Tuesday, November 15, 2016

Docker Registry - How to use Local Host Volume or OpenStack Swift as Docker Image Repository

***outline***

1. Leverage Docker Registry Container to allow Docker Image Repository in Local Host Disk Volume ( Local Directory

2. Build and Leverage Docker Registry Container ( v1 ) to allow Remote Docker Image Repository on OpenStack Swift

  a. Build a Customized Docker Registry Container Image
  b. Push Customized Docker Registry Image
  c. Push Customized Docker Image ( Ubuntu with ffmpeg and Python SwiftClient )

3. Leverage Docker Registry Container ( v2 ) image directly 
  a. Docker Run standard Registry Image directly
  b. Fetch configuration file into container

4. Setup insecure access from remote

***Use Local as Docker Image Repository***

===docker run registry container=== $ docker run -d -p 5000:5000 --restart=always --name registry registry:2 Unable to find image 'registry:2' locally 2: Pulling from library/registry Digest: sha256:1152291c7f93a4ea2ddc95e46d142c31e743b6dd70e194af9e6ebe530f782c17 Status: Downloaded newer image for registry:2 Ed13754c8994680f9efd12d58ea3d36632c4be7a4a825f65c9cf5793e1949e5a ===Or point the docker registry at special "host" directory for running registry container=== $ docker run -d -p 5000:5000 --restart=always --name registry \ -v `pwd`/data:/var/lib/registry \ registry:2 ===docker volume=== PS: -v for volumen, -v <host directory>:<container directory> For example: -v /src/webapp:/webapp This is mounts the host directory, /src/webapp, into the container at /webapp. If the path /webapp already exists inside the container's image, the /src/webapp mount overlays but does not remove the pre-existing content ===docker pull image your want=== user@ubuntu:~/Desktop/registry$ docker pull hello-world or user@ubuntu:~/Desktop/registry$ docker pull chianingwang/ffmpeg_swift $e.g $ docker pull hello-world output Using default tag: latest latest: Pulling from library/hello-world c04b14da8d14: Pull complete Digest: sha256:0256e8a36e2070f7bf2d0b0763dbabdd67798512411de4cdcf9431a1feb60fd9 Status: Downloaded newer image for hello-world:latest ===docker tag image=== user@ubuntu:~/Desktop/registry$ docker tag hello-world localhost:5000/myfirstimage Or user@ubuntu:~/Desktop/registry$ docker tag chianingwang/ffmpeg_swift localhost:5000/ffmpeg_swift ===docker push image back to repository=== user@ubuntu:~/Desktop/registry$ docker push localhost:5000/myfirstimage The push refers to a repository [localhost:5000/myfirstimage] a02596fdd012: Pushed latest: digest: sha256:a18ed77532f6d6781500db650194e0f9396ba5f05f8b50d4046b294ae5f83aa4 size: 524 OR user@ubuntu:~/Desktop/registry$ docker push localhost:5000/ffmpeg_swift The push refers to a repository [localhost:5000/ffmpeg_swift] f83e8a3fdfe9: Pushed d6ceb43d6adb: Pushed 91300e2dcc40: Pushed cb06ae3a1786: Pushed 0e20f4f8a593: Pushed 1633f88f8c9f: Pushed 46c98490f575: Pushed 8ba4b4ea187c: Pushed c854e44a1a5a: Pushed latest: digest: sha256:34e64669bf4d2b38ea8c03f37ecd28b9f7f335d5bed263aaa86ca28f57c846c9 size: 2200 ===docker pull for testing=== user@ubuntu:~/Desktop/registry$ docker pull localhost:5000/ffmpeg_swift Using default tag: latest latest: Pulling from myfirstimage Digest: sha256:a18ed77532f6d6781500db650194e0f9396ba5f05f8b50d4046b294ae5f83aa4 Status: Image is up to date for localhost:5000/myfirstimage:latest ===docker remove registry container=== $ docker stop registry && docker rm -v registry registry Registry ===docker pull testing against with docker hub and local=== user@ubuntu:/var$ time docker pull chianingwang/ffmpeg_swift Using default tag: latest latest: Pulling from chianingwang/ffmpeg_swift Digest: sha256:34e64669bf4d2b38ea8c03f37ecd28b9f7f335d5bed263aaa86ca28f57c846c9 Status: Image is up to date for chianingwang/ffmpeg_swift:latest real 0m1.566s user 0m0.016s sys 0m0.024s user@ubuntu:/var$ time docker pull localhost:5000/myfirstimage Using default tag: latest latest: Pulling from myfirstimage Digest: sha256:34e64669bf4d2b38ea8c03f37ecd28b9f7f335d5bed263aaa86ca28f57c846c9 Status: Image is up to date for localhost:5000/myfirstimage:latest real 0m0.077s user 0m0.024s sys 0m0.024s

***Use Swift as Docker Image Repository***

If your Swift Auth is v1 then you can do either build your own customized registry image and create container base on it or you can simulate swift auth credential from v1 to v2. The example as below might give you more detail.

