[caasp-beta] Antw: CaaSP 1.0 beta 3 and external private docker registry with Portus

Martin Weiss Martin.Weiss at suse.com
Thu May 18 23:34:20 MDT 2017 

Hi Uli,

I am not sure if that is the problem and I can not test this at the moment... but depending on how the SSL certificates were created / used on the Registry - you need to export the public key of the CA that signed that certificate and then add this as trusted to the worker nodes. 
(copy to /etc/pki/trust/anchors and then execute /usr/sbin/update-ca-certificates)

Oh - and when installing Portus it is creating its own certificate with its own CA - not the SLES CA AFAIK...
So this is my workaround "before" Portus is installed and configured:
cp -av /etc/ssl/servercerts/servercert.pem /etc/ssl/servercerts/$(hostname -f)-ca.crt
cp -av /etc/ssl/servercerts/serverkey.pem /etc/ssl/servercerts/$(hostname -f)-ca.key
--> to make sure Portus uses the certificate that I already have for the server..

HTH
Martin



Hi list,

I want to connect my CaaSP 1.0 beta 3 installation ( adminnode, 
masternode and two worker nodes) with a private docker registry with 
portus in place.
So far I could set up a private docker registry with portus on a SLE 12 
SP2 installation using portus and docker-distribution-registry from the 
container module. Now I am struggeling to set up a SSL secured 
connection between the docker on CaaSP and the private registry.
I tried to copy over certificates from portus to docker on CaaSP but no 
success.
I then tried to create certificates on the admin node, signed with the 
ca located on the admin node, but this didn't work either, simple tests 
with curl failed, even giving 
--cacert=/etc/pki/trust/anchors/SUSE_CaaSP_CA.crt on cmd-line.

Any hints how to make this setup working?

Thank you.

Kind regards
Uli

-- 
Dr. Ulrich Schairer - Technical Architect SAP
SUSE LINUX GmbH, Maxfeldstrasse 5, 90409 Nürnberg,Germany
Mobil: +49-173-5876 824
Email: ulrich.schairer at suse.com
-----------------------------------------------------------------
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard,
Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
-----------------------------------------------------------------
http://www.suse.com

_______________________________________________
caasp-beta mailing list
caasp-beta at lists.suse.com
http://lists.suse.com/mailman/listinfo/caasp-beta

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20170518/e0b1e690/attachment.htm>

More information about the caasp-beta mailing list