Adding local catalog fails?

Hi,
I am trying to add a local catalog.
But i get this error in the server container log:
fatal: unable to access ‘https:///lab/rancher-compose.git/’: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
time=“2016-03-24T07:20:12Z” level=error msg=“Failed to clone the catalog from git err: exit status 128”

What version of Rancher are you running?

From the docs:

Adding a catalog is as simple as adding a catalog name and a URL. The URL needs to one that git clone can handle. Whenever you add a catalog entry, it will be immediately available in your catalog.

git clone fails if it can’t verify the certificate and your server has a self-signed cert (or you’re not asking for the right domain name, because you can’t get a real cert for lab). If that server is available without SSL you can use http://lab/rancher-compose.git/, otherwise you need to add the certificate to the trusted list in the container with something like this (the docs are for registries, but same concept): http://docs.rancher.com/rancher/configuration/registries/#self-signed-certificates

Hi denise,

We are using 1.0.0 now but i had the same problem with 0.63.1.

We have our own CA which the git repository (bitbucket) have a certficate created from so it is not self signed but it is not an official CA.

I have added the PEM formatted CA chain to /etc/ssl/certs/ca-certificates.crt according to http://docs.rancher.com/rancher/configuration/registries/#self-signed-certificates
I have also added it to /etc/docker/certs.d/${DOMAIN}/ca.crt according to http://docs.rancher.com/rancher/configuration/registries/#self-signed-certificates
Also added it to /etc/docker/certs.d/${DOMAIN}:${PORT}/ca.crt (as you would with private registrys)

And restarted docker.

However still the same in the server log:

time=“2016-04-01T09:36:24Z” level=info msg="Cloning the catalog from git URL https://myhost.example.com/scm/lab/rancher-compose.git"
Cloning into ‘./DATA/bla’…
fatal: unable to access ‘https://myhost.example.com/scm/lab/rancher-compose.git/’: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
time=“2016-04-01T09:36:24Z” level=error msg=“Failed to clone the catalog from git err: exit status 128”

I have replaced our domain names with fake ones…

Regards
Christian

Where did you add the certificates? On your host that is running Rancher server? Inside the rancher server container?

On the host.

I can also tell you that we have a working local registry using the same CA chain.

/Christian

Based on @vincent’s comment, it sounds like you’d need to add the certificates inside the rancher server container.

I’m having the same issue and tried adding it as per the self signed certificate process for a registry without any success. Also tried setting up SSH clone of a repo with no auth and that fails, Has anyone gotten it to work and can share what steps they used?