In reality is current most update docker registry image won't work with auth/v1.0 and only work for auth/v2.0 or later.
user@ubuntu:~/Desktop$ mkdir registry

user@ubuntu:~/Desktop$ cd registry

user@ubuntu:~/Desktop/registry$ git clone https://github.com/docker/docker-registry.git
Cloning into 'docker-registry'...
remote: Counting objects: 7007, done.
remote: Total 7007 (delta 0), reused 0 (delta 0), pack-reused 7007
Receiving objects: 100% (7007/7007), 1.69 MiB | 2.16 MiB/s, done.
Resolving deltas: 100% (4101/4101), done.
Checking connectivity... done.

===vi Dockerfile and put content as below in there===
user@ubuntu:~/Desktop/registry$ vi Dockerfile

PS:Build a registry-swift Image
The official registry container image does not include the Swift storage driver. 
Nor does it include an option in the sample configuration to override the driver's swift_auth_version from its default value of 2. 
You need both to work with Swift Object Storage. 
You can get both by building your own image starting from the official registry image via Dockerfile

On your VM, create a Dockerfile and fill it with the following commands.

===I try newer registry image but newer registry is not supporting during my testing===
user@ubuntu:~/Desktop/registry$ cat Dockerfile
#start from a registry release known to work
FROM registry:0.7.3
# get the swift driver for the registry
RUN pip install docker-registry-driver-swift==0.0.1
# Swift uses v1 auth and the sample config doesn't have an option
# for it so inject one
RUN sed -i '91i\    swift_auth_version: _env:OS_AUTH_VERSION' /docker-registry/config/config_sample.yml

user@ubuntu:~/Desktop/registry$ docker build -t chianingwang/registry-swift:0.7.3 .
Sending build context to Docker daemon 2.567 MB
Step 1 : FROM registry:0.7.3
0.7.3: Pulling from library/registry
a3ed95caeb02: Pull complete
831a6feb5ab2: Pull complete
b32559aac4de: Pull complete
5e99535a7b44: Pull complete
aa076096cff1: Pull complete
423664404a49: Pull complete
a80e194b6d44: Pull complete
b77ea15f690f: Pull complete
b6de41721ec3: Pull complete
9b59b437f9f7: Pull complete
d76adb3b394d: Pull complete
60dcc9127244: Pull complete
9e72c0494fc3: Pull complete
936a60cdd427: Pull complete
Digest: sha256:e3ba9e4eba5320844c0a09bbe1a964c8c43758dcea5ddda042d1ceb88e6a00ff
Status: Downloaded newer image for registry:0.7.3
 ---> 89eba9a6d8af
Step 2 : RUN pip install docker-registry-driver-swift==0.0.1
 ---> Running in 8531b6e481d5
Downloading/unpacking docker-registry-driver-swift==0.0.1
  Downloading docker-registry-driver-swift-0.0.1.tar.gz
  Running setup.py (path:/tmp/pip_build_root/docker-registry-driver-swift/setup.py) egg_info for package docker-registry-driver-swift

