Bug 1466427 - Registry console fails to accept self-signed cert
Registry console fails to accept self-signed cert
Status: NEW
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.5.0
Unspecified Unspecified
low Severity medium
: ---
: 3.9.0
Assigned To: Scott Dodson
Johnny Liu
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-29 10:38 EDT by Marko Myllynen
Modified: 2017-12-04 14:01 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marko Myllynen 2017-06-29 10:38:14 EDT
Description of problem:
In a containerized 3.5 installation Docker and other parts work well with a self-signed cert after doing something like:

    - name: Create Docker registry certificate directory
      file: path=/etc/docker/certs.d/{{ openshift_docker_additional_registries }} state=directory
      when: openshift_docker_additional_registries is defined

    - name: Copy Docker registry certificate for Docker
      copy: src=cert.crt dest=/etc/docker/certs.d/{{ openshift_docker_additional_registries }} follow=yes
      when: openshift_docker_additional_registries is defined

    - name: Copy Docker registry certificate for OpenShift tools
      copy: src=cert.crt dest=/etc/pki/ca-trust/source/anchors/registry.crt follow=yes
      register: certificate_update
      when: openshift_docker_additional_registries is defined

    - name: Update CA trust store
      command: /usr/bin/update-ca-trust
      when: certificate_update | changed

However, when accessing the registry console, and clicking Images on the left, the following error is displayed:

 Internal error occurred: Get https://registry.example.com:5000/v2/: x509: certificate signed by unknown authority. Timestamp: 2017-06-29T14:08:39Z Error count: 2 Edit image stream 

Once configured on the host, the registry-console container should recognize the self-signed cert as well, like other components do.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Marko Myllynen 2017-06-29 10:41:09 EDT
(In reply to Marko Myllynen from comment #0)
> 
> However, when accessing the registry console, and clicking Images on the
> left, the following error is displayed:
> 
>  Internal error occurred: Get https://registry.example.com:5000/v2/: x509:
> certificate signed by unknown authority. Timestamp: 2017-06-29T14:08:39Z
> Error count: 2 Edit image stream 

Minor clarification: to see the error, click on Images and then try to expand the default/registry-console shown on the right. Thanks.

Note You need to log in before you can comment on or make changes to this bug.