I'm using the ca.crt from /etc/origin/master/ca.crt and /etc/origin/node/ca.crt
Date: Fri, 8 Apr 2016 11:02:19 +0200 Subject: Re: accessing secure registry on master isn't possible? From: maszu...@redhat.com To: dencow...@hotmail.com CC: users@lists.openshift.redhat.com On Fri, Apr 8, 2016 at 8:27 AM, Den Cowboy <dencow...@hotmail.com> wrote: Yes I performed the same steps on my master as on my nodes. This is the error: sudo docker login -u admin -e m...@mail.com \ > -p token 172.30.xx.xx:5000 Error response from daemon: invalid registry endpoint https://172.30.109.95:5000/v0/: unable to ping registry endpoint https://172.30.xx.xx:5000/v0/ v2 ping attempt failed with error: Get https://172.30.xx.xx:5000/v2/: dial tcp 172.30.xx.xx:5000: i/o timeout v1 ping attempt failed with error: Get https://172.30.xx.xx:5000/v1/_ping: dial tcp 172.30.xx.xx:5000: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 172.30.xx.xx:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/172.30.xx.xx:5000/ca.crt Do you have the CA cert in /etc/docker/certs.d/172.30.xx.xx:5000/ca.crt the log you're seeing is the usual log that happens when you're using self-singed certs for registry. Eventually make sure the above ca is the right one. While on all my 3 nodes: sudo docker login -u admin -e m...@mail.com \ > -p token 172.30.xx.xx:5000 WARNING: login credentials saved in /root/.docker/config.json Login Succeeded Date: Thu, 7 Apr 2016 22:02:06 +0200 Subject: Re: accessing secure registry on master isn't possible? From: maszu...@redhat.com To: dencow...@hotmail.com CC: users@lists.openshift.redhat.com Per https://docs.openshift.org/latest/install_config/install/docker_registry.html#securing-the-registry, step 11 and 12, I assume you've copied CA certificate to the Docker certificates directory on all nodes and restarted docker service, did you also do that on master as well. Without it any docker operation will fail with certificate check failure. What is the error you're seeing and what is the operation you're trying to do? On Thu, Apr 7, 2016 at 4:20 PM, Den Cowboy <dencow...@hotmail.com> wrote: I've created a secur registry on 1.1.6 For the first time I've created my environment with 1 real master and 3 nodes (one infra). (The reason for this is because I'm using the community ansible aws setup. https://github.com/openshift/openshift-ansible/blob/master/README_AWS.md Normally my master is also an unschedulable node. Now I've secured my registry. I'm able to login and push to the registry from my nodes but not from my master? Is this normal , if yes, why is it that way? I don't think it's an issue because the images will always be pulled and pushed on my nodes because only there can run my containers but I want to know if it's a known thing. Thanks _______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users