Downloading/unpacking python-swiftclient>=2.0 (from docker-registry-driver-swift==0.0.1)
Requirement already satisfied (use --upgrade to upgrade): docker-registry-core>=1,<2 in /usr/local/lib/python2.7/dist-packages (from docker-registry-driver-swift==0.0.1)
Requirement already satisfied (use --upgrade to upgrade): six>=1.5.2 in /usr/lib/python2.7/dist-packages (from python-swiftclient>=2.0->docker-registry-driver-swift==0.0.1)
Downloading/unpacking futures>=3.0 (from python-swiftclient>=2.0->docker-registry-driver-swift==0.0.1)
  Downloading futures-3.0.5-py2-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): requests>=1.1 in /usr/local/lib/python2.7/dist-packages (from python-swiftclient>=2.0->docker-registry-driver-swift==0.0.1)
Requirement already satisfied (use --upgrade to upgrade): redis==2.9.1 in /usr/local/lib/python2.7/dist-packages (from docker-registry-core>=1,<2->docker-registry-driver-swift==0.0.1)
Requirement already satisfied (use --upgrade to upgrade): boto==2.27.0 in /usr/local/lib/python2.7/dist-packages (from docker-registry-core>=1,<2->docker-registry-driver-swift==0.0.1)
Installing collected packages: docker-registry-driver-swift, python-swiftclient, futures
  Running setup.py install for docker-registry-driver-swift
    Skipping installation of /usr/local/lib/python2.7/dist-packages/docker_registry/__init__.py (namespace package)
    Skipping installation of /usr/local/lib/python2.7/dist-packages/docker_registry/drivers/__init__.py (namespace package)

    Installing /usr/local/lib/python2.7/dist-packages/docker_registry_driver_swift-0.0.1-nspkg.pth
Successfully installed docker-registry-driver-swift python-swiftclient futures
Cleaning up...
 ---> a7166079ff89
Removing intermediate container 8531b6e481d5
Step 3 : RUN sed -i '91i\    swift_auth_version: _env:OS_AUTH_VERSION' /docker-registry/config/config_sample.yml
 ---> Running in fecabee560d7
 ---> 62fe241d46bc
Removing intermediate container fecabee560d7
Successfully built 62fe241d46bc

===docker run a container name chianingwang/registry-swift:0.7.3===
user@ubuntu:~/Desktop/registry$ docker run -it -d \
     -e SETTINGS_FLAVOR=swift \
     -e OS_AUTH_URL='http://172.28.128.4/auth/v1.0' \
     -e OS_AUTH_VERSION=1 \
     -e OS_USERNAME='ss' \
     -e OS_PASSWORD='ss' \
     -e OS_CONTAINER='docker-registry' \
     -e GUNICORN_WORKERS=8 \
     -p 127.0.0.1:5000:5000 \
     chianingwang/registry-swift:0.7.3
33c1bf492186312417fd334b6c179145a2c2792fb70d450811229f3dc0d24710

===chianingwang is my docker hub account, I think you can use any===
user@ubuntu:~/Desktop/registry$ docker tag chianingwang/registry-swift:0.7.3 127.0.0.1:5000/chianingwang/registry-swift:0.7.3
PS: <Repository>/<Image>
e.g.: 127.0.0.1:5000/registry-swift:0.7.3
===push to swift container call "docker-registry"===
user@ubuntu:~/Desktop/registry$ docker push 127.0.0.1:5000/chianingwang/registry-swift:0.7.3
The push refers to a repository [127.0.0.1:5000/chianingwang/registry-swift]
0b0a944a7424: Image successfully pushed
ba63d14c7eb1: Image successfully pushed
5f70bf18a086: Image successfully pushed
82e832bb77b7: Image successfully pushed
f35db88c0ec5: Image successfully pushed
b604b17eb6f0: Image successfully pushed
1ef0390143c5: Image successfully pushed
96c54000b8e7: Image successfully pushed
91d310d4dfdc: Image successfully pushed
5585f477130c: Image successfully pushed
d231e7d76582: Image successfully pushed
02594e52fdc5: Image successfully pushed
ceddf6185bdf: Image successfully pushed
874f34b4a164: Image successfully pushed
1ed6001661c5: Image successfully pushed
3d841e359484: Image successfully pushed
Pushing tag for rev [62fe241d46bc] on {http://127.0.0.1:5000/v1/repositories/chianingwang/registry-swift/tags/0.7.3}

