Secure private registry not working via ADD_REGISTRY

General Discussions
1

Hi,

I’ve been working on getting a secure docker registry working. I’m nearly there, but I seem to fall at the final hurdle.

On the server that the registry is running on I can login and push images. I can sign-in to the registry from a browser and use v2/_catalog to see that the images are present. I can even pull images from a remote server too. The problems arise when I try to configure a remote server to to automatically search the registry.

The following procedure shows how I’m testing the registry. The key point is that if I specify ‘server.company.local:5043/test_httpd’ as part of the ‘docker pull’ command it works, but that if I rely on the settings in /etc/sysconfig/docker it does not.

#  grep REGISTRY /etc/sysconfig/docker
ADD_REGISTRY='--add-registry server.company.local:5043 --add-registry registry.access.redhat.com'
INSECURE_REGISTRY='--insecure-registry server.company.local:5043'

# systemctl restart docker

#  docker login server.company.local:5043
Username (david.evans):
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded

# docker pull server.company.local:5043/test_httpd
Using default tag: latest
Trying to pull repository server.company.local:5043/test_httpd ... latest: Pulling from test_httpd
c4f590bbcbe3: Downloading [=========>                                         ] 32.21 MB/166.1 MB
af8e94d8dd7d: Download complete
9c52fae0eb41: Downloading [==>                                                ] 28.52 MB/564.9 MB
f5595838829c: Download complete
e746d230cfe5: Download complete
6a98bbf0e7dc: Download complete
c0fbe475e147: Download complete

# docker pull test_httpd
Using default tag: latest
Trying to pull repository server.company.local:5043/test_httpd ... not found
Trying to pull repository registry.access.redhat.com/test_httpd ... not found
Trying to pull repository docker.io/library/test_httpd ... not found
Error: image library/test_httpd:latest not found

I feel like it must be something trivial in the way I have configured ‘ADD_REGISTRY=’, but I can’t see what. Does anyone know why this is not working or how I could troubleshoot it?

Thanks in advance for any assistance.

EDIT: I meant to say that I have experimented with ‘INSECURE_REGISTRY=’ - it makes no difference if I configure it or not.

2

Do you have Proxy setup ?

you may need to add one more entry if you use proxy
NO_PROXY=‘server.company.local’

3

From my own research this is because the ADD-REGISTRY flag is only available in the Red Hat fork. Why this isn’t a ‘feature’ in native docker is beyond me.