registry-cli
registry-cli copied to clipboard
andrey-pohilko
Output is empty
I'm running it like this:
./registry.py -l user:pass --no-validate-ssl -r https://localhost:5000 --layers
with the latest from master, but it doesn't print anything out.
Any ideas?
The very first idea is that you don't have any images in your registry, hence the output is empty.
On Thu, Mar 2, 2017 at 2:46 AM, Francis Lavoie [email protected] wrote:
I'm running it like this:
./registry.py -l admin:alikecookieswantnotice --no-validate-ssl -r https://localhost:5000 --layers
with the latest from master, but it doesn't print anything out.
Any ideas?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/andrey-pohilko/registry-cli/issues/12, or mute the thread https://github.com/notifications/unsubscribe-auth/AQTQ-2XyPlpQ_WpG07in9rm0mqilt6Ppks5rhdkVgaJpZM4MQLhF .
I definitely do. Ended up using another tool https://github.com/jessfraz/reg and it works fine.
You closed this, but it's still definitely an issue. If I can provably use a different tool to do the same thing but this one fails, then there's definitely a problem somewhere.
I'm willing to provide any information you might need to debug this issue, let me know what I can do.
Ok, I thought you switched to another tool.
Please issue a command
curl https://localhost:5000//v2/_catalog
and paste output here
Sounds good. Will do tomorrow when I'm at work, roughly 10 hours from now.
Had to do -k for insecure
$ curl -k https://localhost:5000/v2/_catalog
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
Specifying a user doesn't help.
It looks like your script doesn't properly do token auth, I think. I have my registry configured like this:
REGISTRY_AUTH: token
REGISTRY_AUTH_TOKEN_REALM: https://127.0.0.1:5001/auth
REGISTRY_AUTH_TOKEN_SERVICE: "Docker registry"
REGISTRY_AUTH_TOKEN_ISSUER: "Auth Service"
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: "/ssl/server.pem"
Using this for auth: https://github.com/cesanta/docker_auth
Ok, thanks. This is definitely an issue. I didn't make any functionality for Token authentication. Will need to develop it.
On Thu, Mar 2, 2017 at 9:29 PM, Francis Lavoie [email protected] wrote:
Had to do -k for insecure
$ curl -k https://localhost:5000/v2/_catalog {"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
Specifying a user doesn't help.
It looks like your script doesn't properly do token auth. I have my registry configured like this:
REGISTRY_AUTH: token REGISTRY_AUTH_TOKEN_REALM: https://127.0.0.1:5001/auth REGISTRY_AUTH_TOKEN_SERVICE: "Docker registry" REGISTRY_AUTH_TOKEN_ISSUER: "Auth Service" REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: "/ssl/server.pem"Using this for auth: https://github.com/cesanta/docker_auth
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/andrey-pohilko/registry-cli/issues/12#issuecomment-283685092, or mute the thread https://github.com/notifications/unsubscribe-auth/AQTQ-8lBLyxeVAyo-_k1FJQ5vPz7IcIxks5rhuBFgaJpZM4MQLhF .
Is this open for contributions? Since we use Gitlab for authentication, we're facing the same problem.
I also tried it with my gitlab integrated registry like this:
docker run --rm anoxis/registry-cli -l foo:bar -r https://mygitlab:4567
I get empty output for that command. Also I can put anything (invalid user/pass) for the -l parameter, it still gives empty output. However if I put something invalid for the -r parameter I get errors.
Can you help me resolve this issue? You can do it by granting my account access to your docker registry. I believe read only access will be enough. I will start working on this issue on monday.
Please write on [email protected] if you have any thoughts/comments on this.
It's dead-easy to set up https://github.com/cesanta/docker_auth, should be enough for you to test with on a local instance.
I think it would be possible make a test case with the gitlab image too. I'll try it and report back here.
Here is some information about setting up a gitlab-ce installation with a registry for testing purpose:
Start gitlab-ce with:
docker run -d -p 8443:443 -p 8080:80 -p 2222:22 -p 4567:4567 --name gitlab gitlab/gitlab-ce
Create certificates to use for the registry:
docker exec -it gitlab bash
mkdir /etc/gitlab/ssl
cd /etc/gitlab/ssl
openssl req -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/CN=gitlab-issuer"
openssl x509 -in localhost.csr -out localhost.crt -req -signkey localhost.key -days 3650
exit
Then edit the config to enable registry:
docker exec -it gitlab vi /etc/gitlab/gitlab.rb
Find the line with registry_external_url and make it look like this:
registry_external_url 'https://localhost:4567'
Then reconfigure gitlab by restarting:
docker restart gitlab
You will have to wait a few minutes for it to start, then goto:
http://localhost:8080
A page where you select the root password should appear, after that you login as root. Select the plus sign at the top and create project. Name the project test1 and create it. Goto the registry tab.
There should be a line about how to login:
docker login localhost:4567
I was not able to login, I got an error here. But the next step if login works would be to try to push an image:
docker pull busybox
docker tag busybox localhost:4567/root/test1/myfirstimage
docker push localhost:4567/root/test1/myfirstimage