+- Hilscher Community Forum (https://forum.hilscher.com)
+-- Forum: netPI 3 - Docker featuring Industrial Raspberry Pi 3 platform (https://forum.hilscher.com/forum-1.html)
+--- Forum: Software (https://forum.hilscher.com/forum-5.html)
+--- Thread: Docker cannot find image (/thread-590.html)
Pages:
1
2
RE: Docker cannot find image - COswald - May-13th-2020
Here is the network layout...
and here the part of the syslog, while trying to pull...
nb-syslog.txt (Size: 2.21 KB / Downloads: 3)
crawling the DockerD line in the syslog pushed this issue
https://computingforgeeks.com/solve-docker-error-x509-certificate-signed-by-unknown-authority/
maybe, the CA-certs in the firmware-image are old?
RE: Docker cannot find image - Armin@netPI - May-13th-2020
This one is not ok
<30>1 2020-05-13T11:57:29+02:00 NTB827EB4241C8 dockerd 1929 - - time="2020-05-13T11:57:29.959897611+02:00" level=warning msg="Error getting v2 registry: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"
I need to verify this problem.
RE: Docker cannot find image - COswald - May-13th-2020
Hello Armin,
i got it!!!
And here is, how it works:
As you have already seen, there is a conflict with the certificate a
[ https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"]
The certificate has been exchanged on 30.04.2020!!!
Now I open https://registry-1.docker.io/v2/ in my browser, export the docker.io and the root certificate into seperate .DER files, and convert them into .PEMs
This can be installed into the box under [Control Panel] - [Security] - [Public Key Infrastructure], by uploading them in the [Trusted Certification Authorities] folder.
After installing, I became a error, that my login for Docker.io was refused. To pull from docker, no authorisation is required, so I made the switch "OFF" again.
And - here we go!
RE: Docker cannot find image - Armin@netPI - May-13th-2020
Ups ... and why does it work now? I don't understand.
In the background I have set up a brand new NIOT-TPI51-EN-RE with latest firmware V1.2.0.0 and it worked right away to pull the container hilschernetpi/netpi-raspbian
So what have you changed and why does it work here in the office with my device?
RE: Docker cannot find image - COswald - May-13th-2020
Hello Armin,
if you have the image on your box, docker will not try to pull it by itself.
So it takes the file out of the cache. Then you can not reproduce the failure.
In my opinion, the key are the new certificates.
Now the netPI is up and running.
Now I can get back in my main task...
https://forum.hilscher.com/Thread-using-node-js-on-NIOT-E-TP151-EN-RE
See you there...
Stay healthy, stay tuned,
Carsten
RE: Docker cannot find image - Armin@netPI - May-14th-2020
Hello Carsten,
we are still not able to see the CA certificate error with V1.2.0.0 software here. Are you sure you have used V1.2.0.0 software?
You see the device's software version on its web landing page in the right lower corner before you login.
Thx
Armin
RE: Docker cannot find image - COswald - May-18th-2020
Hello Armin,
at the end, it turns out as a very special firewall issue.
To make https working in our network, all devices have to trust the private certificate of the firewall. But this cert is private.
When I asked the guys, why the netPI cannot pull the containter, they make an exception for the website in the firewall, assuming the netPi could trust the firewalls own certificate by itsalf. but this was a mistake.
I got the same problem the starting to pull modules for the node.js . The certificate of GITHUB and NODEJS should be untrusted? Never, ever!
So, what's the conclusion:
If you have an enviroment with a firewall and encounter always problems with untrusted , obsolte or private certificates: suffocate the IT-guys until they give you a PEM-file with the self-signed certificat of the firewall. And after this, spent them a coffee and install this file in the security tab of the netPi and any container on this device.
Glad to read you again and kind regards,
Carsten