richarddli
commented
6 years ago Try creating your forge.yaml file locally per https://forge.sh/docs/reference/forge-config.
Open sachingade20 opened 6 years ago
richarddli
commented
6 years ago Try creating your forge.yaml file locally per https://forge.sh/docs/reference/forge-config.
aisola
commented
5 years ago After experiencing this issue myself, I dug into the source code a bit. Looks like the problem lies here. https://github.com/datawire/forge/blob/master/forge/docker.py#L247
Everything else in docker will be able to access insecure registries (without SSL certs) so long as you've configured your docker to trust that insecure registry. While in most cases, insecure registries are a bad idea, they are still valid for local development. For example, microk8s uses an insecure registry which you can use for local development. When I use docker to push to that registry, it works out just fine. However, on the line referenced above, forge assumes that you are always serving over HTTPS (even if you are using self-signed certs).
One potential fix for this would be to have a setting insecure on the registry:docker in forge.yaml. Since usually this isn't a production setting, this could come with a printed warning when forge deploy is run. Additionally, it would likely be best to annotate this in the docs as well so that users will know that it isn't a setting that you should use anywhere outside of a local-only context on a trusted network (i.e. development).
Anybody have any thoughts on this solution?
@rhs I cant see local option in latest release and my local insecure registry doesnt seem to be working with forge setup
║ Registry type (one of ecr, gcr, generic)[generic]: ║ Docker registry url[registry.hub.docker.com]: localhost:5000 ║ Docker user (use "-" to leave unspecified): admin ║ Docker password: ║ Docker namespace/organization (enter username again for standard accounts): admin ║ ║ registry: {type: docker, url: 'localhost:5000', user: admin, password: 'XXXXX' namespace: admin} ║ ║ docker login -u admin -p localhost:5000 ║ WARNING! Using --password via the CLI is insecure. Use --password-stdin. ║ Login Succeeded ║ docker pull registry.hub.docker.com/datawire/forge-setup-test:1 ║ 1: Pulling from datawire/forge-setup-test ║ cfc728c1c558: Pulling fs layer ║ cfc728c1c558: Verifying Checksum ║ cfc728c1c558: Download complete ║ cfc728c1c558: Pull complete ║ Digest: sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96 ║ Status: Downloaded newer image for registry.hub.docker.com/datawire/forge-setup-test:1 ║ docker tag registry.hub.docker.com/datawire/forge-setup-test:1 localhost:5000/admin/forge_test:dummy ║ docker push localhost:5000/admin/forge_test:dummy ║ The push refers to a repository [localhost:5000/admin/forge_test] ║ e154057080f4: Preparing ║ e154057080f4: Pushed ║ dummy: digest: sha256:11a6af2edd09100d7a35abacacefd269404cf44aff537668235321d4f4caa485 size: 528 ║ GET https://localhost:5000/v2/admin/forge_test/manifests/dummy ║ 16 tasks run, 1 errors ║ setup: HTTPSConnectionPool(host='localhost', port=5000): Max retries exceeded with url: /v2/admin/forge_test/manifests/dummy (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x10a46f910>: Failed to establish a new connection: [Errno 61] ECONNREFUSED',)) ║ ║ -- please try again --