ansible/roles/baremetal/templates/docker_systemd_service.j2
index e9b89384c398cc02c801a159aeb5986dd4d0f51d..31b9ef50329cb3426daf361de774570beb307800 100644
--- a/ansible/roles/baremetal/templates/docker_systemd_service.j2
+++ b/ansible/roles/baremetal/templates/docker_systemd_service.j2
@@ -1,4 +1,4 @@
 [Service]
 MountFlags=shared
 ExecStart=
-ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}
+ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}
diff --git a/releasenotes/notes/docker_insecure_registry-857bfb9c760aa3bf.yaml b/releasenotes/notes/docker_insecure_registry-857bfb9c760aa3bf.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f65b7d4d5220b9fb627abbe2b4831685897e594b
--- /dev/null
+++ b/releasenotes/notes/docker_insecure_registry-857bfb9c760aa3bf.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    Add option `docker_registry_insecure` to enable the SSL verification
+    for the docker registry. Default value is true when a private
+    registry is defined.