Docker supports private registries and there are a few writeups on how to setup a private Docker registry.
You can switch docker to use your local registry with the “docker login” command:
docker login -u httpuser -p httppassword -e [email protected] https://docker.yourcompany.com
Since you run a private registry you most likely use a self-signed certificate. Docker insists on checking your certificate against a Certificate Authority.
If you are used to OpenSSL and put your CA certificate in /etc/ssl/certs and created a hash link and it still doesn’t work, here is the solution:
Docker is written in go, go looks up the CA certificates in the following files:
Go crypto source reference
You have to attach your CA cert to one of those files as well.
H/T to Jérôme Petazzoni
j j j
Time does change. Our common (civil) time is defined as a full rotation of our planet relative to our sun, but Earth wobbles a bit so every day is a little bit longer or shorter, and we are generally slowing down, ever so slowly.
The International Earth Rotation and Reference Systems Service publishes the Earth’s daily rotation speeds, and they decide when we should have leap seconds snuck into the official clocks of the world to account for the wobbliness.
j j j
I run a VPC on Amazon and have a VPN connection to my office network using a Cisco ASA firewall. My team keeps getting their SSH connections dropped with “Write failed: Broken pipe” at quite frequent intervals. Since this doesn’t happen when we connect directly to VPC instances, I set out to investigate.
debug crypto condition peer IPADDRESS <- limit your crypto debug output to a given vpn endpoint
debug crypto ipsec 7
debug crypto isakmp 7
I found that the Amazon Virtual Private Gateway frequently doesn’t answer the dead peer detection queries! Cisco decides to terminate the VPN session with “Lost Service”, and starts a new session. If you see “Received encrypted packet with no matching SA, dropping” in your ASA logs, this could also be the culprit.
Put “isakmp keepalive disable” in your tunnel-group config and see if it fixes your issue. You will have to reset your connection.
NOTE: On the Cisco ASA keepalives are enabled by default. If you don’t have an “isakmp keepalive disable” then the default settings will be in effect, which is threshold 10 retry 2
j j j
If you like your database loosely defined, take a look at PostgreSQL’s hstore module, starting around version 8.3:
After enabling this module, you can add an “hstore” type column to your table, then store any number of key/value pairs in that column, as long as each key and each value is smaller than 64k.
This in itself is not that big of a deal, you have always been able to store stuff in columns, but hstore allows searching on keys!
j j j
Matt Ringel (@ringel) says this frequently about Go: “lose your first 3,000 games as fast as you can.” You learn a lot from your failures. If you take this literally, the Android app Hactar Go Lite is a perfect way to learn go.
Hactar starts you out with simple Go problems and as you find your own solutions it lets you advance gradually. By the time you finish all the problems you will have developed your own strategy and what’s equally important you will recognize an unwinnable situation early on! Because knowing when to stop doing something is key to overall success.
Now apply this thought to other areas of your life. Is this relevant anywhere else?
j j j
Heads-up Display (HUD) in my rental car, showing speed, directions and local speed limits:
j j j