Closed lrx0014 closed 5 years ago
@lrx0014 did you solve this? Having same issue.. thanks
@spock123 I copied the path /etc/docker/cert.d/docker-registry.default.svc:5000 to /etc/docker/cert.d/docker-registry-default.master.openshift.me
and the docker-registry-default.master.openshift.me is the public address of my openshift docker registry, then the docker login command returned "login success"
Thank you, yes I resolved it the same way.
Thanks
On Wed, Mar 27, 2019, 03:29 Renxiang notifications@github.com wrote:
@spock123 https://github.com/spock123 I copied the path /etc/docker/cert.d/docker-registry.default.svc:5000 to /etc/docker/cert.d/docker-registry-default.master.openshift.me http://docker-registry-default.master.openshift.me
and the docker-registry-default.master.openshift.me http://docker-registry-default.master.openshift.me is the public address of my openshift docker registry, then the docker login command returned "login success"
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/openshift/origin/issues/21691#issuecomment-476940593, or mute the thread https://github.com/notifications/unsubscribe-auth/ABNWdEdDtsCbc5NFOKGg7fHXVbaq9Zs2ks5vateHgaJpZM4Zbou6 .
@spock123 I copied the path /etc/docker/cert.d/docker-registry.default.svc:5000 to /etc/docker/cert.d/docker-registry-default.master.openshift.me
and the docker-registry-default.master.openshift.me is the public address of my openshift docker registry, then the docker login command returned "login success"
Sorry, I'm having the same issue. I still dont understand. What did you actually do? Copy the certificate to docker-registry-default.master.openshift.me ?
@gielvandanu
First you generate a certificate on the registry (modify to use your service/server names instead of mine:) In the following my registry service is at registry.testcloud.oresundsbron and the host of the registry is njord.oresundsbron.com
oc adm ca create-server-cert \
--signer-cert=/etc/origin/master/ca.crt \
--signer-key=/etc/origin/master/ca.key \
--signer-serial=/etc/origin/master/ca.serial.txt \
--hostnames='registry.testcloud.oresundsbron.com,njord.oresundsbron.com, docker-registry-default.testcloud.oresundsbron.com, 10.49.1.12' \
--cert=/etc/secrets/registry.crt \
--key=/etc/secrets/registry.key
Then you copy generated certificate file /etc/origin/master/ca.crt to your docker client machine at /etc/docker/certs.d/docker-registry-default.testcloud.oresundsbron.com
Restart docker service on the client machine so the new certificate is registered
Get a token from the registry:
oc login
oc whoami -t
Now login to your registry from the client machine:
docker login -u <your-oc-login-name> -p <token-from-whoami> docker-registry-default.testcloud.oresundsbron.com
Hope this helps.. if you ask me it's a mess
@spock123 thank you. it works!!
@gielvandanu that's great to hear! Super!!!
I installed the OKD by ansible-playbook, and I want to push/pull docker images from another machine with the public docker-registry host, I followed the hint of atomic registry web console:
but I get a x509: certificate signed by unknown authority error when I executed docker login command.
next I followed this page to add a registry.crt to /etc/docker/cert.d/docker-registry-default.master.openshift.me/:
https://access.redhat.com/solutions/3654811
It still unable to login in.
Moreover why the value of param '-u' is 'unused' ? is that normal ?
Version
openshift v3.11.0+62803d0-1 kubernetes v1.11.0+d4cacc0 features: Basic-Auth GSSAPI Kerberos SPNEGO
docker-1.13.1-87.git07f3374.el7.x86_64
Steps To Reproduce
Installed OKD with ansible
add registry.crt to /etc/docker/cert.d/.........
Current Result