I try to secure my registry but it fails: This are the logs after a push: I've checked the certificate: the ca.crt has the same content as the second part of my generated secret. So I don't know why this certificate is bad?
I0209 11:54:53.887517 1 sti.go:315] Successfully built 172.30.221.132:5000/test2/test2:latest I0209 11:54:53.917560 1 cleanup.go:23] Removing temporary directory /tmp/s2i-build586685329 I0209 11:54:53.917581 1 fs.go:117] Removing directory '/tmp/s2i-build586685329' I0209 11:54:53.919251 1 sti.go:214] Using provided push secret for pushing 172.30.221.132:5000/test2/test2:latest image I0209 11:54:53.919274 1 sti.go:218] Pushing 172.30.221.132:5000/test2/test2:latest image ... E0209 11:54:53.929640 1 dockerutil.go:78] push for image 172.30.221.132:5000/test2/test2:latest failed, will retry in 5s seconds ... E0209 11:54:58.939648 1 dockerutil.go:78] push for image 172.30.221.132:5000/test2/test2:latest failed, will retry in 5s seconds ... E0209 11:55:03.960704 1 dockerutil.go:78] push for image 172.30.221.132:5000/test2/test2:latest failed, will retry in 5s seconds ... E0209 11:55:08.967635 1 dockerutil.go:78] push for image 172.30.221.132:5000/test2/test2:latest failed, will retry in 5s seconds ... E0209 11:55:13.976535 1 dockerutil.go:78] push for image 172.30.221.132:5000/test2/test2:latest failed, will retry in 5s seconds ... E0209 11:55:18.986800 1 dockerutil.go:78] push for image 172.30.221.132:5000/test2/test2:latest failed, will retry in 5s seconds ... E0209 11:55:23.999629 1 dockerutil.go:78] push for image 172.30.221.132:5000/test2/test2:latest failed, will retry in 5s seconds ... I0209 11:55:28.999901 1 sti.go:223] Registry server Address: I0209 11:55:28.999950 1 sti.go:224] Registry server User Name: serviceaccount I0209 11:55:28.999970 1 sti.go:225] Registry server Email: [email protected] I0209 11:55:28.999989 1 sti.go:230] Registry server Password: <<non-empty>> F0209 11:55:29.000054 1 builder.go:185] Error: build error: Failed to push image. Response from registry is: unable to ping registry endpoint https://172.30.221.132:5000/v0/ v2 ping attempt failed with error: Get https://172.30.221.132:5000/v2/: x509: cannot validate certificate for 172.30.221.132 because it doesn't contain any IP SANs v1 ping attempt failed with error: Get https://172.30.221.132:5000/v1/_ping: x509: cannot validate certificate for 172.30.221.132 because it doesn't contain any IP SANs This are the logs of the registry itself: time="2016-02-09T11:50:54.384124563Z" level=info msg="redis not configured" go.version=go1.4.2 instance.id=0af8425a-7aef-44e4-9939-1105ac8d92fa time="2016-02-09T11:50:54.38411731Z" level=info msg="Starting upload purge in 6m0s" go.version=go1.4.2 instance.id=0af8425a-7aef-44e4-9939-1105ac8d92fa time="2016-02-09T11:50:54.384179893Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.4.2 instance.id=0af8425a-7aef-44e4-9939-1105ac8d92fa time="2016-02-09T11:50:54.384208064Z" level=info msg="Using Origin Auth handler" time="2016-02-09T11:50:54.38423117Z" level=debug msg="configured \"openshift\" access controller" go.version=go1.4.2 instance.id=0af8425a-7aef-44e4-9939-1105ac8d92fa time="2016-02-09T11:50:54.384447261Z" level=info msg="listening on :5000, tls" go.version=go1.4.2 instance.id=0af8425a-7aef-44e4-9939-1105ac8d92fa 10.1.0.1 - - [09/Feb/2016:11:51:02 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:51:12 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:51:22 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:51:32 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:51:42 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:51:52 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:52:02 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:52:12 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:52:22 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:52:32 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:52:42 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:52:52 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:53:02 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:53:12 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:53:22 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:53:32 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:53:42 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:53:52 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:54:02 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:54:12 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:54:22 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:54:32 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:54:42 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:54:52 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 2016-02-09 11:54:53.939908 I | http: TLS handshake error from 10.1.1.1:59082: remote error: bad certificate 2016-02-09 11:54:53.949806 I | http: TLS handshake error from 10.1.1.1:59083: remote error: bad certificate 2016-02-09 11:54:53.951173 I | http: TLS handshake error from 10.1.1.1:59081: remote error: bad certificate 2016-02-09 11:54:58.948438 I | http: TLS handshake error from 10.1.1.1:59086: remote error: bad certificate 2016-02-09 11:54:58.957545 I | http: TLS handshake error from 10.1.1.1:59088: remote error: bad certificate 2016-02-09 11:54:58.961057 I | http: TLS handshake error from 10.1.1.1:59087: remote error: bad certificate 10.1.0.1 - - [09/Feb/2016:11:55:02 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 2016-02-09 11:55:03.963091 I | http: TLS handshake error from 10.1.1.1:59090: remote error: bad certificate 2016-02-09 11:55:03.963511 I | http: TLS handshake error from 10.1.1.1:59089: remote error: bad certificate 2016-02-09 11:55:03.972225 I | http: TLS handshake error from 10.1.1.1:59091: remote error: bad certificate 2016-02-09 11:55:08.979689 I | http: TLS handshake error from 10.1.1.1:59094: remote error: bad certificate 2016-02-09 11:55:08.985091 I | http: