Could anyone point me to description of directory structure that docker registry relies on?
Background
I cannot pull docker image from our company's artifactory server. All my invocations of docker pull art.server.corp/repo/image:label end with error Unexpected EOF. My colleagues report the same issue.
I have asked for help to our Artifactory support, but waiting for their response takes time, and I don't believe in their result.
In the meanwhile I was able to download contents of that image from a browser through a www-interface of the Artifactory.
I've downloaded file manifest.json and bunch of files with names sha256__<long string with hash>.
Most of them are .tar.gz archives and one is in the JSON format.
How can I import these files into my local docker installation? My goal is to have the same container image as in the registry.
I am new to Docker.
I've tried docker load and docker import. The result is not that expected.
docker load complains about missing json files and does nothing.
$ for f in sha256* ; do docker load < $f ; done
open /var/lib/docker/tmp/docker-import-234007886/var/json: no such file or directory
...
open /var/lib/docker/tmp/docker-import-777861766/var/json: no such file or directory
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker import creates a separate image for each file, while they seem to be different layers of a single file system.
$ for f in sha256* ; do docker import $f image:label; done
sha256:a19634d70ff568616b9c42a0151ae8abbd6b915cb24e9d127e366e14453a0dd4
sha256:28c559e39d3be8267757ba8ca540c6b8440f66b71d4ed640fff1b42a04aa54c5
...
sha256:...
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
image label 7a4c9fe6210c About a minute ago 111MB
<none> <none> 654768c91f55 About a minute ago 404kB
<none> <none> 85d37d403e34 About a minute ago 1.37GB
<none> <none> 28c559e39d3b About a minute ago 63.2MB
Update
I have tried installing Artifactory-OSS with hope to import these blobs in it, but it seems, Docker is not supported in OSS.
Then I've decided to launch local docker registry and import them in it.
I have developed the following script that copies files to blobs and creates files named link.
#!/bin/zsh
source_dir=/path/to/downloaded/blobs
registrty_root=/mnt/volume/docker/registry/v2
image_name=image
image_tag=label
blobs=$registrty_root/blobs/sha256
repo_path=$registrty_root/repositories/$image_name
layers=$repo_path/_layers/sha256
manifests=$repo_path/_manifests/revisions/sha256
#debug=echo
debug=
for f in $source_dir/sha256* ; do
echo $f
bn=$(basename $f)
sha256=$(echo $bn | cut -c9-)
first2=$(echo $sha256 | cut -c-2)
blob_dir=$blobs/$first2/$sha256
layer_dir=$layers/sha256/$sha256
$debug mkdir -p $blob_dir
$debug cp -v $f $blob_dir/data
if [[ $(file $f)=~"gzip" ]] then ;
$debug mkdir -p $layer_dir
$debug echo "sha256:$sha256" > $layer_dir/link
else
$debug mkdir -p $manifests
$debug echo "sha256:$sha256" > $manifests/link
fi
done
man_sha256=$(sha256sum $source_dir/manifest.json)
first2=$(echo $man_sha256 | cut -c-2)
$debug mkdir -p $blobs/$first2/$man_sha256
$debug cp -v $source_dir/manifest.json $blobs/$first2/$man_sha256/data
$debug mkdir -p $manifests/$man_sha256
$debug echo "sha256:$man_sha256" > $manifests/$man_sha256/link
$debug mkdir -p $repo_path/_manifests/tags/$image_tag/{current,index/sha256/$man_sha256}
$debug echo "sha256:$man_sha256" > $repo_path/_manifests/tags/$image_tag/index/sha256/$man_sha256/link
$debug echo "sha256:$man_sha256" > $repo_path/_manifests/tags/$image_tag/current/link
Then I launch local docker registry: docker run -p 5000:5000 -v /mnt/volume/docker:/var/lib/registry registry:2
However, when I try to retrieve the image, I get error message:
$ docker pull localhost:5000/image:label
Error response from daemon: received unexpected HTTP status: 500 Internal Server Error
Docker console shows the following:
time="2021-01-18T14:04:54.269748704Z" level=error msg="response completed with error" err.code=unknown err.detail="invalid checksum digest format" err.message="unknown error" go.version=go1.11.2 http.request.host="localhost:5000" http.request.id=7d9fdc93-e74f-42d6-a722-81b51c371df5 http.request.method=HEAD http.request.remoteaddr="172.17.0.1:39770" http.request.uri="/v2/image/manifests/label" http.request.useragent="docker/20.10.2 go/go1.13.15 git-commit/8891c58 kernel/5.4.0-62-generic os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.2 \(linux\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=21.43068ms http.response.status=500 http.response.written=70 vars.name="image" vars.reference="label"
I've also consulted with this link: https://notsosecure.com/anatomy-of-a-hack-docker-registry/ and tried to request manifest from a browser. Tag list is retrieved successfully, but manifest gives error.
