clairctl
clairctl copied to clipboard
jgsqware
Fix Layer paths for local repos
The current implementation of the layer push code replaces the repository endpoint with the local IP. This works great for images that are being pulled from docker hub or have no repository component to their tags. It fails when the image is local, but there is a registry endpoint. If the remote registry model worked in all cases, this change would not be necessary. For the time being, it appears that clairctl doesn't work with ECR credentials, so the --local route is necessary.
Thanks for your contribution.
For the credential problem, Clairctl use the docker login command to log into the registry. So have you logged you before with docker login?
hm. since I still struggle with the same problem (analysing images from a private repo) I tried this patch too. not working for me ... @leopoldodonnell did you miss to include another change?
with
clairctl analyze --local <registry>/image:0.0.2-rc1-3 --log-level debug
2017-05-11 12:21:15.690227 D | config: interface provided, looking for eth0
2017-05-11 12:21:15.690556 I | clair: using http://10.61.61.23:0/local as local url
2017-05-11 12:21:15.697890 D | server: Update local server port from "0" to "52595"
2017-05-11 12:21:15.698220 I | server: Starting Server on 10.61.61.23:52595
but
2017-05-11 12:21:16.008731 W | detectors: could not download layer: Get http://10.61.61.23:0/local/<id>/layer.tar: dial tcp 10.61.61.23:0: getsockopt: connection refused
2017-05-11 12:21:16.010554 E | worker: layer 7563c5fe78c2cd1cb9c58b3333df4cb1cd5764fb81b22bdab673767b0aedb82a:
port 0 is definitely not the one we want to request something from
@leopoldodonnell here is a patch to apply to your PR, that should work,
