• 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Setup trusted Docker registry on a Raspberry Pi to host netPI containers
#11
We currently using version 1.1.4.0, Portainer 1.19.2

Maybe i have to give you more detailled information

The registry is available at the address docker01.our_domain.local
I can ping docker01 or docker.our_domain.local from a container that is connected to the host network of the NetPi


I setup the custom registry in portainer with

name: docker01
url: docker01.our_domain.local (also tried docker01, https://docker01.....)
username: reg_user
password: regpassword

The result is always the same.

I also tried to do it with the REST API:

curl --insecure -H "Authorization: Bearer eyJ...." -H "Content-Type: application/json" -d '{"username":"user","password":"password","serveraddress":"https://docker01.our_domain.local"}' -X POST https://esta-netpi-01/portainer/api/endpoints/1/docker/auth

{"message":"Get https://docker01.our_domain.local/v2/: dial tcp: lookup atrdocker01.our_domain.local: no such host"}

When i use the ip address the result is of course:

{"message":"Get https://x.x.10.21/v2/: x509: cannot validate certificate for x.x.10.21 because it doesn't contain any IP SANs"}
  Reply
#12
Well, here is our story that turns your story the way around:

My colleague is running a virtual machine on his windows system. In this Linux VM he installed docker and a registry for me and he using MACVLAN driver to give the VM a separate IP address in our office network. We are both in the same subnet and also my personal netPI is in the same subnet since we use the same network switch in the office network.

The name of this VM is "ps-virtualbox" as the hostname tells us running the "hostname" command in the VM.

I can tell you now that I am not able to ping his VM with e.g "ping ps-virtualbox" command nor "ping ps-virtualbox.local" over my Windows PC nor from a container running on netPI. But I am to ping his ip address 10.11.5.54.

And now comes the BIG but: on my netPi I created a custom registry like you

   

and you believe it or not ... portainer.io is able to pull an image from this registry server even the registry cannot be pinged (I think it is the MACVLAN driver supressing it ):

   

So right now I have no clue why it does not work in your constellation. Here it does well.

How about to use the ip-address as docker URL instead of docker01?
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply
#13
I recheck my registry running on my Raspberry Pi 3 again. (used for the registry example in this thread by the way). It works like it should under the hostname myregistry. Both pi and netPI are in the same office network, same switch, same DHCP server.

So my settings in portainer are name: any, registry url: myregistry.local.

But let me explain you what here at hilscher happens. We have domains like you e.g. hilscher. But in the registry I never succeeded using "myregistry.hilscher.local" as registry. I always have to use "myregistry.local" as registry URL only. Maybe this helps in your case too.

The only thing I see to analyse the problem is hooking a managed switch to you netPI with a mirror port and listen to its outgoing network traffic and have a look what is really happening. We could check the same tomorrow in the office with wireshark using my netPI.

If nothing helps in the end you need to enter the ip address in the registry url finally till the problem is found why this happens. I know you did that, but one more word to your problem about {"message":"Get https://x.x.10.21/v2/: x509: cannot validate certificate for x.x.10.21 because it doesn't contain any IP SANs"}. The time you have created the certificate you had to fill out the alt names table and you have to add the ip address additionally

[ alt_names ]
DNS.1 = myregistry
DNS.2 = myregistry.local
DNS.3 = myregistry.domain
IP.1 = 127.0.0.1
IP.2 = <your servers IP address>

and then regenerate the certificate
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  https certificate issues in new nodered docker image Dipro 1 1,641 May-4th-2022, 05:46 AM
Last Post: Armin@netPI
  Portainer Stack fails to pull from private Registry Andi 5 5,219 February-16th-2022, 09:03 AM
Last Post: Armin@netPI
  Initial Setup of Control Panel with admin + admin thorws error Michi 4 2,662 January-28th-2022, 09:28 AM
Last Post: Michi
  Docker exposed port don't send data on eth0 COswald 3 3,074 July-15th-2021, 02:10 PM
Last Post: Armin@netPI
  Docker not enabled tad 10 4,756 July-14th-2021, 08:54 AM
Last Post: Armin@netPI
  netPI setup procedure tad 1 2,042 March-15th-2021, 05:48 AM
Last Post: Armin@netPI
  Docker amd64 instead of arm biancode 3 2,968 January-17th-2021, 09:40 PM
Last Post: Armin@netPI
  docker.service start failed EUROKEY 13 9,079 January-17th-2021, 07:52 PM
Last Post: Armin@netPI
  Get host MAC via REST API inside container bschandra 4 3,603 November-16th-2020, 09:26 AM
Last Post: bschandra
  netpi raspberry Hochschulstudent 1 2,282 August-12th-2020, 01:50 PM
Last Post: Armin@netPI

Forum Jump:


Users browsing this thread: 1 Guest(s)