===display result===
user@ubuntu:~/Desktop/registry$ swift -A http://172.28.128.4/auth/v1.0 -U ss -K ss list docker-registry
registry/images/011902a6c2f2acb7896c9045d5f3cc85c1c03ca6dd7349aaa91a830ce985bd69/_checksum
registry/images/011902a6c2f2acb7896c9045d5f3cc85c1c03ca6dd7349aaa91a830ce985bd69/ancestry
registry/images/011902a6c2f2acb7896c9045d5f3cc85c1c03ca6dd7349aaa91a830ce985bd69/json
registry/images/011902a6c2f2acb7896c9045d5f3cc85c1c03ca6dd7349aaa91a830ce985bd69/layer
registry/images/013a8d70c9468974a361f88e023e9150bc3d9ecbb319a64b65415b888382d2d4/_checksum
registry/images/013a8d70c9468974a361f88e023e9150bc3d9ecbb319a64b65415b888382d2d4/ancestry
registry/images/013a8d70c9468974a361f88e023e9150bc3d9ecbb319a64b65415b888382d2d4/json
registry/images/013a8d70c9468974a361f88e023e9150bc3d9ecbb319a64b65415b888382d2d4/layer
registry/images/19c8e070c616910eeb634e582f0bd98c4b6c84607df0934ec2bafd3dfc7ebeb2/_checksum
registry/images/19c8e070c616910eeb634e582f0bd98c4b6c84607df0934ec2bafd3dfc7ebeb2/ancestry
registry/images/19c8e070c616910eeb634e582f0bd98c4b6c84607df0934ec2bafd3dfc7ebeb2/json
registry/images/19c8e070c616910eeb634e582f0bd98c4b6c84607df0934ec2bafd3dfc7ebeb2/layer
registry/images/3f97b2fe4ed247923e93be4ace48588e7d888b592035ce4e813823760b9ad26c/_checksum
registry/images/3f97b2fe4ed247923e93be4ace48588e7d888b592035ce4e813823760b9ad26c/ancestry
registry/images/3f97b2fe4ed247923e93be4ace48588e7d888b592035ce4e813823760b9ad26c/json
registry/images/3f97b2fe4ed247923e93be4ace48588e7d888b592035ce4e813823760b9ad26c/layer
registry/images/5f2e9b4054ba78cfd2e076dd8f0aad16ed3b7509b6d12f82f2691777d128c7e5/_checksum
registry/images/5f2e9b4054ba78cfd2e076dd8f0aad16ed3b7509b6d12f82f2691777d128c7e5/ancestry
registry/images/5f2e9b4054ba78cfd2e076dd8f0aad16ed3b7509b6d12f82f2691777d128c7e5/json
registry/images/5f2e9b4054ba78cfd2e076dd8f0aad16ed3b7509b6d12f82f2691777d128c7e5/layer
registry/images/5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef/_checksum
registry/images/5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef/ancestry
registry/images/5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef/json
registry/images/5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef/layer
registry/images/62fe241d46bc158d5831cbe6055f1d361e28daeb093d2d7d1e8d1106961b871e/_checksum
registry/images/62fe241d46bc158d5831cbe6055f1d361e28daeb093d2d7d1e8d1106961b871e/ancestry
registry/images/62fe241d46bc158d5831cbe6055f1d361e28daeb093d2d7d1e8d1106961b871e/json
registry/images/62fe241d46bc158d5831cbe6055f1d361e28daeb093d2d7d1e8d1106961b871e/layer
registry/images/7476fb1fbb436b12d7df5f6eab4bfb1ef3b474cebb14477cc1ecd3526ff52a0e/_checksum
registry/images/7476fb1fbb436b12d7df5f6eab4bfb1ef3b474cebb14477cc1ecd3526ff52a0e/ancestry
registry/images/7476fb1fbb436b12d7df5f6eab4bfb1ef3b474cebb14477cc1ecd3526ff52a0e/json
registry/images/7476fb1fbb436b12d7df5f6eab4bfb1ef3b474cebb14477cc1ecd3526ff52a0e/layer
registry/images/75cce76944525454cfdd9d6b98c3278b011f17176f7f2957509fece6cd82f9f0/_checksum
registry/images/75cce76944525454cfdd9d6b98c3278b011f17176f7f2957509fece6cd82f9f0/ancestry
registry/images/75cce76944525454cfdd9d6b98c3278b011f17176f7f2957509fece6cd82f9f0/json
registry/images/75cce76944525454cfdd9d6b98c3278b011f17176f7f2957509fece6cd82f9f0/layer
registry/images/80222d5d1fa4b5ce046268bf4c0fc7d6d4b97214ea4deccd5a8ffdd4bf71da9d/_checksum
registry/images/80222d5d1fa4b5ce046268bf4c0fc7d6d4b97214ea4deccd5a8ffdd4bf71da9d/ancestry
registry/images/80222d5d1fa4b5ce046268bf4c0fc7d6d4b97214ea4deccd5a8ffdd4bf71da9d/json
registry/images/80222d5d1fa4b5ce046268bf4c0fc7d6d4b97214ea4deccd5a8ffdd4bf71da9d/layer
registry/images/85e579e8212bbccedc09b829bda10498f4901161858999e79d9c277c308abc8d/_checksum
registry/images/85e579e8212bbccedc09b829bda10498f4901161858999e79d9c277c308abc8d/ancestry
registry/images/85e579e8212bbccedc09b829bda10498f4901161858999e79d9c277c308abc8d/json