So, it looks like I'm missing something. Any help?
After closer acquaintance with Docker and Dockerfiles, I see that it was possible to rebuild this image from those archives using ADD instruction.
From https://docs.docker.com/engine/reference/builder/#add
If '< src >' is a local tar archive in a recognized compression format (identity, gzip, bzip2 or xz) then it is unpacked as a directory.
Related
I need to extract the filesystem of a debian image onto the host, modify it, then repackage it back into a docker image. I'm using the following commands:
docker export container_name > archive.tar
tar -xf archive.tar -C debian/
modifying the file system here
tar -cpjf archive-modified.tar debian/
docker import archive-modified.tar debian-modified
docker run -it debian-modified /bin/bash
After I try to run the new docker image I get the following error:
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/bin/bash": stat /bin/bash: no such file or directory: unknown.
ERRO[0000] error waiting for container: context canceled
I've tried the above steps without modifying the file system at all and I get the same behavior. I've also tried importing the output of docker export directly, and this works fine. This probably means I'm creating the new tar archive incorrectly. Can anyone tell me what I'm doing wrong?
Take a look at the archive generated by docker export:
# tar tf archive.tar | sort | head
bin/
bin/bash
bin/cat
bin/chgrp
bin/chmod
bin/chown
bin/cp
bin/dash
bin/date
bin/dd
And then at the archive you generate with your tar -cpjf ... command:
# tar tf archive-modified.tar | sort | head
debian/
debian/bin/
debian/bin/bash
debian/bin/cat
debian/bin/chgrp
debian/bin/chmod
debian/bin/chown
debian/bin/cp
debian/bin/dash
debian/bin/date
You've moved everything into a debian/ top-level directory, so there is no /bin/bash in the image (it would be /debian/bin/bash, and probably wouldn't work anyway because your shared libraries aren't in the expected location, either.
You probably want to create the updated archive like this:
# tar -cpjf archive-modified.tar -C debian/ .
AFAIK the error means that there is no file named agent.28198 in the mentioned directory, but upon listing its contents the file (local socket file) is clearly there. What could be the reason for docker's inability to get the socket?
Here is the full command scenario:
$ eval $(ssh-agent -s)
Agent pid 28199
$ ssh-add
Enter passphrase for /home/ubuntu/.ssh/id_rsa:
Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa)
$ DOCKER_BUILDKIT=1 docker build --ssh default -t my_image .
could not parse ssh: [default]: stat /tmp/ssh-qpL02JZP5k7x/agent.28198: no such file or directory
$ ls -l /tmp/ssh-qpL02JZP5k7x/
total 0
srw------- 1 ubuntu ubuntu 0 Sep 9 08:50 agent.28198
Docker is installed from snap - that's the culprit. It does not have access to /tmp folder because of that. To remediate, remove the package from snap - sudo snap remove docker and install it via dpkg (link).
I am new to docker I have been trying to install oracel-18xe in the docker
after installing Oracele-xe which seems to be working but
after running ./buildContainerImage.sh command
I got the following logs.
Removing intermediate container 3cd9a901da82
---> 3ed5c215ef81
Step 7/8 : HEALTHCHECK --interval=1m --start-period=5m CMD "$ORACLE_BASE/$CHECK_DB_FILE" >/dev/null || exit 1
---> Running in a1c6507ac3b9
Removing intermediate container a1c6507ac3b9
---> f48555c74740
Step 8/8 : CMD exec $ORACLE_BASE/$RUN_FILE
---> Running in c36aec16a658
Removing intermediate container c36aec16a658
---> a347238232be
Successfully built a347238232be
Successfully tagged oracle/database:18.4.0-xe
which seems correct, Then I run the command
sudo docker run --name myxedb -d -p 51521:1521 -p 55500:5500 -e ORACLE_PWD=<secret> -e ORACLE_CHARACTERSET=AL32UTF8 oracle/database:18.4.0-xe
that runs with out error but after running docker logs command
I found the following logs.
sed: can't read /etc/oratab: No such file or directory
/opt/oracle/runOracle.sh: line 194: /etc/init.d/oracle-xe-18c: No such file or directory
grep: /etc/oratab: No such file or directory
#####################################
########### E R R O R ###############
DATABASE SETUP WAS NOT SUCCESSFUL!