TLS handshake error from 10.1.1.1:59096: remote error: bad certificate 2016-02-09 11:55:08.992347 I | http: TLS handshake error from 10.1.1.1:59095: remote error: bad certificate 10.1.0.1 - - [09/Feb/2016:11:55:12 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 2016-02-09 11:55:13.987433 I | http: TLS handshake error from 10.1.1.1:59097: remote error: bad certificate 2016-02-09 11:55:13.993870 I | http: TLS handshake error from 10.1.1.1:59099: remote error: bad certificate 2016-02-09 11:55:13.999576 I | http: TLS handshake error from 10.1.1.1:59098: remote error: bad certificate 2016-02-09 11:55:18.995454 I | http: TLS handshake error from 10.1.1.1:59102: remote error: bad certificate 2016-02-09 11:55:19.004155 I | http: TLS handshake error from 10.1.1.1:59104: remote error: bad certificate 2016-02-09 11:55:19.007233 I | http: TLS handshake error from 10.1.1.1:59103: remote error: bad certificate 10.1.0.1 - - [09/Feb/2016:11:55:22 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 2016-02-09 11:55:24.017056 I | http: TLS handshake error from 10.1.1.1:59107: remote error: bad certificate 2016-02-09 11:55:24.019580 I | http: TLS handshake error from 10.1.1.1:59106: remote error: bad certificate 2016-02-09 11:55:24.019902 I | http: TLS handshake error from 10.1.1.1:59105: remote error: bad certificate 10.1.0.1 - - [09/Feb/2016:11:55:32 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:55:42 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:55:52 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:56:02 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:56:12 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:56:22 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:56:32 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:56:42 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:56:52 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" time="2016-02-09T11:56:54.384405174Z" level=info msg="PurgeUploads starting: olderThan=2016-02-02 11:56:54.384326249 +0000 UTC, actuallyDelete=true" time="2016-02-09T11:56:54.38543244Z" level=debug msg="filesystem.List(\"/docker/registry/v2/repositories\")" go.version=go1.4.2 instance.id=0af8425a-7aef-44e4-9939-1105ac8d92fa trace.duration=910.417µs trace.file="/go/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=e8a053f5-3935-4133-acd3-998e2fc004b8 trace.line=154 time="2016-02-09T11:56:54.385487781Z" level=info msg="Purge uploads finished. Num deleted=0, num errors=1" time="2016-02-09T11:56:54.385509417Z" level=info msg="Starting upload purge in 24h0m0s" go.version=go1.4.2 instance.id=0af8425a-7aef-44e4-9939-1105ac8d92fa 10.1.0.1 - - [09/Feb/2016:11:57:02 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:57:12 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:57:22 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:57:32 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:57:42 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 2016-02-09 11:57:43.067255 I | http: TLS handshake error from 10.1.1.1:59142: remote error: bad certificate 2016-02-09 11:57:43.068824 I | http: TLS handshake error from 10.1.1.1:59140: remote error: bad certificate 2016-02-09 11:57:43.076552 I | http: TLS handshake error from 10.1.1.1:59141: remote error: bad certificate 2016-02-09 11:57:48.073338 I | http: TLS handshake error from 10.1.1.1:59146: remote error: bad certificate 2016-02-09 11:57:48.081751 I | http: TLS handshake error from 10.1.1.1:59145: remote error: bad certificate 2016-02-09 11:57:48.082256 I | http: TLS handshake error from 10.1.1.1:59147: remote error: bad certificate 10.1.0.1 - - [09/Feb/2016:11:57:52 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 2016-02-09 11:57:53.080354 I | http: TLS handshake error from 10.1.1.1:59148: remote error: bad certificate 2016-02-09 11:57:53.096420 I | http: TLS handshake error from 10.1.1.1:59149: remote error: bad certificate 2016-02-09 11:57:53.096597 I | http: TLS handshake error from 10.1.1.1:59150: remote error: bad certificate 2016-02-09 11:57:58.102439 I | http: TLS handshake error from 10.1.1.1:59154: remote error: bad certificate 2016-02-09 11:57:58.105124 I | http: TLS handshake error from 10.1.1.1:59153: remote error: bad certificate 2016-02-09 11:57:58.106115 I | http: TLS handshake error from 10.1.1.1:59155: remote error: bad certificate 10.1.0.1 - - [09/Feb/2016:11:58:02 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 2016-02-09 11:58:03.109765 I | http: TLS handshake error from 10.1.1.1:59156: remote error: bad certificate 2016-02-09 11:58:03.116820 I | http: TLS handshake error from 10.1.1.1:59158: remote error: bad certificate 2016-02-09 11:58:03.124064 I | http: TLS handshake error from 10.1.1.1:59157: remote error: bad certificate 2016-02-09 11:58:08.120395 I | http: TLS handshake error from 10.1.1.1:59162: remote error: bad certificate 2016-02-09 11:58:08.127914 I | http: TLS handshake error from 10.1.1.1:59163: remote error: bad certificate 2016-02-09 11:58:08.131500 I | http: TLS handshake error from 10.1.1.1:59161: remote error: bad certificate 10.1.0.1 - - [09/Feb/2016:11:58:12 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 2016-02-09 11:58:13.134620 I | http: TLS handshake error from 10.1.1.1:59165: remote error: bad certificate 2016-02-09 11:58:13.138467 I | http: TLS handshake error from 10.1.1.1:59164: remote error: bad certificate 2016-02-09 11:58:13.138939 I | http: TLS handshake error from 10.1.1.1:59166: remote error: bad certificate 10.1.0.1 - - [09/Feb/2016:11:58:22 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:58:32 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:58:42 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:58:52 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:59:02 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http" 10.1.0.1 - - [09/Feb/2016:11:59:12 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http"
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