registry/images/85e579e8212bbccedc09b829bda10498f4901161858999e79d9c277c308abc8d/layer
registry/images/8cecfbb6b0609ba2c24113b2ee51231091453c2ecac8624e7600efe3ae18dff0/_checksum
registry/images/8cecfbb6b0609ba2c24113b2ee51231091453c2ecac8624e7600efe3ae18dff0/ancestry
registry/images/8cecfbb6b0609ba2c24113b2ee51231091453c2ecac8624e7600efe3ae18dff0/json
registry/images/8cecfbb6b0609ba2c24113b2ee51231091453c2ecac8624e7600efe3ae18dff0/layer
registry/images/90dca6dc942b121b693d193595588f258ee75a1404977f62e70bb4ef757a239a/_checksum
registry/images/90dca6dc942b121b693d193595588f258ee75a1404977f62e70bb4ef757a239a/ancestry
registry/images/90dca6dc942b121b693d193595588f258ee75a1404977f62e70bb4ef757a239a/json
registry/images/90dca6dc942b121b693d193595588f258ee75a1404977f62e70bb4ef757a239a/layer
registry/images/981c00e17acce66ecae497d27c7e6e62f8aa72071851b0043c894cb74fc0e15a/_checksum
registry/images/981c00e17acce66ecae497d27c7e6e62f8aa72071851b0043c894cb74fc0e15a/ancestry
registry/images/981c00e17acce66ecae497d27c7e6e62f8aa72071851b0043c894cb74fc0e15a/json
registry/images/981c00e17acce66ecae497d27c7e6e62f8aa72071851b0043c894cb74fc0e15a/layer
registry/images/b4839ba992958b5c8e178f11efa411921862a25a12ee2126200bbc0a1083091c/_checksum
registry/images/b4839ba992958b5c8e178f11efa411921862a25a12ee2126200bbc0a1083091c/ancestry
registry/images/b4839ba992958b5c8e178f11efa411921862a25a12ee2126200bbc0a1083091c/json
registry/images/b4839ba992958b5c8e178f11efa411921862a25a12ee2126200bbc0a1083091c/layer
registry/images/d36d086e4f3cfecf4aaa9b6b72b257d577d8e92e2a44ec75f3e0254973983e05/_checksum
registry/images/d36d086e4f3cfecf4aaa9b6b72b257d577d8e92e2a44ec75f3e0254973983e05/ancestry
registry/images/d36d086e4f3cfecf4aaa9b6b72b257d577d8e92e2a44ec75f3e0254973983e05/json
registry/images/d36d086e4f3cfecf4aaa9b6b72b257d577d8e92e2a44ec75f3e0254973983e05/layer
registry/images/d551631b3fe7c23ef4a83cc2d3e60370655c451e4ffda00e78f291c9468f4b01/_checksum
registry/images/d551631b3fe7c23ef4a83cc2d3e60370655c451e4ffda00e78f291c9468f4b01/ancestry
registry/images/d551631b3fe7c23ef4a83cc2d3e60370655c451e4ffda00e78f291c9468f4b01/json
registry/images/d551631b3fe7c23ef4a83cc2d3e60370655c451e4ffda00e78f291c9468f4b01/layer
registry/images/dfb1385e4dc80b9188dbfbcb13dc59c2517c1e3d11f0b4f2dd301f2182634900/_checksum
registry/images/dfb1385e4dc80b9188dbfbcb13dc59c2517c1e3d11f0b4f2dd301f2182634900/ancestry
registry/images/dfb1385e4dc80b9188dbfbcb13dc59c2517c1e3d11f0b4f2dd301f2182634900/json
registry/images/dfb1385e4dc80b9188dbfbcb13dc59c2517c1e3d11f0b4f2dd301f2182634900/layer
registry/images/e08b305ea4291fc8a26594d87b43ab897ea9f70f4a7497af25dceb59df5248dd/_checksum
registry/images/e08b305ea4291fc8a26594d87b43ab897ea9f70f4a7497af25dceb59df5248dd/ancestry
registry/images/e08b305ea4291fc8a26594d87b43ab897ea9f70f4a7497af25dceb59df5248dd/json
registry/images/e08b305ea4291fc8a26594d87b43ab897ea9f70f4a7497af25dceb59df5248dd/layer
registry/images/e19ec885183a101eb73137de14035d58843f2a8522d7bfbaac341de1bed7c149/_checksum
registry/images/e19ec885183a101eb73137de14035d58843f2a8522d7bfbaac341de1bed7c149/ancestry
registry/images/e19ec885183a101eb73137de14035d58843f2a8522d7bfbaac341de1bed7c149/json
registry/images/e19ec885183a101eb73137de14035d58843f2a8522d7bfbaac341de1bed7c149/layer
registry/images/fd2fdd8628c815b29002c95d2a754d3e3ba8c055479f73bc0ce9f8c0edaa6402/_checksum
registry/images/fd2fdd8628c815b29002c95d2a754d3e3ba8c055479f73bc0ce9f8c0edaa6402/ancestry
registry/images/fd2fdd8628c815b29002c95d2a754d3e3ba8c055479f73bc0ce9f8c0edaa6402/json
registry/images/fd2fdd8628c815b29002c95d2a754d3e3ba8c055479f73bc0ce9f8c0edaa6402/layer
registry/repositories/chianingwang/registry-swift/_index_images
registry/repositories/chianingwang/registry-swift/tag0.7.3_json
registry/repositories/chianingwang/registry-swift/tag_0.7.3

