0
votes

On ubuntu I have installed a local IBM Private Cloud cluster using this guide:

https://github.com/IBM/deploy-ibm-cloud-private/blob/master/docs/deploy-vagrant.md

Next I would like to push some local docker images I have on my host to the IBM cluster. I have found this guide:

https://www.ibm.com/support/knowledgecenter/en/SSBS6K_1.2.0/manage_images/using_docker_cli.html

where bullet 2 says:

Obtain the configure-registry-cert.sh script from your system administrator. The script is located in the /<installation_directory>/misc/configure-registry-cert.sh directory. You must obtain the IBM® Cloud private registry certificate script to pull and push images to the private image registry.

I have SSH'ed to the master container with:

vagrant ssh

but I have not been able to find /<installation_directory>/misc/configure-registry-cert.sh

in either /home/vagrant or /opt

UPDATE: I have found this guide:

https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0/manage_images/using_docker_cli.html

which says that you need to copy cert from master node to client machine (my host) with:

scp /etc/docker/certs.d/<cluster_CA_domain>\:8500/ca.crt \
root@<client_node>:/etc/docker/certs.d/<cluster_CA_domain>\:8500/

I created a password for root and copied /etc/docker/certs.d/mycluster.icp:8500/ca.crt from the master node to my local docker installation in /etc/docker/certs.d/mycluster.icp:8500/ca.crt

But when I then try to login I get the below error:

$ docker login mycluster.icp:8500
Username: admin
Password: 
Error response from daemon: Get https://mycluster.icp:8500/v2/: x509: certificate signed by unknown authority

where I specified admin as password (I use admin/admin for logging in to the web interface) since I have not found info on what credentials to use for that login.

Based on:

https://www.ibm.com/developerworks/community/blogs/fe25b4ef-ea6a-4d86-a629-6f87ccf4649e/entry/Working_with_the_local_docker_registry_from_Spectrum_Conductor_for_Containers?lang=en

it says that I first need to create a namespace and then a user for that namespace. I can create a namespace but I don't have an option to create a new user.

Any ideas on how to login to the docker registry?

And as requested below I can confirm that the ca.cert indeed is in the correct location on the master node:

$ vagrant ssh
Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.4.0-131-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

0 packages can be updated.
0 updates are security updates.


Last login: Thu Jul 26 19:59:18 2018 from 192.168.27.100
vagrant@master:~$ sudo passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
vagrant@master:~$ su
Password: 
root@master:/home/vagrant# ls -la /etc/docker/certs.d/mycluster.icp\:8500/
total 12
drwxr-xr-x 2 root root 4096 Jul 26 19:54 .
drwxr-xr-x 3 root root 4096 Jul 26 19:53 ..
-rw-r--r-- 1 root root 1850 Jul 26 19:54 ca.crt
root@master:/home/vagrant# 
1

1 Answers

0
votes

You can try to update your docker configuration to put <cluster_CA_domain>\:8500 registry in the insecure registry list.

/usr/bin/docker --insecure-registry docker-reg:5000 -d

you can update the docker service add --insecure-registry mycluster.icp:8500 in the docker option. then ```systemctl daemon-reload

systemctl restart docker```

And then you can try docker login mycluster.icp:8500 remember to add mycluster.icp in your /etc/hosts