Skip to content

/ garita

Simple Docker v2 registry auth server in Go

8 stars 1 fork
Star
Watch
Branch: master
Go to file
Code

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
api
 
 
auth
 
 
commands
 
 
docker/images
 
 
token
 
 
utils
 
 
vagrant/conf
 
 
.gitignore
 
 
.rubocop.yml
 
 
.travis.yml
 
 
README.md
 
 
Vagrantfile
 
 
main.go
 
 

README.md

Build Status

Garita

Small Docker v2 registry auth server in Go.

It exists mostly as a project to learn Go, the Vagrant Docker provider, and to understand the protocol Portus implements.

Features

  • Authentication is only supported using htpasswd files
  • Once authenticated, it provides push and pull access to the /$user namespace

Garita is inspired in Portus, which is a full featured auth server and registry index.

Running

Garita uses HTTPS by default. If you want to run over plain http (eg. for development purposes) you need to pass the option -http. Then you don't need to supply --tlscert and --tlskey options.

garita --key path/to/server.key --htpasswd path/to/htpasswd --tlskey path/to/server.key --tlscert path/to/server.crt

You can pass a configuration file in toml format with -c or --config. Any other configuration from the command line overrides the configuration file.

At the same time you need to configure the registry

auth:
  token:
    realm: https://garita.yourdomain.com/v2/token
    service: registry.yourdomain.com
    issuer: garita.yourdomain.com
    rootcertbundle: /path/to/server.crt

If you use a self signed certificate, add the CA certificate to the system trusted anchors on the docker daemon host or add the certificate to:

/etc/docker/certs.d/<garita host>/ca.crt

Development Environment

The environment creates 3 containers:

  • a Docker daemon (dockerd, dockerd.test.lan)
  • a Registry (registry, registry.test.lan)
  • garita (garita, garita.test.lan)

While the images are based on opensuse:13.2, the dockerd container requires a host kernel with overlayfs support. (eg. openSUSE Tumbleweed or another distribution supporting overlayfs). The dockerd container is already privileged but I don't want to mess with the loop devices of the host.

Running

  • Compile
go install github.com/dmacvicar/garita
  • Start the environment
vagrant up --no-parallel
  • Everytime you rebuild
vagrant reload garita
  • To see the logs
vagrant docker-logs -f garita

Run docker against the docker daemon running inside the container

docker -H tcp://localhost:23750 images

The typical testcase, pull busybox, tag it, and push it to the registry

docker -H tcp://localhost:23750 pull busybox
docker -H tcp://localhost:23750 tag busybox registry.test.lan/duncan/busybox
docker login registry.test.lan
docker -H tcp://localhost:23750 push registry.test.lan/duncan/busybox

Bugs

The specification does not go into every detail. If I missed something please open an issue.

Authors

License

  • Garita is licensed under the Apache 2.0 license.

About

Simple Docker v2 registry auth server in Go

Resources

Readme

Releases

No releases published

Languages

You can’t perform that action at this time.