===test download===
user@ubuntu:~/Desktop/K8S$ docker pull 127.0.0.1:5000/chianingwang/registry-swift:0.7.3
Pulling repository 127.0.0.1:5000/chianingwang/registry-swift
62fe241d46bc: Already exists
5f70bf18a086: Already exists
b4839ba99295: Already exists
e19ec885183a: Already exists
3f97b2fe4ed2: Already exists
8cecfbb6b060: Already exists
981c00e17acc: Already exists
75cce7694452: Already exists
85e579e8212b: Already exists
d551631b3fe7: Already exists
19c8e070c616: Already exists
80222d5d1fa4: Already exists
7476fb1fbb43: Already exists
fd2fdd8628c8: Already exists
90dca6dc942b: Already exists
d36d086e4f3c: Already exists
5f2e9b4054ba: Already exists
e08b305ea429: Already exists
011902a6c2f2: Already exists
013a8d70c946: Already exists
dfb1385e4dc8: Already exists
Status: Image is up to date for 127.0.0.1:5000/chianingwang/registry-swift:0.7.3
127.0.0.1:5000/chianingwang/registry-swift: this image was pulled from a legacy registry.  Important: This registry version will not be supported in future versions of docker.

===double check docker image again===
user@ubuntu:~/Desktop/registry$ docker images
REPOSITORY                                               TAG                 IMAGE ID            CREATED             SIZE
127.0.0.1:5000/chianingwang/registry-swift               latest              1d1d0b4bbf11        5 minutes ago       425.3 MB
chianingwang/registry-swift                              latest              1d1d0b4bbf11        5 minutes ago       425.3 MB
chianingwang/ffmpeg_swift                                latest              077773661f73        5 days ago          480 MB

PS: you can see 127.0.0.1:5000/chianingwang/registry-swift list there.

***now upload customized image via running registry container***

After we push container registry image, now we are trying to push our customized image ===Becase we have registry container running now === user@ubuntu:~/Desktop/registry$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 31fbf0be8e91 chianingwang/registry-swift "/bin/sh -c 'exec doc" 8 minutes ago Up 8 minutes 127.0.0.1:5000->5000/tcp modest_wozniak ===tag our costomized image at localhost(127.0.0.1):5000=== user@ubuntu:~/Desktop/registry$ docker tag chianingwang/ffmpeg_swift 127.0.0.1:5000/chianingwang/ffmpeg_swift PS: docker registry is running on web service server at localhost with port 5000. Thus we tag from chianingwang/ffmpeg_swift ( docker hub ) to 127.0.0.1:5000 ===double check docker images=== user@ubuntu:~/Desktop/registry$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE 127.0.0.1:5000/chianingwang/registry-swift latest 1d1d0b4bbf11 6 minutes ago 425.3 MB chianingwang/registry-swift latest 1d1d0b4bbf11 6 minutes ago 425.3 MB 127.0.0.1:5000/chianingwang/ffmpeg_swift latest 077773661f73 5 days ago 480 MB chianingwang/ffmpeg_swift latest 077773661f73 5 days ago 480 MB PS: you can see new images (127.0.0.1:5000/chianingwang/ffmpeg_swift) register at 127.0.0.1:5000 is in the list now.