Please check output for further info!
########### E R R O R ###############
#####################################
The following output is now a tail of the alert.log:
/opt/oracle/checkDBStatus.sh: line 18: oraenv: No such file or directory
tail: cannot open '/opt/oracle/diag/rdbms/*/*/trace/alert*.log' for reading: No such file or directory
tail: no files remaining
but when I run docker ps command I have not found any container running
then after googling I found an other variation the command
sudo docker run --name myxedb2 -d -i -t -p 51521:1521 -p 55500:5500 -e ORACLE_PWD=<secret> -e ORACLE_CHARACTERSET=AL32UTF8 oracle/database:18.4.0-xe /bin/bash
after that I was able to see the results in the docker ps command.
but docker logs command is showing nothing.
I have some questions here.
first of-all why the first docker run command was not running and docker logs command showing logs which is quite normal.
secondly why the second command is showing all good but docker logs are showing nothing.
and 3rdly the docker images command shows the following out put at my side
REPOSITORY TAG IMAGE ID CREATED SIZE
oracle/database 18.4.0-xe a347238232be 2 days ago 319MB
oraclelinux 7-slim 0a28ba78f4c9 7 weeks ago 132MB
but the forums I am following shows the the size which is quite different from my side.
REPOSITORY TAG IMAGE ID CREATED SIZE
oracle/database 18.4.0-xe 926f4349b277 12 minutes ago 5.89GB
oraclelinux 7-slim 153f8d73287e 8 weeks ago 131MB
Need suggesting and help needed here, thanks advance.
Regards,
I have list of .tar docker image files , I have tried loading docker images using below commands
docker load -i *.tar
docker load -i alldockerimages.tar
where alldockerimages.tar contains all individual tar files .
Let me know how we can load multiple tar files.
Using xargs:
ls -1 *.tar | xargs --no-run-if-empty -L 1 docker load -i
(A previous revision left off the -i flag to "docker load".)
First I attempted to use the glob expression approach you first described:
# download some images to play with
docker pull alpine
docker pull nginx:alpine
# stream the images to disk as tarballs
docker save alpine > alpine.tar
docker save nginx:alpine > nginx.tar
# delete the images so we can attempt to load them from scratch
docker rmi alpine nginx:alpine
# issue the load command to try and load all images at once
cat *.tar | docker load
Unfortunately this only resulted in alpine.tar being loaded. It was my (presumably faulty) understanding that the glob expression would be expanded and ultimately cause the docker load command to be run for every file into which the glob expression expanded.
Therefore, one has to use a shell for loop to load all tarballs sequentially:
for f in *.tar; do
cat $f | docker load
done
Use the script described in save-load-docker-images.sh to save or load the images. For your case it would be
./save-load-docker-images.sh load -d <directory-location>
You can try the next option using find:
find -type f -name "*.tar" -exec docker load --input "{}" \;
I'm trying to follow a tutorial on https://www.ctl.io/developers/blog/post/docker-networking-rules/, which contains the following:
As I understand it, the code
FROM ubuntu:trusty
MAINTAINER Laura Frank <laura.frank#centurylink.com>
CMD while true; do echo 'hello world' | nc -l -p 8888; done
Is the content of a Dockerfile, which can be put in a newly created, empty directory and build using the command docker build ..
I don't quite understand however how to 'name' the image no-exposed-ports? Am I supposed to use tagging (the -t option) as in the example in https://docs.docker.com/engine/tutorials/dockerimages/?
I believe that by 'naming' the Docker image it is indeed meant that you use a tag. I used the command
docker build -t no-exposed-ports .
which gives the following response:
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM ubuntu:trusty
---> 3f755ca42730
Step 2 : CMD while true; do echo 'hello world' | nc -l -p 8888; done
---> Using cache
---> b8a7551d0ed9
Successfully built b8a7551d0ed9
From the command docker images I can see that no-exposed-ports is the name of the REPOSITORY, and the default tag latest has been assigned:
REPOSITORY TAG IMAGE ID CREATED SIZE
no-exposed-ports latest b8a7551d0ed9 18 minutes ago 188 MB
Finally, running with the command
docker run -d --name no-exposed-ports no-exposed-ports
produces a long hash as in the example on the blog:
eb39d8ef68826510f4c964ad586ff04b9e334433538d9d69a39aa0ec44d6701f