Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build include private registry follows error in bootstrap "x509: certificate signed by unknown authority" #287

Open
aseelert opened this issue Apr 28, 2022 · 1 comment
Open

Build include private registry follows error in bootstrap "x509: certificate signed by unknown authority" #287

aseelert opened this issue Apr 28, 2022 · 1 comment
Labels
question/support This is not a bug but a question or support

Comments

@aseelert
Copy link

aseelert commented Apr 28, 2022
edited
Loading

I used following snip setting in ocp4-helpernode/vars.yaml

setup_registry:
  deploy: true
  autosync_registry: false
  registry_image: docker.io/library/registry:2
  local_repo: "ocp4/openshift4"
  product_repo: "openshift-release-dev"
  release_name: "ocp-release"
  release_tag: "4.8.14-x86_64"
  registry_user: "admin"
  registry_password: "admin"

here my ignition build

apiVersion: v1
baseDomain: example.com
compute:
- hyperthreading: Enabled
  name: worker
  replicas: 2
controlPlane:
  hyperthreading: Enabled
  name: master
  replicas: 3
metadata:
  name: ocp4
networking:
  clusterNetworks:
  - cidr: 10.254.0.0/16
    hostPrefix: 24
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16
platform:
  none: {}
pullSecret: '$(< ~/.openshift/pull-secret)'
sshKey: '$(< ~/.ssh/helper_rsa.pub)'
imageContentSources:
- mirrors:
  - registry.ibmas-ocp4.ibmas-localdomain.com:5000/ocp-release/openshift4
  source: quay.io/openshift-release-dev/ocp-release
- mirrors:
  - registry.ibmas-ocp4.ibmas-localdomain.com:5000/ocp-release/openshift4
  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev

so registry and certificates got created and Rodman started correctly.
But while starting the bootstrap node, I get the following error for my mirrored registry

https://registry.ibmas-ocp4.ibmas-localdomain.com:5000/v2/": x509: certificate signed by unknown authority]): quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: error pinging docker registry quay.io: Get "https://quay.io/v2/": dial tcp: lookup quay.io on 192.168.7.1:53: read udp 192.168.7.20:44803->192.168.7.1:53: i/o timeout Apr 28 12:26:50 bootstrap.ibmas-ocp4.ibmas-localdomain.com release-image-download.sh[1265]: Pull failed. Retrying quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb... Apr 28 12:27:31 bootstrap.ibmas-ocp4.ibmas-localdomain.com release-image-download.sh[1265]: Error: Error initializing source docker://quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: (Mirrors also failed: [registry.ibmas-ocp4.ibmas-localdomain.com:5000/ocp-release/openshift4@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: error pinging docker registry registry.ibmas-ocp4.ibmas-localdomain.com:5000: Get "https://registry.ibmas-ocp4.ibmas-localdomain.com:5000/v2/": x509: certificate signed by unknown authority]): quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: error pinging docker registry quay.io: Get "https://quay.io/v2/": dial tcp: lookup quay.io on 192.168.7.1:53: read udp 192.168.7.20:40804->192.168.7.1:53: i/o timeout Apr 28 12:27:31 bootstrap.ibmas-ocp4.ibmas-localdomain.com release-image-download.sh[1265]: Pull failed. Retrying quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb... Apr 28 12:28:11 bootstrap.ibmas-ocp4.ibmas-localdomain.com release-image-download.sh[1265]: Error: Error initializing source docker://quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: (Mirrors also failed: [reg
@christianh814 christianh814 added the question/support This is not a bug but a question or support label May 31, 2022
@christianh814
Copy link
Contributor

You need to add the certificate bundle for the registry

There probably should be something in the doc about this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question/support This is not a bug but a question or support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@christianh814 @aseelert