nscaledemo Error: Invalid registry endpoint https://localhost:8011/v1/

[mtbvang]

I get the following error when running 'nscale container build nscaledemo web'. I can query the registry over http, but don't know about accessing the registries CA cert. The /etc/docker/certs.d dir doesn't exist.

pushing to registry 2015/06/02 11:36:36 Error: Invalid registry endpoint https://localhost:8011/v1/: Get https://localhost:8011/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry localhost:8011 to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/localhost:8011/ca.crt

{ cmd: 'docker push localhost:8011/nscaledemo/web-2f9f7ddadc8bead84de4a74665085d362b1854ff', code: 1 } { cmd: 'docker push localhost:8011/nscaledemo/web-2f9f7ddadc8bead84de4a74665085d362b1854ff', code: 1 }

[mcollina]

Where is your nScale host running? Is it a local to your box or cloud deployment?

This happens when the SSH tunnel is not set up properly. nScale relies on the fact that all local registries are automatically trusted, and it opens an SSH tunnel forwarding the port on which the registry can be accessed.

[mtbvang]

nScale is running on my local host.

[mcollina]

Are you on Mac? are you using boot2docker? have you tried rebooting your boot2docker thing? Does docker ps works as expected in a fresh terminal?

[mtbvang]

I'm on ubuntu 14.04. Is the local registry started by nScale? What am I looking for with docker ps?

[mcollina]

The local registry is started automatically by nScale.

Basically you need to be sure that nScale can talk to your Docker daemon. Just open a new shell and check if you can run a new container, check if its running and so on, without sudo.

[mtbvang]

My docker instance works without sudo and I'm able to run other containers up. What's the name of the nscale registry container? I don't see anything in the docker ps that looks like it. I do have a lot of containers running so maybe I missed it. If there was a port issue would nScale report that?

[mcollina]

The registry is embedded in nScale, so it is not running inside docker.

@Nss you are the Linux guy, can you please help here? :) Thanks!

[LucaLanziani]

@mcollina who does start the private registry and where the protocol (http/https) is determined? I can see an unexpected httpS in the error log, in my system the url is http://localhost:8011/...

@mtbvang can you try to run both:

curl https://localhost:8011/v1/_ping

and

curl http://localhost:8011/v1/_ping

[mcollina]

the registry is started as a service by nScale. The actual code lives in the 'docker-container' module. It's on HTTP, not HTTPS.

It is working fine for me on Linux.

Can you please attach the nscale logs?

[LucaLanziani]

I meant the @mtbvang error log

015/06/02 11:36:36 Error: Invalid registry endpoint https://localhost:8011/v1/: Get https://localhost:8011/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry localhost:8011 to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/localhost:8011/ca.crt

As you can see there, the process is trying to load the registry with httpS Invalid registry endpoint https://localhost:8011/v1/ this isn't happening in my environment.

[mtbvang]

@Nss The results of the curl are.

curl https://localhost:8011/v1/_ping curl: (35) Unknown SSL protocol error in connection to localhost:8011

curl http://localhost:8011/v1/_ping true

Curl over https with verbose:

curl https://localhost:8011/v1/_ping --verbose

• Hostname was NOT found in DNS cache
• Trying 127.0.0.1...
• Connected to localhost (127.0.0.1) port 8011 (#0)
• successfully set certificate verify locations:
• CAfile: none CApath: /etc/ssl/certs
• SSLv3, TLS handshake, Client hello (1):
• Unknown SSL protocol error in connection to localhost:8011
• Closing connection 0 curl: (35) Unknown SSL protocol error in connection to localhost:8011

[mtbvang]

@mcollina Where do the nscale logs live?

[mtbvang]

Something in the code is setting the protocol on my system to https. The only thing I found in the docker-container module was the following in docker.js line 37:

if (process.env.DOCKER_TLS_VERIFY === '1') {
  opts.protocol = 'https';
}

Is this relevant or is it something else?

[mcollina]

Completely something else, this is used by nScale to talk to Docker, not vice versa. How did you install docker on that machine? Which version of Docker are you running?

[mtbvang]

My docker is at version 1.3.1. It was installed using a puppet module which adds the following to the source list https://get.docker.com/ubuntu docker main. I'll try updating my docker version.

[mtbvang]

Dating docker to 1.6.2 resolved the issue. Thanks for all your help @Nss @mcollina.