[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Push to registry sometimes fails



Yeah, I secured the registry, however I couldn't get pushing to work when using the tls certificates.. I kept getting "Error: x509: certificate signed by unknown authority" when using the master's ca.crt coppied into /etc/docker/certs.d/172.30.25.196:5000/ca.crt  I tried going throgh the secure your registry steps three times, and I can't get it to work.  I could cutl --cacert=/etc/docker/certs.d/172.30.25.196:5000/ca.crt https://172.30.25.196:5000/v2/ just fine, but docker still didn't like it.

Adding  "--insecure-registry 172.30.25.196:5000" was a workaround that works mostly - it is still flaky when pushing from a build.

I'd really like to get a secure registry working so any thoughts ?

Cameron

On Thu, 8 Dec 2016 at 12:26 Andy Goldstein <agoldste redhat com> wrote:
Docker assumes that the registry talks TLS. It will only use http if you specify the registry is insecure (typically via '--insecure-registry 172.30.0.0/16' in /etc/sysconfig/docker).

Is your registry secured?

On Wed, Dec 7, 2016 at 8:11 PM, Cameron Braid <cameron braid com au> wrote:
I am occasional getting this error after a build when pushing to the internal registry :

Pushed 10/12 layers, 83% complete
Registry server Address: 
Registry server User Name: serviceaccount
Registry server Email: serviceaccount example org
Registry server Password: <<non-empty>>
error: build error: Failed to push image: Get http://172.30.25.196:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02"

It looks like the pusher is using http to talk to the https registry.  

What tells the pusher that the registry is TLS ?

Cheers

Cameron

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]