Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when using docker registry with self-signed certificates #141

Closed
beniamin opened this issue Feb 1, 2018 · 6 comments
Closed

Error when using docker registry with self-signed certificates #141

beniamin opened this issue Feb 1, 2018 · 6 comments

Comments

@beniamin
Copy link

beniamin commented Feb 1, 2018

I am trying to use forge with private docker registry deployed with self-signed certificates, but I encounter following error:

║ == Checking Kubernetes Setup ==

║ kubectl version --short
║ Client Version: v1.9.2
║ Server Version: v1.9.2
║ 1 tasks run, 0 errors
║ kubectl get service kubernetes --namespace default
║ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
║ kubernetes ClusterIP 10.96.0.1 443/TCP 2d
║ 1 tasks run, 0 errors

║ == Setting up Docker ==

║ Registry type (one of ecr, gcr, generic)[generic]:
║ Docker registry url[registry.hub.docker.com]: gen-centos755201-all-dev.idoc-alpha.c.emag.network
║ Docker user: testuser
║ Docker password:
║ Docker namespace/organization (use "-" to leave unspecified): -

║ registry: {type: docker, url: gen-centos755201-all-dev.idoc-alpha.c.emag.network,
║ user: testuser, password: 'dGVzdHBhc3N3b3Jk

║ ', namespace: null}

║ docker login -u testuser -p gen-centos755201-all-dev.idoc-alpha.c.emag.network
║ WARNING! Using --password via the CLI is insecure. Use --password-stdin.
║ Login Succeeded
║ docker pull registry.hub.docker.com/datawire/forge-setup-test:1
║ 1: Pulling from datawire/forge-setup-test
║ Digest: sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96
║ Status: Image is up to date for registry.hub.docker.com/datawire/forge-setup-test:1
║ docker tag registry.hub.docker.com/datawire/forge-setup-test:1 gen-centos755201-all-dev.idoc-alpha.c.emag.network/forge_test:dummy
║ docker push gen-centos755201-all-dev.idoc-alpha.c.emag.network/forge_test:dummy
║ The push refers to repository [gen-centos755201-all-dev.idoc-alpha.c.emag.network/forge_test]
║ e154057080f4: Preparing
║ e154057080f4: Layer already exists
║ dummy: digest: sha256:11a6af2edd09100d7a35abacacefd269404cf44aff537668235321d4f4caa485 size: 528
║ GET https://gen-centos755201-all-dev.idoc-alpha.c.emag.network/v2/None/forge_test/manifests/dummy
║ 16 tasks run, 1 errors
║ setup: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

║ -- please try again --

║ Registry type (one of ecr, gcr, generic)[generic]:

My environment:

  • OSX High Sierra
  • Docker Version 17.12.0-ce-mac49 (21995)
  • forge 0.3.24

Pushing and pulling images from same registry is working with docker push and pull commands.

@rhs
Copy link
Contributor

rhs commented Feb 2, 2018

Thanks for taking the time to report this. Is there any chance you can supply the output of python --version and python -c "import ssl; print ssl.OPENSSL_VERSION"?

@beniamin
Copy link
Author

beniamin commented Feb 3, 2018

Sure.

~ ᐅ python --version
Python 2.7.10
~ ᐅ python -c "import ssl; print ssl.OPENSSL_VERSION"
LibreSSL 2.2.7

@ewildee
Copy link

ewildee commented Mar 8, 2018

I am having the same problem with a self-signed OpenShift registry.

Directly pushing and pulling with Docker works, and also forge succeeds to push to the registry, but fails with setup: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) after GET xxx/v2/xxx/forge_test/manifests/dummy

  • OSX High Sierra
  • Docker 17.12.0-ce-mac55 (23011)
  • forge 0.4.4
  • Python 2.7.10
  • LibreSSL 2.2.7

@ewildee
Copy link

ewildee commented Mar 8, 2018

Update: After adding a Let's Encrypt certificate, the setup successfully finished. Probably the problem is indeed with using self-signed certificates for the Docker registry

@jmeickle
Copy link

Also ran into this with a self signed cert.

@rhs
Copy link
Contributor

rhs commented Mar 27, 2018

I just released forge 0.4.7 with a fix for this issue. You can read the (quick and dirty) docs here: https://forge.sh/docs/reference/self-signed-registries

@rhs rhs closed this as completed Mar 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants