coreos - Docker: private registry access -

-

i'm trying push image docker private repository:

docker pull busybox docker tag busybox living-registry.com:5000/busybox docker push living-registry.com:5000/busybox

docker tells me:

the push refers repository [living-registry.com:5000/busybox] https://living-registry.com:5000/v1/_ping: read tcp 195.83.122.16:39714->195.83.122.16:5000: read: connection reset peer

these commands being performed on coreos.

in machine, i've started registry using command:

docker run -d -p 5000:5000 --restart=always --name registry \   -v /root/docker-registry/auth:/auth \   -e "registry_auth=htpasswd" \   -e "registry_auth_htpasswd_realm=registry realm" \   -e registry_auth_htpasswd_path=/auth/htpasswd \   -v /root/docker-registry/certs:/certs \   -e registry_http_tls_certificate=/certs/registry.crt \   -e registry_http_tls_key=/certs/registry.key \   -v /root/docker-registry/data:/var/lib/registry \   registry:2

everything seems right:

# netstat -tupln | grep 5000 tcp6       0      0 :::5000       :::*      listen      3160/docker-proxy  # docker ps container id        image               command                  created             status                          ports                    names 27e79f6a504c        registry:2          "/bin/registry serve "   hour ago   restarting (2) 36 minutes ago   0.0.0.0:5000->5000/tcp   registry

so, when i'm trying log in:

[root@jenkins certs]# docker login living-registry.com:5000 username: xxxx password: xxxx

error response daemon: https://living-registry.com:5000/v1/users/: read tcp 195.83.122.16:39756->195.83.122.16:5000: read: connection reset peer

any ideas?

edit

i've added certificate (ca.crt) in /etc/ssl/certs , in /etc/docker/certs.d/x.x.x.x:5000/.

from coreos instance, i'm trying perform that:

$ docker login https://x.x.x.x:5000 username: xxx password: email: xxx@mail.com , tells me:

error response daemon: invalid registry endpoint https://x.x.x.x:5000/v0/: unable ping registry endpoint https://x.x.x.x:5000/v0/ v2 ping attempt failed error: https://x.x.x.x:5000/v2/: eof v1 ping attempt failed error: https://x.x.x.x:5000/v1/_ping: eof. if private registry supports http or https unknown ca certificate, please add --insecure-registry x.x.x.x:5000 daemon's arguments. in case of https, if have access registry's ca certificate, no need flag; place ca certificate @ /etc/docker/certs.d/x.x.x.x:5000/ca.crt

i've tried connection directly openssl:

openssl s_client -connect x.x.x.x:5000

the output is:

connected(00000003) 140180300502672:error:140790e5:ssl routines:ssl23_write:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- no client certificate ca names sent --- ssl handshake has read 0 bytes , written 308 bytes --- new, (none), cipher (none) secure renegotiation not supported compression: none expansion: none no alpn negotiated ssl-session:     protocol  : tlsv1.2     cipher    : 0000     session-id:     session-id-ctx:     master-key:     key-arg   : none     psk identity: none     psk identity hint: none     srp username: none     start time: 1467812448     timeout   : 300 (sec)     verify return code: 0 (ok) ---

for self-signed certificates, crt must copied

/etc/docker/cert.d/hostname:port/ca.crt

cf : https://docs.docker.com/engine/security/certificates/

i create certificates :

openssl req -x509 -nodes -days 3650d -newkey rsa:2048 -keyout /root/docker-registry/certs/registry.key -out /root/docker-registry/certs/registry.crt -days 3650d  cp /root/docker-registry/certs/registry.crt /etc/docker/cert.d/x.x.x.x:5000/ca.crt

Comments

Post a Comment

Popular posts from this blog

sequelize.js - Sequelize group by with association includes id -

-
so when requesting group sequelize follows: return models.workingcalendar .findall({ attributes: [ 'workingcalendar.periodid', 'workingcalendar.date', 'period.name' ], include: [ { model: models.period, attributes: [] } ], where: { getsudoid: currentgetsudo.id, unitplantid: unitplantid }, group: ['workingcalendar.periodid', 'workingcalendar.date', 'period.name'], }); sequelize run query: select [workingcalendar].[id], [workingcalendar].[periodid], [workingcalendar].[date], [period].[name] [workingcalendars] [workingcalendar] left outer join [periods] [period] on [wor...
Read more

java - Android raising EPERM (Operation not permitted) when attempting to send UDP packet after network connection -

-
when responding supplicant_state_changed_action broadcast , attempting send udp packet, exception: java.net.socketexception: sendto failed: eperm (operation not permitted) @ libcore.io.iobridge.maybethrowaftersendto(iobridge.java:542) @ libcore.io.iobridge.sendto(iobridge.java:511) @ java.net.plaindatagramsocketimpl.send(plaindatagramsocketimpl.java:184) @ java.net.datagramsocket.send(datagramsocket.java:305) @ com.mycompany.app.serviceclass.discover(serviceclass.java:355)at com.mycompany.app.serviceclass.access$600(serviceclass.java:39) @ com.mycompany.app.serviceclass$statemachine.run(serviceclass.java:242) @ java.lang.thread.run(thread.java:818) caused by: android.system.errnoexception: sendto failed: eperm (operation not permitted) @ libcore.io.posix.sendtobytes(native method) @ libcore.io.posix.sendto(posix.java:211) @ libcore.io.blockguardos.sendto(blockguardos.java:278) @ libcore.io.iobridge.sendto(iobridge.java:509) @ java.net.plaindat...
Read more

c++ - Migration from QScriptEngine to QJSEngine -

-
i'm migrating qscriptengine code on qjsengine. now, have: class pars { public: static qscriptvalue printmainlog(qscriptcontext* c, qscriptengine* e); }; qscriptvalue pars::printmainlog(qscriptcontext* c, qscriptengine* e) { //some actions return e->globalobject().property(""); } ... qscriptengine engine; ... engine.globalobject().setproperty("printlog",engine.newfunction(pars::printmainlog)); so, user can put printlog("what ever"); in application in , example, qlineedit , function pars::printmainlog evalute. is there way qjsengine? so, user put same printlog("what ever");? way find here , user should put logger.printlog("what ever"); logger class inherited qobject printlog slot.
Read more