Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Unanswered
How to renew certificates on docker service registry?

Symptoms: lauching BOM backend pipeline it breaks with the followin error

https://docker-registry.local:5000/v2/ x509: certificate has expired or is not yet valid

Solution:

  1. Backup of the old certificate in the following folder

cp domain.crt /docker_data/certs/domain.crt

  1. Create the new certificate in the folder used by the registry.

Beware that the certificate must have CN=docker-registry.local,
the rest is not important.

cd /etc/docker/certs.d/docker-registry.local:5000/
openssl req -key /docker_data/certs/domain.key -new -x509 -days 730 -out /docker_data/certs/domain.crt

  1. Registry reboot (check the correct container ID by running docker ps command)

sudo docker container stop 843dd9153fdf
sudo docker container start 843dd9153fdf

  1. Copy the certificate to all docker clients used (with restart).

The certificate is in the /etc/docker/certs.d/docker-registry.local:5000/ folder.
cp domain.crt /etc/docker/certs.d/docker-registry.local:5000/
systemctl restart docker.

Note:

  • docker registry is in the 172.31.31.162 machine. All the above steps must be executed there.
  • the 4th step must be executed in the 172.31.31.161 too, where GitLab is running
  
  
Posted one year ago
Edited one year ago
Profile picture
Fabiano Izzo
0 3
Revisions Report
Votes Newest

Answers

Write your answer
7 Views
0 Answers
one year ago
one year ago
Tags
certificates docker expired renewal x509