Hi,
I am having a problem with “–insecure-registry” on RancherOS / Azure.
Steps I’ve taken:
- I deployed the RancherOS image that’s listed on Azure.
- I then added the Rancher:latest image and am now able to hit Rancher web console (not sure what that’s not included as a starting point)
- Now I want to setup me private registry on the same machine, so I deployed an image with the following:
sudo docker run -d -p 5000:5000
-e REGISTRY_STORAGE=azure
-e REGISTRY_STORAGE_AZURE_ACCOUNTNAME=“xxxxx”
-e REGISTRY_STORAGE_AZURE_ACCOUNTKEY=“xxxxx”
-e REGISTRY_STORAGE_AZURE_CONTAINER=“images”
–name=registry
registry:2
And I’m able to push images from my local development environment up into my registry.
Now however when it comes to running the container through rancher, I’m unable to add it because it’s a private registry with no SSL.
ERROR:
Error (500 Server Error: Internal Server Error (“v1 ping attempt failed with error: Get https://10.4.0.1:5000/v1/_ping: dial tcp 10.4.0.1:5000: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry 10.4.0.1:5000
to the daemon’s arguments. In the case of HTTPS, if you have access to the registry’s CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/10.4.0.1:5000/ca.crt”))
Things I’ve tried:
- updating the /etc/defaults/docker file (this seems to roll back on reboot)
running:
sudo ros config set rancher.docker.args “[‘daemon’,’–insecure-registry’,‘10.1.0.4:5000’]”
It persists but doesn’t seem to do anything
- I tried to load in certificates however I wasn’t able to get -v working to map a local folder with the certificates through to the registry:2 image.
sudo docker run -d -p 5000:5000
-e REGISTRY_STORAGE=azure
-e REGISTRY_STORAGE_AZURE_ACCOUNTNAME=“xxxxx”
-e REGISTRY_STORAGE_AZURE_ACCOUNTKEY=“xxxxx”
-e REGISTRY_STORAGE_AZURE_CONTAINER=“images”
-v /certs:/certs
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/registry.key
–name=registry
registry:2
The log file says “unable to find /certs/registry.key”
I’m at a loss as to what to do next. This seems overly complex for something that should be simple? What am I missing?
Thanks