使用凭据将图像推送到私有 docker 注册表
Pushing image to private docker registry with credentials
我目前运行正在使用类似于this setup 的注册表docker 容器和ngnix docker 容器来保护我的私人docker 注册表。我正在 运行ning Jenkins 自动在 docker 容器中构建我的应用程序,然后将容器推送到我的私有 docker 注册表。
当我需要推送图像时,问题就来了。 Jenkins(也在容器中 运行ning)执行包含以下步骤的 shell 脚本:
sudo docker run hello-world
sudo docker tag -f hello-world localhost:5000/hello:latest
sudo docker login -u username -p pass -e info@example.com localhost:5000/
sudo docker search localhost:5000/
sudo docker push localhost:5000/hello:latest
然后构建失败,输出如下:
Building in workspace /var/jenkins_home/jobs/HelloWorld/workspace [workspace] $ /bin/sh -xe /tmp/hudson6027890842360704977.sh
+ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
registry latest e255d21840f8 2 days ago 422.9 MB
jenkins latest fc39417bd5fb 13 days ago 708.2 MB
nginx latest 407195ab8b07 2 weeks ago 133.9 MB
localhost:5000/hello latest 0a6ba66e537a 3 months ago 960 B hello-world latest 0a6ba66e537a 3 months ago 960 B
+ sudo docker run hello-world
Hello from Docker. This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account: https://hub.docker.com
For more examples and ideas, visit: https://docs.docker.com/userguide/
+ sudo docker tag -f hello-world localhost:5000/hello:latest
+ sudo docker login -u username -p pass -e info@example.com localhost:5000/
WARNING: login credentials saved in /root/.docker/config.json Login Succeeded
+ sudo docker search localhost:5000/
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
library/hello 0
+ sudo docker push localhost:5000/hello:latest
The push refers to a repository [localhost:5000/hello] (len: 1)
Sending image list Pushing repository localhost:5000/hello (1 tags)
b901d36b6f2f: Pushing
Please login prior to push:
Username (username): EOF
Build step 'Execute shell' marked build as failure
Finished: FAILURE
换句话说,我能够 运行 并标记 hello-world 容器。我可以登录到我的私人注册表并进行搜索。但是,如果我想推送我的图像,我需要再次进行身份验证。
希望有人知道一个简单的解决方案,到目前为止我自己找不到。我正在 运行ning docker 版本 1.9.1,在 Ubuntu 14.04.3 LTS 上构建 a34a1d5。
我通过更改 docker-compose.yml 来更改我正在使用的 github source 的代码,从而创建了一个工作设置,因此它使用注册表 v2(准确地说是注册表:2.2)而不是v1,我将以下路由添加到 nginx.conf 文件:
location /v2 {
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
auth_basic "Registry realm";
auth_basic_user_file docker-registry.htpasswd;
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
proxy_pass http://docker-registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header Authorization '';
proxy_read_timeout 900;
}
Registry v2 ,所以我不得不从我的 jenkins 构建中删除该命令。现在,当我开始一份新工作时,一切正常,hello-world 图像被拉取、标记并推送(在我登录注册表后)到我的私人注册表。
jenkins 控制台的输出:
Building in workspace /var/jenkins_home/jobs/HelloWorld/workspace [workspace] $ /bin/sh -xe /tmp/hudson56731521101471087.sh
+ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b901d36b6f2f: Pulling fs layer
0a6ba66e537a: Pulling fs layer
b901d36b6f2f: Verifying Checksum
b901d36b6f2f: Download complete
0a6ba66e537a: Verifying Checksum
0a6ba66e537a: Download complete
b901d36b6f2f: Pull complete
0a6ba66e537a: Pull complete
Digest: sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
Status: Downloaded newer image for hello-world:latest
Hello from Docker. This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account: https://hub.docker.com
For more examples and ideas, visit: https://docs.docker.com/userguide/
+ sudo docker tag -f hello-world localhost:5000/hello-world:latest
+ sudo docker login -u username -p pass -e info@example.com localhost:5000/
WARNING: login credentials saved in /root/.docker/config.json Login Succeeded
Login Succeeded
+ sudo docker push localhost:5000/hello-world:latest
The push refers to a repository [localhost:5000/hello-world] (len: 1)
Sending image list Pushing repository localhost:5000/hello-world (1 tags)
0a6ba66e537a: Preparing
0a6ba66e537a: Pushing
0a6ba66e537a: Pushed
b901d36b6f2f: Preparing
b901d36b6f2f: Pushing
b901d36b6f2f: Pushed
latest: digest: sha256:1c7adb1ac65df0bebb40cd4a84533f787148b102684b74cb27a1982967008e4b size: 2744
Finished: SUCCESS
虽然我现在有一个工作设置,但我仍然没有找到解决使用注册表 v1 的问题的方法。
我目前运行正在使用类似于this setup 的注册表docker 容器和ngnix docker 容器来保护我的私人docker 注册表。我正在 运行ning Jenkins 自动在 docker 容器中构建我的应用程序,然后将容器推送到我的私有 docker 注册表。
当我需要推送图像时,问题就来了。 Jenkins(也在容器中 运行ning)执行包含以下步骤的 shell 脚本:
sudo docker run hello-world
sudo docker tag -f hello-world localhost:5000/hello:latest
sudo docker login -u username -p pass -e info@example.com localhost:5000/
sudo docker search localhost:5000/
sudo docker push localhost:5000/hello:latest
然后构建失败,输出如下:
Building in workspace /var/jenkins_home/jobs/HelloWorld/workspace [workspace] $ /bin/sh -xe /tmp/hudson6027890842360704977.sh
+ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
registry latest e255d21840f8 2 days ago 422.9 MB
jenkins latest fc39417bd5fb 13 days ago 708.2 MB
nginx latest 407195ab8b07 2 weeks ago 133.9 MB
localhost:5000/hello latest 0a6ba66e537a 3 months ago 960 B hello-world latest 0a6ba66e537a 3 months ago 960 B
+ sudo docker run hello-world
Hello from Docker. This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account: https://hub.docker.com
For more examples and ideas, visit: https://docs.docker.com/userguide/
+ sudo docker tag -f hello-world localhost:5000/hello:latest
+ sudo docker login -u username -p pass -e info@example.com localhost:5000/
WARNING: login credentials saved in /root/.docker/config.json Login Succeeded
+ sudo docker search localhost:5000/
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
library/hello 0
+ sudo docker push localhost:5000/hello:latest
The push refers to a repository [localhost:5000/hello] (len: 1)
Sending image list Pushing repository localhost:5000/hello (1 tags)
b901d36b6f2f: Pushing
Please login prior to push:
Username (username): EOF
Build step 'Execute shell' marked build as failure
Finished: FAILURE
换句话说,我能够 运行 并标记 hello-world 容器。我可以登录到我的私人注册表并进行搜索。但是,如果我想推送我的图像,我需要再次进行身份验证。
希望有人知道一个简单的解决方案,到目前为止我自己找不到。我正在 运行ning docker 版本 1.9.1,在 Ubuntu 14.04.3 LTS 上构建 a34a1d5。
我通过更改 docker-compose.yml 来更改我正在使用的 github source 的代码,从而创建了一个工作设置,因此它使用注册表 v2(准确地说是注册表:2.2)而不是v1,我将以下路由添加到 nginx.conf 文件:
location /v2 {
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
auth_basic "Registry realm";
auth_basic_user_file docker-registry.htpasswd;
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
proxy_pass http://docker-registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header Authorization '';
proxy_read_timeout 900;
}
Registry v2
jenkins 控制台的输出:
Building in workspace /var/jenkins_home/jobs/HelloWorld/workspace [workspace] $ /bin/sh -xe /tmp/hudson56731521101471087.sh
+ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b901d36b6f2f: Pulling fs layer
0a6ba66e537a: Pulling fs layer
b901d36b6f2f: Verifying Checksum
b901d36b6f2f: Download complete
0a6ba66e537a: Verifying Checksum
0a6ba66e537a: Download complete
b901d36b6f2f: Pull complete
0a6ba66e537a: Pull complete
Digest: sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
Status: Downloaded newer image for hello-world:latest
Hello from Docker. This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account: https://hub.docker.com
For more examples and ideas, visit: https://docs.docker.com/userguide/
+ sudo docker tag -f hello-world localhost:5000/hello-world:latest
+ sudo docker login -u username -p pass -e info@example.com localhost:5000/
WARNING: login credentials saved in /root/.docker/config.json Login Succeeded
Login Succeeded
+ sudo docker push localhost:5000/hello-world:latest
The push refers to a repository [localhost:5000/hello-world] (len: 1)
Sending image list Pushing repository localhost:5000/hello-world (1 tags)
0a6ba66e537a: Preparing
0a6ba66e537a: Pushing
0a6ba66e537a: Pushed
b901d36b6f2f: Preparing
b901d36b6f2f: Pushing
b901d36b6f2f: Pushed
latest: digest: sha256:1c7adb1ac65df0bebb40cd4a84533f787148b102684b74cb27a1982967008e4b size: 2744
Finished: SUCCESS
虽然我现在有一个工作设置,但我仍然没有找到解决使用注册表 v1 的问题的方法。