Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for insecure-registries #47

Open
mschmieder opened this issue May 17, 2019 · 2 comments
Open

Support for insecure-registries #47

mschmieder opened this issue May 17, 2019 · 2 comments

Comments

@mschmieder
Copy link

Hi Stefan,

first of all I wanted to say that I'm impressed by this project and am using it on a daily basis for cross-platform development. It's really helping a lot! Thanks for the great work so far.

One of the things that I'm missing currently is the support for easily defining insecure-registries within the daemon.json on the windows hosts.

I was able to quickly hack in a solution for me that works but was wondering if that could be something that might be of interest to more people.

what I did so far was simply extending the create-machine.ps1 Powershell script by a single line

  $config = $config | Add-Member(@{ `
    hosts = @("tcp://0.0.0.0:2376", "npipe://"); `
    tlsverify = $true; `
    tlscacert = "$serverCertsPath\ca.pem"; `
    tlscert = "$serverCertsPath\server-cert.pem"; `
    tlskey = "$serverCertsPath\server-key.pem"; `
    "insecure-registries" = @("my.insecure.registry:4567"); `
    experimental = $experimental `
    }) -Force -PassThru

It probably would be great to be able to define this within the Vagrant environment.
I'm not a Powershell nor a Vagrant guru, so sorry for not providing a potential solution already.

Best,
Matthias

@StefanScherer
Copy link
Owner

I don‘t know exactly what is the best practice to do it. Maybe passing an optional environment variable from host to the provision script and add the optional key in the json during provisioning.

INSECURE_REGSTRIES=foo:4567 vagrant up

@mschmieder
Copy link
Author

I can show you on how I found a solution that works for us since the private registries are quite stable in our environments.

I modified the Vagrantfile to include the registries in the parameters for the setup script.

 config.vm.define "1903", autostart: false do |cfg|
    cfg.vm.box     = "windows_server_1903_docker"
    cfg.vm.provision "shell", path: "scripts/create-machine.ps1", args: "-machineHome #{home} -machineName 1903 -insecureRegistries registry.domain.com:5432,registry2.domain.com:4567"
  end

Therefore I had to patch some functions in the Powershell script to act on those parameters

function updateConfig {
  param ($daemonJson, $serverCertsPath, $enableLCOW, $experimental, $insecureRegistries)

[...]

  if ($insecureRegistries) {
      $config = $config | Add-Member(@{ `
          "insecure-registries" = $insecureRegistries.Split(','); `
      }) -Force -PassThru
  }
updateConfig "$dockerData\config\daemon.json" $serverCertsPath $enableLCOW $experimental $insecureRegistries

If you want I can create a pull request so you can see the changes better. Still I think this is not optimal right now since you'll have to patch the Vagrantfile. Maybe the in combination with your idea for the env variables might do the trick though.

Also I was not able to provide a list to the Powershell script. It always interpreted my list as a string, not sure why - that's why you see the split operation in the code snippet.

Thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants