Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

registry开启简单认证模式无法pull镜像 #20

Closed
qwjhq opened this issue Dec 19, 2017 · 5 comments

Comments

Projects
None yet
5 participants
@qwjhq
Copy link

commented Dec 19, 2017

docker 选项配置
--insecure-registry harbor-noah.test.com
--registry-mirror http://127.0.0.1:65001

登录生成认证文件
[root@harborC ~]# docker login harbor-noah.test.com
Username: registry
Password:
Login Succeeded

启动代理
[root@harborC df-client]# ./df-daemon -registry http://harbor-noah.test.com
launch df-daemon on port:65001

尝试pull,失败
[root@harborC ~]# docker pull archplatform/janus-server-cluster-staging.test.com:1.5.1_71_d5bc523e1f546008cd8075c1f6d93a69e3b7d3b5
Error response from daemon: repository archplatform/janus-server-cluster-staging.vip.vip.com not found: does not exist or no pull access

直接从harbor 中pull成功
[root@harborC ~]# docker pull harbor-noah.test.com/archplatform/janus-server-cluster-staging.test.com:1.5.1_71_d5bc523e1f546008cd8075c1f6d93a69e3b7d3b5
1.5.1_71_d5bc523e1f546008cd8075c1f6d93a69e3b7d3b5: Pulling from archplatform/janus-server-cluster-staging.test.com
Digest: sha256:2e2384cfacddd6f73595054e7f1ea870a19af47072c7d6d0ce7c3463b12811a9

看了下df-daemon代码,里面确实也没有考虑带上认证参数去请求镜像仓库

@chenchaobing

This comment has been minimized.

Copy link
Contributor

commented Feb 4, 2018

恩,目前确实对于有认证的registry支持的不够。

@chenyanter

This comment has been minimized.

Copy link

commented Feb 11, 2018

我这里用的是harbor 并且开了认证,看这情况对harbor估计也是不支持的吧?

@mushixun

This comment has been minimized.

Copy link

commented Feb 28, 2018

Harbor不支持,我是修改了Harbor的Compose配置文件,把Registry的5000端口打开,df通过5000端口来访问镜像库。

@chenchaobing

This comment has been minimized.

Copy link
Contributor

commented Mar 6, 2018

harbor-noah.test.com 是你自己搭建的harbor的registry吧。

对于私有仓库,执行 docker pull archplatform/janus-server-cluster-staging.test.com 和 docker pull harbor-noah.test.com/archplatform/janus-server-cluster-staging.test.com 中间有一些区别。
主要的区别在于:
通过docker pull harbor-noah.test.com/archplatform/janus-server-cluster-staging.test.com 的方式,在获取token的时候,会带上docker login时输入的账号信息account=registry(如account:registry),且会在header中通过authorization传递login时输入的账号和密码。
所以通过docker pull harbor-noah.test.com/archplatform/janus-server-cluster-staging.test.com方式可以正常获取到镜像,而通过docker pull archplatform/janus-server-cluster-staging.test.com的方式无法获取。

有一种解决方案是,可以把df-daemon作为proxy的方式,需要把df-daemon配置为proxy而不是mirror。目前的df-daemon支持http的proxy方式,对于自己搭建的通过http协议访问的harbor registry,可以通过这种方式。对于 docker.acmcoder.com 目前还无法支持,需要扩展df-daemon的https proxy功能才能支持。

@lowzj

This comment has been minimized.

Copy link
Member

commented Mar 21, 2018

Duplicate of #17

@lowzj lowzj marked this as a duplicate of #17 Mar 21, 2018

@lowzj lowzj closed this Mar 21, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.