Hi all, so I have now configured the registry to do HTTPS. The certificate is self-signed. I now get the log message
failed to start: Failed to perform 'curl': curl: (60) Peer's certificate issuer has been marked as not trusted by the user. This is curl’s way of saying that a valid CA certificate is missing for the certificate offered by the HTTPS host. However, I have installed the CA certificate for my self-signed certificate in the OS’s (CentOS 8) CA trust store. To verify, when I try curl on the command line e.g. curl https://mother:5000/v2/_catalog I get the correct reply from the registry. —> How can I install my CA certificate so that mesos' curl knows it when contacting the registry? Thanks and best regards, Ben > On 27. Aug 2020, at 15:58, Benjamin Wulff <benjamin.wulff...@ieee.org> wrote: > > Hi all, > > I’m running a Docker registry in my cluster network that does plain HTTP, no > HTTPS. I tried to configure it using docker_registry and > docker_config options, providing an http:// address. When I try to run a > Docker image in a task it fails and I see in the log a message that CURL SSL > got a malformed TLS answer. So apparently Mesos still tells curl to do > whatever it should do via HTTPS. > > I have seen posts that seem to indicate that it will switch to HTTP > automatically when you provide port ‘:80’ as part of the URI for the > registry. However, I cannot put the registry on 80 because there is already a > Webserver sitting that is used for distributing artefacts in the cluster. > > —> Is there a way to tell Mesos that it (respectively curl) use HTTP instead > of HTTPS? > > Thanks and best regards, > Ben > > PS: I also saw in the logs: > > curl: option —http1.1: is unknown > curl: try ‘curl —help’ or ‘curl —manual’ for more information >
