Comments (5)
Hi @liuke0712! :)
Does it mean the server has already started?
Yes. This is also indicated by the http: server gave HTTP response to HTTPS client
you posted
and how I can query the provider info using the server API?
You can check that yourself by using command line tools like curl
to query boring-registry:
curl http://localhost:5601/v1/providers/hashicorp/azurerm/versions
Disclaimer: I didn't test the above command
Regarding the following error
Could not retrieve the list of available versions for provider localhost:5601/hashicorp/azurerm:
could not connect to localhost:5601:
Failed to request discovery document:
Get "https://localhost:5601/.well-known/terraform.json":
http: server gave HTTP response to HTTPS client
Your Terraform CLI tries to to connect to localhost:5601
with HTTPS (see https://localhost:5601/.well-known/terraform.json
from above), but the server gave HTTP response to HTTPS client
.
As far as I know, Terraform requires HTTPS. RIght now I see two options:
- pass a valid TLS certificate to the boring-registry command with
--tls-cert-file=self-signed.crt --tls-key-file=self-signed.key
for example - service the boring-registry API behind a reverse-proxy which has a valid certificate
Someone else had a similar problem to yours here: #73. I hope that helps!
Just out of curiosity, why do you want to serve the azurerm
provider from hashicorp with the boring-registry, instead of using the hashicorp registry directly? :)
from boring-registry.
Hi Oliver,
Much appreciated for your guide.
I generated a self-signed cert and key by
openssl req -x509 -nodes -sha256 -newkey rsa:2048 \
-keyout localhost.key -out localhost.crt \
-days 3650 \
-subj "/CN=localhost"
after adding
basicConstraints = critical,CA:true
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
subjectAltName = DNS:localhost
to /etc/ssl/openssl.cnf
but seems the certification is not compliant/accepted by terraform
266859644@C02D94YHML85 test % terraform init
Initializing the backend...
Initializing provider plugins...
- Finding localhost:5601/hashicorp/azurerm versions matching "3.24.0"...
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider
│ localhost:5601/hashicorp/azurerm: could not connect to localhost:5601:
│ Failed to request discovery document: Get
│ "https://localhost:5601/.well-known/terraform.json": x509: “localhost”
│ the certificate is not standards compliant
Wondering if is there any requirement for the generation of the TLS cert?
Related to your question, because our current tfe server cannot access the internet based on security considerations, we are using bundle for now, but intend to switch to a private provider solution. however, the private provider does not support provider invokes from a different organization. That is why we're looking for alternatives.
Thanks!
from boring-registry.
Wondering if is there any requirement for the generation of the TLS cert?
You need to check how the Terraform CLI works internally, I do now know that. With the script I posted in #73 , I was able to run it locally. I really can't help you here, sorry :/ Have you tried the bash script?
Related to your question, because our current tfe server cannot access the internet based on security considerations, we are using bundle for now, but intend to switch to a private provider solution. however, the private provider does not support provider invokes from a different organization. That is why we're looking for alternatives.
Interesting, thanks :)
from boring-registry.
You could maybe use some other tools to check why your certificate is not complying with the standards
from boring-registry.
Closing this issue due to inactivity and as it's more of a general question. Feel free to re-open it anytime!
from boring-registry.
Related Issues (20)
- Use a linter for Go in CI
- Unable to reference module from minIO backed registry HOT 9
- helm chart references wrong authentication ENV variable HOT 1
- Multiple Static Authentication tokens in k8s setup HOT 1
- if `--ignore-existing=false` is set, existing modules in storage will clutter CI
- Migrate from hclv1 to hclv2
- clarification on uploading a provider HOT 6
- Support Azure Blob Storage HOT 8
- OIDC auth
- [Bug] Modules publishing to Cloud Storage are not appending extension HOT 5
- [Feature Request]: Support using local file system as storage HOT 7
- HTTP 500 rather than 404 HOT 2
- 0.11.2 container crashlooping HOT 3
- Flags or environment variables are not being enforced HOT 2
- support `network_mirror` configuration of `.terraformrc` HOT 2
- ghcr.io/boring-registry/boring-registry:v0.12.0 not available for anonymous pull HOT 2
- helm Chart // allow to add a true/false `extraEnv` HOT 1
- Build multi-arch container image HOT 1
- [Feature Request] Serve as proxy for remote storage HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boring-registry.