Have you checked with --insecure-flag as well, if the problem exists?

On Fri, Apr 8, 2016 at 11:17 AM, Den Cowboy <[email protected]> wrote:

> I'm using the ca.crt from /etc/origin/master/ca.crt and
> /etc/origin/node/ca.crt
>
> ------------------------------
> Date: Fri, 8 Apr 2016 11:02:19 +0200
>
> Subject: Re: accessing secure registry on master isn't possible?
> From: [email protected]
> To: [email protected]
> CC: [email protected]
>
>
>
> On Fri, Apr 8, 2016 at 8:27 AM, Den Cowboy <[email protected]> wrote:
>
> Yes I performed the same steps on my master as on my nodes. This is the
> error:
> sudo docker login -u admin -e [email protected] \
> > -p token 172.30.xx.xx:5000
> Error response from daemon: invalid registry endpoint
> https://172.30.109.95:5000/v0/: unable to ping registry endpoint
> https://172.30.xx.xx:5000/v0/
> v2 ping attempt failed with error: Get https://172.30.xx.xx:5000/v2/:
> dial tcp 172.30.xx.xx:5000: i/o timeout
>  v1 ping attempt failed with error: Get
> https://172.30.xx.xx:5000/v1/_ping: dial tcp 172.30.xx.xx:5000: i/o
> timeout. If this private registry supports only HTTP or HTTPS with an
> unknown CA certificate, please add `--insecure-registry 172.30.xx.xx:5000`
> to the daemon's arguments. In the case of HTTPS, if you have access to the
> registry's CA certificate, no need for the flag; simply place the CA
> certificate at /etc/docker/certs.d/172.30.xx.xx:5000/ca.crt
>
>
> Do you have the CA cert in /etc/docker/certs.d/172.30.xx.xx:5000/ca.crt
> the log you're seeing is
> the usual log that happens when you're using self-singed certs for
> registry. Eventually make sure
> the above ca is the right one.
>
>
> While on all my 3 nodes:
>
> sudo docker login -u admin -e [email protected] \
> > -p token 172.30.xx.xx:5000
> WARNING: login credentials saved in /root/.docker/config.json
> Login Succeeded
>
> ------------------------------
> Date: Thu, 7 Apr 2016 22:02:06 +0200
> Subject: Re: accessing secure registry on master isn't possible?
> From: [email protected]
> To: [email protected]
> CC: [email protected]
>
>
> Per
> https://docs.openshift.org/latest/install_config/install/docker_registry.html#securing-the-registry,
> step 11 and 12,
> I assume you've copied CA certificate to the Docker certificates directory
> on all nodes and restarted docker service,
> did you also do that on master as well. Without it any docker operation
> will fail with certificate check failure.
> What is the error you're seeing and what is the operation you're trying to
> do?
>
>
> On Thu, Apr 7, 2016 at 4:20 PM, Den Cowboy <[email protected]> wrote:
>
> I've created a secur registry on 1.1.6
> For the first time I've created my environment with 1 real master and 3
> nodes (one infra). (The reason for this is because I'm using the community
> ansible aws setup.
> <https://github.com/openshift/openshift-ansible/blob/master/README_AWS.md.>
> https://github.com/openshift/openshift-ansible/blob/master/README_AWS.md
> Normally my master is also an unschedulable node. Now I've secured my
> registry.
> I'm able to login and push to the registry from my nodes but not from my
> master?
> Is this normal , if yes,  why is it that way?
> I don't think it's an issue because the images will always be pulled and
> pushed on my nodes because only there can run my containers but I want to
> know if it's a known thing.
>
> Thanks
>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
>
>
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to