How to use private insecure registry with torizoncore builder bundle command?

Hello,

I’m trying to use an insecure registry with torizoncore-builder bundle command. I have tried serving HTTP on a specified port, but I get the following error:

$ torizoncore-builder bundle --host-workdir $(pwd)
An unexpected Exception occured. Please provide the following stack trace to
the Toradex TorizonCore support team:


Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/docker/api/client.py", line 268, in _raise_for_status
    response.raise_for_status()
  File "/usr/local/lib/python3.9/dist-packages/requests/models.py", line 943, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: https://127.0.0.1:22376/v1.40/images/create?tag=latest&fromImage=10.0.0.100%3A80%2Fmy-image&platform=linux%2Farm%2Fv7

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/builder/torizoncore-builder", line 173, in <module>
    mainargs.func(mainargs)
  File "/builder/tcbuilder/cli/bundle.py", line 22, in bundle_containers
    dockerbundle.download_containers_by_compose_file(
  File "/builder/dockerbundle.py", line 285, in download_containers_by_compose_file
    image = dind_client.images.pull(image, platform=platform)
  File "/usr/local/lib/python3.9/dist-packages/docker/models/images.py", line 446, in pull
    pull_log = self.client.api.pull(
  File "/usr/local/lib/python3.9/dist-packages/docker/api/image.py", line 430, in pull
    self._raise_for_status(response)
  File "/usr/local/lib/python3.9/dist-packages/docker/api/client.py", line 270, in _raise_for_status
    raise create_api_error_from_http_exception(e)
  File "/usr/local/lib/python3.9/dist-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation)
docker.errors.APIError: 500 Server Error for https://127.0.0.1:22376/v1.40/images/create?tag=latest&fromImage=10.0.0.100%3A80%2Fmy-image&platform=linux%2Farm%2Fv7: Internal Server Error ("Get https://10.0.0.100:80/v2/: http: server gave HTTP response to HTTPS client")

And if I try to serve the registry through HTTPS with self signed certificates:

$ torizoncore-builder bundle --host-workdir $(pwd)
An unexpected Exception occured. Please provide the following stack trace to
the Toradex TorizonCore support team:


Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/docker/api/client.py", line 268, in _raise_for_status
    response.raise_for_status()
  File "/usr/local/lib/python3.9/dist-packages/requests/models.py", line 943, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: https://127.0.0.1:22376/v1.40/images/create?tag=latest&fromImage=10.0.0.100%2Fmy-image&platform=linux%2Farm%2Fv7

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/builder/torizoncore-builder", line 173, in <module>
    mainargs.func(mainargs)
  File "/builder/tcbuilder/cli/bundle.py", line 22, in bundle_containers
    dockerbundle.download_containers_by_compose_file(
  File "/builder/dockerbundle.py", line 285, in download_containers_by_compose_file
    image = dind_client.images.pull(image, platform=platform)
  File "/usr/local/lib/python3.9/dist-packages/docker/models/images.py", line 446, in pull
    pull_log = self.client.api.pull(
  File "/usr/local/lib/python3.9/dist-packages/docker/api/image.py", line 430, in pull
    self._raise_for_status(response)
  File "/usr/local/lib/python3.9/dist-packages/docker/api/client.py", line 270, in _raise_for_status
    raise create_api_error_from_http_exception(e)
  File "/usr/local/lib/python3.9/dist-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation)
docker.errors.APIError: 500 Server Error for https://127.0.0.1:22376/v1.40/images/create?tag=latest&fromImage=10.0.0.100%2Fmy-image&platform=linux%2Farm%2Fv7: Internal Server Error ("Get https://10.0.0.100/v2/: x509: certificate signed by unknown authority")

Unfortunately it is extremely difficult for me to get a valid https cert on my network.

I’m able to work with this registry locally by adding it to “insecure-registries” in daemon.json docker config. Is there any way to do this with torizoncore-builder?

Greetings @hordur,

It might be possible that your insecure registry isn’t properly configured with Docker. This thread here seems to suggest a fix in the docker daemon.json file: https://stackoverflow.com/questions/49674004/docker-repository-server-gave-http-response-to-https-client

Could you give this a try perhaps?

Best Regards,
Jeremias

As I mentioned, I am already able to work with the private unsecure registry by adding a “insecure-registries” line to my hosts daemon.json. The problem seems to be that when the Docker in docker instance within the builder is started, it does not inherit these settings.

After seeing this https://github.com/docker-library/docker/issues/131 , I tested editing /builder/dockerbundle.py within the torizoncore-builder container to include:

dind_cmd = [ “–storage-driver”, “overlay2”, “–insecure-registry”, “10.0.0.100”]

instead of the original line, and then the bundle command works with my registry. Perhaps a way to pass in this option could be added to the bundle command?

Ahh the interaction here with Docker in Docker makes sense. I’ll report your fix to the team and we’ll see internally if it makes sense to integrate this. Thank you for reporting/investigating this, much appreciated.

Best Regards,
Jeremias