Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when using docker registry with self-signed certificates #141

Closed
beniamin opened this issue Feb 1, 2018 · 6 comments
Closed

Error when using docker registry with self-signed certificates #141

beniamin opened this issue Feb 1, 2018 · 6 comments

Comments

@beniamin
Copy link

@beniamin beniamin commented Feb 1, 2018

I am trying to use forge with private docker registry deployed with self-signed certificates, but I encounter following error:

║ == Checking Kubernetes Setup ==

║ kubectl version --short
║ Client Version: v1.9.2
║ Server Version: v1.9.2
║ 1 tasks run, 0 errors
║ kubectl get service kubernetes --namespace default
║ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
║ kubernetes ClusterIP 10.96.0.1 443/TCP 2d
║ 1 tasks run, 0 errors

║ == Setting up Docker ==

║ Registry type (one of ecr, gcr, generic)[generic]:
║ Docker registry url[registry.hub.docker.com]: gen-centos755201-all-dev.idoc-alpha.c.emag.network
║ Docker user: testuser
║ Docker password:
║ Docker namespace/organization (use "-" to leave unspecified): -

║ registry: {type: docker, url: gen-centos755201-all-dev.idoc-alpha.c.emag.network,
║ user: testuser, password: 'dGVzdHBhc3N3b3Jk

║ ', namespace: null}

║ docker login -u testuser -p gen-centos755201-all-dev.idoc-alpha.c.emag.network
║ WARNING! Using --password via the CLI is insecure. Use --password-stdin.
║ Login Succeeded
║ docker pull registry.hub.docker.com/datawire/forge-setup-test:1
║ 1: Pulling from datawire/forge-setup-test
║ Digest: sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96
║ Status: Image is up to date for registry.hub.docker.com/datawire/forge-setup-test:1
║ docker tag registry.hub.docker.com/datawire/forge-setup-test:1 gen-centos755201-all-dev.idoc-alpha.c.emag.network/forge_test:dummy
║ docker push gen-centos755201-all-dev.idoc-alpha.c.emag.network/forge_test:dummy
║ The push refers to repository [gen-centos755201-all-dev.idoc-alpha.c.emag.network/forge_test]
║ e154057080f4: Preparing
║ e154057080f4: Layer already exists
║ dummy: digest: sha256:11a6af2edd09100d7a35abacacefd269404cf44aff537668235321d4f4caa485 size: 528
║ GET https://gen-centos755201-all-dev.idoc-alpha.c.emag.network/v2/None/forge_test/manifests/dummy
║ 16 tasks run, 1 errors
║ setup: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

║ -- please try again --

║ Registry type (one of ecr, gcr, generic)[generic]:

My environment:

  • OSX High Sierra
  • Docker Version 17.12.0-ce-mac49 (21995)
  • forge 0.3.24

Pushing and pulling images from same registry is working with docker push and pull commands.

@rhs
Copy link
Contributor

@rhs rhs commented Feb 2, 2018

Thanks for taking the time to report this. Is there any chance you can supply the output of python --version and python -c "import ssl; print ssl.OPENSSL_VERSION"?

@beniamin
Copy link
Author

@beniamin beniamin commented Feb 3, 2018

Sure.

~ ᐅ python --version
Python 2.7.10
~ ᐅ python -c "import ssl; print ssl.OPENSSL_VERSION"
LibreSSL 2.2.7

@triplonetienne
Copy link

@triplonetienne triplonetienne commented Mar 8, 2018

I am having the same problem with a self-signed OpenShift registry.

Directly pushing and pulling with Docker works, and also forge succeeds to push to the registry, but fails with setup: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) after GET xxx/v2/xxx/forge_test/manifests/dummy

  • OSX High Sierra
  • Docker 17.12.0-ce-mac55 (23011)
  • forge 0.4.4
  • Python 2.7.10
  • LibreSSL 2.2.7
@triplonetienne
Copy link

@triplonetienne triplonetienne commented Mar 8, 2018

Update: After adding a Let's Encrypt certificate, the setup successfully finished. Probably the problem is indeed with using self-signed certificates for the Docker registry

@Eronarn
Copy link

@Eronarn Eronarn commented Mar 21, 2018

Also ran into this with a self signed cert.

@rhs
Copy link
Contributor

@rhs rhs commented Mar 27, 2018

I just released forge 0.4.7 with a fix for this issue. You can read the (quick and dirty) docs here: https://forge.sh/docs/reference/self-signed-registries

@rhs rhs closed this Mar 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants