Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Image from private registry - a #88

Closed
logopk opened this issue Jun 3, 2020 · 7 comments
Closed

Image from private registry - a #88

logopk opened this issue Jun 3, 2020 · 7 comments

Comments

@logopk
Copy link

logopk commented Jun 3, 2020

Maybe only a config problem:

my docker provider returns an image from my private registry. (first time I have used my registry ;-) )


diun_1  | Wed, 03 Jun 2020 12:21:54 CEST ERR Cannot run job error="Error reading manifest v0.36.0-arm in registry.<xxx>:5000/logopk/cadvisor: unauthorized: authentication required" provider=docker-remote-pi


diun_1  | Wed, 03 Jun 2020 12:22:31 CEST DBG [containers/image] reference rewritten from 'registry.<xxx>:5000/logopk/cadvisor:v0.36.0-arm' to 'registry.<xxx>:5000/logopk/cadvisor:v0.36.0-arm'
diun_1  | Wed, 03 Jun 2020 12:22:31 CEST DBG [containers/image] Trying to access "registry.<xxx>:5000/logopk/cadvisor:v0.36.0-arm"
diun_1  | Wed, 03 Jun 2020 12:22:31 CEST DBG [containers/image] Returning credentials from DockerAuthConfig
diun_1  | Wed, 03 Jun 2020 12:22:31 CEST DBG [containers/image] Using registries.d directory /etc/containers/registries.d for sigstore configuration
diun_1  | Wed, 03 Jun 2020 12:22:31 CEST DBG [containers/image]  No signature storage configuration found for registry.<xxx>:5000/logopk/cadvisor:v0.36.0-arm
diun_1  | Wed, 03 Jun 2020 12:22:31 CEST DBG [containers/image] Looking for TLS certificates and private keys in /etc/docker/certs.d/registry.<xxx>:5000
diun_1  | Wed, 03 Jun 2020 12:22:31 CEST DBG [containers/image] GET https://registry.<xxx>:5000/v2/

I see that one can add regopts to static images, but how can I handle registry-entries in providers.

I have tied to mount my .docker/config.json to diun container as the debug-output DockerAuthConfig points to, but that will not work.

services:
  diun:
    image: crazymax/diun:2.6.1
    volumes:
      - "./userfile:/userfile"
      - "./pwfile:/pwfile"
      - "./data:/data"
      - "./certs:/certs"
      - "./certs-pi:/certs-pi"
      - ./certs.pem:/etc/ssl/certs/ca-certificates.crt:ro
      - "./diun.yml:/diun.yml:ro"
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./config.json:/.docker/config.json"
    environment:
      - "TZ=Europe/Paris"
      - "LOG_LEVEL=debug"
      - "LOG_JSON=false"
    restart: always

Any suggestion?
@crazy-max
Copy link
Owner

@logopk What your diun.yml looks like?

@logopk
Copy link
Author

logopk commented Jun 3, 2020 

watch:
  workers: 20
  schedule: "*/30 * * * *"
  first_check_notif: false

providers:
  docker:
    mydocker:
      watch_stopped: true
      watch_by_default: true
    remote:
      endpoint: tcp://<#1 redacted>:2376
      tls_certs_path: /certs
      tls_verify: true
      watch_stopped: true
      watch_by_default: true
# this does not work
    remote-pi:
      endpoint: tcp://<#2 redacted>:2376
      tls_certs_path: /certs-pi
      tls_verify: true
      watch_stopped: true
      watch_by_default: true
  
  static:
    - name: debian:buster-slim
      watch_repo: false
      os: linux
      max_tags: 1
    - name: nextcloud:apache
      watch_repo: false
      os: linux
      max_tags: 1
    - name: php:7.2-apache
      watch_repo: false
      os: linux
      max_tags: 1
    - name: golang:alpine
      watch_repo: false
      os: linux
      max_tags: 1
...
# this works
    - name: registry.<xxx>:5000/logopk/cadvisor:v0.36.0-arm
      watch_repo: true
      os: linux
      max_tags: 1
      regopts_id: myregistry

notif:
  mail:
    enable: true
...

regopts:
  myregistry:
    username: xxx
    password: yyy

@logopk logopk closed this as completed Jun 3, 2020
@logopk logopk reopened this Jun 3, 2020
@crazy-max
Copy link
Owner

@logopk

# this works
    - name: registry.<xxx>:5000/logopk/cadvisor:v0.36.0-arm

So it works?

@crazy-max
Copy link
Owner

crazy-max commented Jun 3, 2020
edited

@logopk I think I get it. If you want to set regopts_id for a Docker container, you have to use labels:

# ./docker-compose.yml
version: "3.5"

services:
  diun:
    image: crazymax/diun:2.6.1
    volumes:
      - "./userfile:/userfile"
      - "./pwfile:/pwfile"
      - "./diun.yml:/diun.yml:ro"
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - "TZ=Europe/Paris"
      - "LOG_LEVEL=debug"
      - "LOG_JSON=false"
    restart: always

  cadvisor:
    image: registry.<xxx>:5000/logopk/cadvisor:v0.36.0-arm
    labels:
      - "diun.regopts_id=myregistry"
      - "diun.watch_repo=true"
      - "diun.max_tags=1"
    restart: always
# ./diun.yml
watch:
  workers: 20
  schedule: 0 0 * * * *

regopts:
  myregistry:
    username_file: ./userfile
    password_file: ./pwfile

providers:
  docker:
    mydocker:
      watch_stopped: true
      watch_by_default: true

@logopk
Copy link
Author

logopk commented Jun 3, 2020

Hey that works! Thank you.
Nevertheless that should be documented here. Or is it already?

@logopk logopk closed this as completed Jun 3, 2020
@crazy-max
Copy link
Owner

@logopk This is already documented here: https://github.com/crazy-max/diun/blob/master/doc/providers/docker.md

@logopk
Copy link
Author

logopk commented Jun 3, 2020

. I see. Thank you! I promise to RTFM.

@logopk logopk mentioned this issue Sep 2, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crazy-max @logopk