From ba7d6c3620bc675b8495e7e83165c5d0a06f56d6 Mon Sep 17 00:00:00 2001 From: SBCrumb Date: Tue, 9 Sep 2025 16:37:49 -0400 Subject: [PATCH] up --- .gitea/workflows/ci.yml | 19 ++++++++--------- configure-docker-insecure.md | 40 ++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 11 deletions(-) create mode 100644 configure-docker-insecure.md diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 74a1172..6dfb14d 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -54,19 +54,14 @@ jobs: LOCAL_REGISTRY="192.168.253.221:3000" echo "Registry: $LOCAL_REGISTRY" - # Configure Docker to use HTTP for local registry - echo '{ - "insecure-registries": ["'$LOCAL_REGISTRY'"] - }' > $DOCKER_CONFIG/config.json + # Note: Docker daemon must be pre-configured for insecure registry + # See configure-docker-insecure.md for setup instructions - # Also configure daemon (if we have permissions) - sudo mkdir -p /etc/docker 2>/dev/null || true - echo '{ - "insecure-registries": ["'$LOCAL_REGISTRY'"] - }' | sudo tee /etc/docker/daemon.json >/dev/null 2>&1 || echo "Could not update daemon.json (continuing anyway)" - sudo systemctl reload docker 2>/dev/null || echo "Could not reload docker daemon (continuing anyway)" + echo "Testing registry connectivity..." + curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible" - # Login to local registry with HTTP + # Login to local registry + echo "Attempting login to local registry..." echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin # Tag images for local registry @@ -88,6 +83,8 @@ jobs: fi else echo "❌ Local registry push failed" + echo "Please run: sudo systemctl restart docker" + echo "And configure /etc/docker/daemon.json with insecure-registries" docker images | grep nfoguard exit 1 fi diff --git a/configure-docker-insecure.md b/configure-docker-insecure.md new file mode 100644 index 0000000..d411555 --- /dev/null +++ b/configure-docker-insecure.md @@ -0,0 +1,40 @@ +# Manual Docker daemon configuration for insecure registry + +## 1. Configure Docker daemon to allow HTTP registry + +```bash +# On your gitea-lxc host, run this once: +sudo mkdir -p /etc/docker + +# Create or update daemon.json +sudo tee /etc/docker/daemon.json > /dev/null << 'EOF' +{ + "insecure-registries": ["192.168.253.221:3000"] +} +EOF + +# Restart Docker daemon +sudo systemctl restart docker + +# Wait for Docker to restart +sleep 5 + +# Verify Docker is running +sudo systemctl status docker +``` + +## 2. Test local registry push manually + +```bash +# Test login to local registry +docker login 192.168.253.221:3000 + +# Test push +docker pull hello-world +docker tag hello-world 192.168.253.221:3000/jskala/test:latest +docker push 192.168.253.221:3000/jskala/test:latest +``` + +## 3. Then run your workflow + +After configuring the daemon manually, the workflow should work without needing to modify daemon.json. \ No newline at end of file