Comments (9)
Hi @wortner, sorry for the late reply!
Which version of the boring-registry are you using? The latest release 0.7.0
or latest main
?
What does your configuration look like? Could be, that you're using an API key within the registry, therefore the 403?
I'm using it like this with the latest main
:
module "consul_example" {
source = "localhost:5601/hashicorp/consul/aws"
version = "0.11.0"
}
or
module "consul_example" {
source = "boring-registry.example.com/hashicorp/consul/aws"
version = "0.11.0"
}
behind a reverse proxy
In my case I'm using an API key, so I need to configure it in my .terraformrc
:
credentials "boring-registry.example.com" {
token = "secretToken"
}
from boring-registry.
Maybe the setup I am using is wrong. Using latest main.
- running
./minio server registry
- I have been able to upload to Minio my module
- now I try to run
boring-registry server --storage-s3-bucket=registry --storage-s3-pathstyle=true --storage-s3-endpoint=http://localhost:9000 --storage-s3-region=us-west-2
having AWS_DEFAULT_REGION, AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID set to service account created in minio GUI - running
terraform init
with localhost givesdownload not supported for scheme 'localhost'
from boring-registry.
Thanks!
The download not supported for scheme 'localhost'
message suggests that the schema is not valid. To be honest, I haven't tested localhost
out, as my setup is a little different.
I think I had this problem before as well. I needed a name with multiple dots:
Module "consul_example" (declared at main.tf line 3) has invalid source address "localhost:5601/hashicorp/consul/aws": invalid module registry hostname: must contain at least one dot.
Another problem is that with source = "127.0.0.1:5601/hashicorp/consul/aws"
, Terraform is using HTTPS, so you need to pass a valid certificate with --tls-cert-file=self-signed.crt
and --tls-key-file=self-signed.key
.
I'm using boring-registry behind a reverse proxy with a certificate from let's encrypt :)
from boring-registry.
It is taking so much time just for being able to run TF locally. Can you please elaborate more on how do you setup your proxy?
from boring-registry.
I agree, Terraform registries are not really made to be run locally. In that case it's probably easier to use local paths.
Personally, I run boring-registry on Kubernetes behind ingress-nginx
. cert-manager
takes care of issueing a certificate from Let's Encrypt. I'm sure many other people do run it in a similar way.
For local testing, I'm generating the certificates with:
#!/usr/bin/env bash
set -eu
org=host.example.com
domain=host.example.com
sudo trust anchor --remove self-signed.crt || true
openssl genpkey -algorithm RSA -out self-signed.key
openssl req -x509 -key self-signed.key -out self-signed.crt \
-subj "/CN=$domain/O=$org" \
-days 365 \
-config <(cat /etc/ssl/openssl.cnf - <<END
[ x509_ext ]
basicConstraints = critical,CA:true
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
subjectAltName = DNS:$domain
END
) -extensions x509_ext
sudo trust anchor self-signed.crt
This generates a self-signed certificate and loads it into the trust anchor of the operating system (linux in my case) so that Terraform trusts the self-signed certificate. I then run boring-registry with
boring-registry server \
--tls-cert-file=self-signed.crt \
--tls-key-file=self-signed.key \
--storage-s3-region=eu-east-1 \
--storage-s3-bucket=boring-registry-test \
--storage-s3-endpoint=https://minio.example.com \
--storage-s3-pathstyle=true
The Terraform module source is specified like this:
module "consul_example" {
source = "host.example.com:5601/hashicorp/consul/aws"
version = "0.11.0"
}
The example.com
is my own domain in that case, and host.example.com
resolves to the machine where boring-registry is running. Similarly, minio.example.com
points to my minIO installation. Hope that helps, let me know if you have any other questions
from boring-registry.
I would be happy using just override files. But it is not possible to override just the source, the version is still merged in and local does not work with versions.
from boring-registry.
I'm not familiar with your use-case and problem you're trying to solve. It sounds like you're in a complex situation, though. Not sure how I can help you here unfortunately
from boring-registry.
I'm getting some strange communication using cert generated by your script. So far I will give up. Thanks for valuable help.
│ Error: Failed to download module
│
│ Could not download module "firewall_rules_external" (external-rules_override.tf:1) source code from "https://host.example.com/azurerm/company/firewall-rules": error downloading 'https://host.example.com/azurerm/company/firewall-rules': Get
│ "https://host.example.com/azurerm/company/firewall-rules?terraform-get=1": dial tcp 182.78.122.11:443: connect: connection refused
╵
╷
│ Error: Failed to download module
│
│ Could not download module "firewall_rules_internal" (internal-rules_override.tf:1) source code from "https://host.example.com:5601/azurerm/company/firewall-rules": error downloading 'https://host.example.com:5601/azurerm/company/firewall-rules': Get
│ "https://host.example.com:5601/azurerm/company/firewall-rules?terraform-get=1": x509: certificate signed by unknown authority
╵
from boring-registry.
The dial tcp 182.78.122.11:443: connect: connection refused
indicates that there is no port exposed or process listening on port 443
. And x509: certificate signed by unknown authority
indicates that Terraform is not able to find the certificate in the trusted store of the OS.
If you give up, feel free to close the issue. I'm glad you tried it. Best of luck!
from boring-registry.
Related Issues (20)
- Unable to query published provider info and local terraform init got error HOT 5
- helm chart references wrong authentication ENV variable HOT 1
- Multiple Static Authentication tokens in k8s setup HOT 1
- if `--ignore-existing=false` is set, existing modules in storage will clutter CI
- Migrate from hclv1 to hclv2
- clarification on uploading a provider HOT 6
- Support Azure Blob Storage HOT 8
- OIDC auth
- [Bug] Modules publishing to Cloud Storage are not appending extension HOT 5
- [Feature Request]: Support using local file system as storage HOT 7
- HTTP 500 rather than 404 HOT 2
- 0.11.2 container crashlooping HOT 3
- Flags or environment variables are not being enforced HOT 2
- support `network_mirror` configuration of `.terraformrc` HOT 2
- ghcr.io/boring-registry/boring-registry:v0.12.0 not available for anonymous pull HOT 2
- helm Chart // allow to add a true/false `extraEnv` HOT 1
- Build multi-arch container image HOT 1
- [Feature Request] Serve as proxy for remote storage HOT 7
- [BUG] Boring-registry upload concatenates file name with extension HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boring-registry.