Re: Self-signed cert for registry failing on stager

James Bayer

perhaps see if the lattice instructions for private registries have any
hints for you:

On Thu, Aug 27, 2015 at 4:50 PM, Tom Sherrod <tom.sherrod(a)> wrote:

Successfully deployed from a registry with a public cert.
A registry with a private/self-signed cert fails at the stager.
I've got the name of the registry in insecure_docker_registry_list and
insecure_docker_registry: true in the manifest.
On the cell, the garden-linux process is running with
On the stager, the stager process is running with -insecureDockerRegistry
Shouldn't theregistryname also be in stager arguments?

The error:
2015-08-27T18:43:00.50-0400 [STG/0] ERR builder exited with error:
failed to fetch metadata from [theregistryname/tom/diegotest] with tag
[latest] and insecure registries [] due to Invalid registry endpoint
https://theregistryname/v1/: Get https://theregistryname/v1/_ping: x509:
certificate signed by unknown authority. If this private registry supports
only HTTP or HTTPS with an unknown CA certificate, please add
`--insecure-registry theregistryname` to the daemon's arguments. In the
case of HTTPS, if you have access to the registry's CA certificate, no need
for the flag; simply place the CA certificate at

(change the hostname to "theregistryname" in this message...the real
hostname can be resolved and reached on each machine)
Thank you,

James Bayer

Join to automatically receive all group messages.