PS: if you would like to untag, you can try $ docker rmi 127.0.0.1:5000/chianingwang/registry-swift

===docker push customized image to docker hub===
user@ubuntu:~/Desktop/registry$ docker push 127.0.0.1:5000/chianingwang/ffmpeg_swift
The push refers to a repository [127.0.0.1:5000/chianingwang/ffmpeg_swift]
f83e8a3fdfe9: Image successfully pushed
d6ceb43d6adb: Image successfully pushed
91300e2dcc40: Image successfully pushed
cb06ae3a1786: Image successfully pushed
0e20f4f8a593: Image successfully pushed
1633f88f8c9f: Image successfully pushed
46c98490f575: Image successfully pushed
8ba4b4ea187c: Image successfully pushed
c854e44a1a5a: Image successfully pushed
Pushing tag for rev [077773661f73] on {http://127.0.0.1:5000/v1/repositories/chianingwang/ffmpeg_swift/tags/latest}

===docker pull to see whether the image will be pulled from swift===
user@ubuntu:~/Desktop/registry$ docker pull 127.0.0.1:5000/chianingwang/ffmpeg_swift
Using default tag: latest
Pulling repository 127.0.0.1:5000/chianingwang/ffmpeg_swift
077773661f73: Already exists
c854e44a1a5a: Already exists
dafccc932aec: Already exists
5d232b0ea43a: Already exists
cebd67936ff8: Already exists
3b25e17d01de: Already exists
0ad56157abbe: Already exists
b6d124e3b29f: Already exists
8bb588cd10a1: Already exists
Status: Image is up to date for 127.0.0.1:5000/chianingwang/ffmpeg_swift:latest
127.0.0.1:5000/chianingwang/ffmpeg_swift: this image was pulled from a legacy registry.  Important: This registry version will not be supported in future versions of docker.

***leverage standard docker registry image to build the registry container for swift auth 1.0***

===prepare config.yml under /etc/docker/registry/===
Prepare a config.yml for swift auth 1.0 as below. Be aware, registry:2 only support the swift auth v2 or the version afterward. Thus, tenant have to be configured.
------------
version: 0.1
log:
  level: debug
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  swift:
    username: demo
    password: xxx
    authurl: https://xxx.com/auth/v2.0
    tenant: AUTH_demo
    insecureskipverify: true
    container: docker-registry
    rootdirectory: /swift/object/name/prefix
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
------------
or you might try this config
------------
version: 0.1
log:
  level: debug
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  swift:
    username: AUTH_demo:demo
    password: xxx
    authurl: https://xxx.com/auth/v1.0
    insecureskipverify: true
    container: docker-registry
    rootdirectory: /swift/object/name/prefix
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
------------
===docker run registry and inject config.yml in container under the same directory which is /etc/docker/registry/config.yml===

$ docker run -d -p 5000:5000 --restart=always --name registry -v `pwd`/config.yml:/etc/docker/registry/config.yml registry:2
a821cbd81e535c369ad68a28aaca3434b55ea8a6878cf25f779bbd602291303b

===double check===
$ docker ps -a | grep registry
a821cbd81e53        registry:2                                                      "/entrypoint.sh /etc/"   6 seconds ago        Up 6 seconds                    0.0.0.0:5000->5000/tcp   registry

===test with busybox ( tag image with diff repository )===
$ docker pull busybox && docker tag busybox localhost:5000/busybox
Using default tag: latest
latest: Pulling from library/busybox
4b0bc1c4050b: Pull complete
Digest: sha256:817a12c32a39bbe394944ba49de563e085f1d3c5266eb8e9723256bc4448680e
Status: Downloaded newer image for busybox:latest

===test with docker push===
$ docker push localhost:5000/busybox
The push refers to a repository [localhost:5000/busybox]
38ac8d0f5bb3: Pushed
latest: digest: sha256:817a12c32a39bbe394944ba49de563e085f1d3c5266eb8e9723256bc4448680e size: 527

