Change subcloud local registry token auth realm to registry.local
In DC system, subcloud local registry token realm is currently set to oam floating IP address. When a new docker registry certificate is installed in central cloud and get synced to subcloud, access to local registry in subcloud is broken during certificate verfication, with error like the following: Error response from daemon: Get https://registry.local:9001/v2/: Get https://10.10.10.13:9002/token/?account=admin&client_id=docker& offline_token=true&service=192.168.101.2%3A9001: x509: certificate is valid for 192.168.204.2, 10.10.10.3, not 10.10.10.13 This change updated subcloud local registry's token auth realm to be domain name registry.local so the certificate verfication is against the DNS names in the certifcate. This makes the verfication succeed. Change-Id: I710e2e27461276db90cd9f9275655b5ecf00e342 Closes-Bug: 1851252 Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit is contained in:
parent
a713f9567d
commit
6adf744195
@ -66,7 +66,11 @@ class platform::dockerdistribution::config
|
||||
$docker_registry_host = $::platform::network::mgmt::params::controller_address_url
|
||||
$insecure_registries = $::platform::dockerdistribution::registries::insecure_registries
|
||||
|
||||
if $::platform::params::distributed_cloud_role == 'subcloud' {
|
||||
$docker_realm_host = 'registry.local'
|
||||
} else {
|
||||
$docker_realm_host = $::platform::haproxy::params::public_address_url
|
||||
}
|
||||
$runtime_config = '/etc/docker-distribution/registry/runtime_config.yml'
|
||||
$used_config = '/etc/docker-distribution/registry/config.yml'
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user