Self-signed cert for registry failing on stager


Tom Sherrod <tom.sherrod@...>
 

Successfully deployed from a registry with a public cert.
A registry with a private/self-signed cert fails at the stager.
I've got the name of the registry in insecure_docker_registry_list and insecure_docker_registry: true in the manifest.
On the cell, the garden-linux process is running with -insecureDockerRegistryList=theregistryname.
On the stager, the stager process is running with -insecureDockerRegistry -logLevel=info
Shouldn't theregistryname also be in stager arguments?

The error:
2015-08-27T18:43:00.50-0400 [STG/0] ERR builder exited with error: failed to fetch metadata from [theregistryname/tom/diegotest] with tag [latest] and insecure registries [] due to Invalid registry endpoint https://theregistryname/v1/: Get https://theregistryname/v1/_ping: x509: certificate signed by unknown authority. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry theregistryname` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/theregistryname/ca.crt

(change the hostname to "theregistryname" in this message...the real hostname can be resolved and reached on each machine)

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.