===double check in swift===
$ curl -X GET https://xxx.com/v1/AUTH_demo/docker-registry/  -H "X-Auth-Token: AUTH_tkxxx"
files/docker/registry/v2/blobs/sha256/4b/4b0bc1c4050b03c95ef2a8e36e25feac42fd31283e8c30b3ee5df6b043155d3c/data
files/docker/registry/v2/blobs/sha256/79/7968321274dc6b6171697c33df7815310468e694ac5be0ec03ff053bb135e768/data
files/docker/registry/v2/blobs/sha256/81/817a12c32a39bbe394944ba49de563e085f1d3c5266eb8e9723256bc4448680e/data
files/docker/registry/v2/repositories/busybox/_layers/sha256/4b0bc1c4050b03c95ef2a8e36e25feac42fd31283e8c30b3ee5df6b043155d3c/link
files/docker/registry/v2/repositories/busybox/_layers/sha256/7968321274dc6b6171697c33df7815310468e694ac5be0ec03ff053bb135e768/link
files/docker/registry/v2/repositories/busybox/_manifests/revisions/sha256/817a12c32a39bbe394944ba49de563e085f1d3c5266eb8e9723256bc4448680e/link
files/docker/registry/v2/repositories/busybox/_manifests/tags/latest/current/link
files/docker/registry/v2/repositories/busybox/_manifests/tags/latest/index/sha256/817a12c32a39bbe394944ba49de563e085f1d3c5266eb8e9723256bc4448680e/link
segments/2f6/46f636b65722f72656769737472792f76322f7265706f7369746f726965732f62757379626f782f5f75706c6f6164732f39363664393139632d383761322d346337342d393136332d6364313131333132646662312f64617461f89b305f8216ee617b4639336f73e955c4dde449b03bda8d52bdf681214fd63ada39a3ee5e6b4b0d3255bfef95601890afd80709/0000000000000001
segments/2f6/46f636b65722f72656769737472792f76322f7265706f7369746f726965732f62757379626f782f5f75706c6f6164732f65393032646235332d663333612d346433312d623839662d3337363539393266313161382f6461746188833e2988a709f7810f9edfd31f6cb48e16804c8bb6c027f2ad83560d1627c3da39a3ee5e6b4b0d3255bfef95601890afd80709/0000000000000001

***setup insecure connection from remote***

For connecting from remote to docker registry container, you can either leverage https ( self-sign or 3rd party cert ) or try insecure-registry connection for test only purpose.

For ubuntu 1404 you can try to add this in /etc/default/docker
DOCKER_OPTS="--insecure-registry=docker-registry:5000"

For ubuntu 1604 you need to add this in /etc/docker/dameon.json
{"insecure-registries":["192.168.xxx.xxx:5000"]}


===how to debug docker registry===

1. 
docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
86e5dad1a2db        registry:2          "/entrypoint.sh /e..."   5 months ago        Up 18 minutes       0.0.0.0:443->5000/tcp   registry

2.
# docker exec -it registry sh
/ # cat /etc/docker/registry/config.yml
version: 0.1
log:
  level: debug
  fields:
    service: registry

3. 
# docker logs -h
Flag shorthand -h has been deprecated, please use --help

Usage:    docker logs [OPTIONS] CONTAINER

Fetch the logs of a container

Options:
      --details        Show extra details provided to logs
  -f, --follow         Follow log output
      --help           Print usage
      --since string   Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
      --tail string    Number of lines to show from the end of the logs (default "all")
  -t, --timestamps     Show timestamps

4. 
# docker logs registry --tail 2
time="2017-07-06T04:29:30.625145719Z" level=debug msg="swift.List(\"/\")" go.version=go1.7.3 instance.id=fa9cd8c9-9433-4f9f-9d26-903fcaddb52d service=registry trace.duration=9.045089ms trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=68e13ca7-4aa1-4c88-a47a-eb1a3fb342ac trace.line=150 version=v2.6.0
time="2017-07-06T04:29:40.626817962Z" level=debug msg="swift.List(\"/\")" go.version=go1.7.3 instance.id=fa9cd8c9-9433-4f9f-9d26-903fcaddb52d service=registry trace.duration=10.729464ms trace.file="/go/src/github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func="github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=2b3e1ba7-4d56-4fab-8756-1350191a7053 trace.line=150 version=v2.6.0

===reference===

https://mindtrove.info/docker-registry-softlayer-object-storage/

No comments:

Post a Comment