Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[question] How to support docker private registry. #17

Closed
lifubang opened this issue Dec 14, 2017 · 5 comments

Comments

Projects
None yet
5 participants
@lifubang
Copy link

commented Dec 14, 2017

I have a docker registry: docker.acmcoder.com. There are several public and private images in it.
I want to use dragonfly for image distribution.
After deploy, the public images can be pulled. but private images can not.

df-daemon:
df-daemon --registry https://docker.acmcoder.com -port 18001
dockerd
root@iZ2ze7tbgo9lk7jubiy6tcZ:~# cat /etc/docker/daemon.json
{
  "registry-mirrors": ["http://localhost:18001"]
}
root@iZ2ze7tbgo9lk7jubiy6tcZ:~# docker pull acmcoder/ubuntu:12days
Error response from daemon: repository acmcoder/ubuntu not found: does not exist or no pull access

root@iZ2ze7tbgo9lk7jubiy6tcZ:~# docker pull docker.acmcoder.com/acmcoder/ubuntu:12days
12days: Pulling from acmcoder/ubuntu
054be6183d06: Pull complete 
779578d7ea6e: Pull complete 
82315138c8bd: Pull complete 
88dc0000f5c4: Pull complete 
79f59e52a355: Pull complete 
a0b39032ccd2: Pull complete 
46c56af51e55: Pull complete 
1ee150f4e54b: Pull complete 
ead87fbf844e: Pull complete 
baa460bf3866: Pull complete 
0dd037bb5aaa: Pull complete 
Digest: sha256:3b1428d54bc875ff75eb8f0379516cbd04bb5e09b37024db4ac3bff574b88c7d
Status: Downloaded newer image for docker.acmcoder.com/acmcoder/ubuntu:12days

dockerd log:
ERRO[2258] Not continuing with pull after error: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

INFO[2258] Ignoring extra error returned from registry: unauthorized: authentication required
INFO[2258] Translating "denied: requested access to the resource is denied" to "repository acmcoder/ubuntu not found: does not exist or no pull access"
ERRO[2258] Handler for POST /v1.26/images/create returned error: repository acmcoder/ubuntu not found: does not exist or no pull access

After I use docker login localhost:18001
It still can't work.

@chenchaobing

This comment has been minimized.

Copy link
Contributor

commented Mar 6, 2018

对于私有仓库,执行 docker pull acmcoder/ubuntu:12days 和 docker pull docker.acmcoder.com/acmcoder/ubuntu:12days 中间有一些区别。
主要的区别在于:
通过docker pull docker.acmcoder.com/acmcoder/ubuntu:12days 的方式,在获取token的时候,会带上docker login时输入的账号信息account=admin(如account:admin),且会在header中通过authorization传递login时输入的账号和密码。
所以通过docker pull docker.acmcoder.com/acmcoder/ubuntu:12days方式可以正常获取到镜像,而通过docker pull acmcoder/ubuntu:12days的方式无法获取。

有一种解决方案是,可以把df-daemon作为proxy的方式,需要把df-daemon配置为proxy而不是mirror。目前的df-daemon支持http的proxy方式,对于自己搭建的通过http协议访问的harbor registry,可以通过这种方式。对于 docker.acmcoder.com 目前还无法支持,需要扩展df-daemon的https proxy功能才能支持。

@lifubang

This comment has been minimized.

Copy link
Author

commented Mar 7, 2018

好的,目前我们还没有部署,需要搭建实验环境,等我们以后开始搭建时再验证,多谢了。

@allencloud allencloud changed the title How to support docker private registry. [question] How to support docker private registry. Oct 23, 2018

@silenceshell

This comment has been minimized.

Copy link
Contributor

commented Nov 22, 2018

We have met the same problem, here is how we solve it.
When docker pull acmcoder/ubuntu:12days, docker will treat the image as a image in docker.io, so it will try to get auth infomation for https://index.docker.io/v1/ from ~/.docker/config.json. I guess you only config auths for your private registry, so docker pull failed to pass the auth.
Just add an record for https://index.docker.io/v1/ will solve the problem. Note that the auth value should be the same as docker.acmcoder.com.

{
        "auths": {
                "docker.acmcoder.com": {
                        "auth": "ZG9j*********Sjc="
                },
                "https://index.docker.io/v1/": {
                        "auth": "ZG9j*********Sjc="
                }
        }
}
@allencloud

This comment has been minimized.

Copy link
Contributor

commented Jan 7, 2019

I think we should test the way you provided, if that works, it is so necessary to provide a document to tell end-users.

@silenceshell Could you help to add a document of How to support pulling private image with authentication?

Thanks a lot.

@dragonflyoss dragonflyoss deleted a comment from pouchrobot Jan 7, 2019

@silenceshell

This comment has been minimized.

Copy link
Contributor

commented Jan 7, 2019

@allencloud ok, I will finish it later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.