Docker: How to prevent the use of latest image from docker registry? - docker

I was using centos image from https://registry.hub.docker.com/u/blalor/centos/
For some reason Blalor decided to remove passwd from the list of packages installed on the base image and my dockers stopped working on new deployments. Why does not docker know the build which was used for my dockers? I have had to change my base images now and change every server's docker image.
I could not use the tag feature because there is the tagging for the blalor's images? Do I have to use the source code and host the centos image myself so that it does not change again?

You do not need to use sources. If you have a working image, you can do docker history <your image> to see the image ID that was used and tag the proper one into shortfellow/centos. If you do not have a working image, on the link you provided, there is a build detail section with the history of build. You can see that on January 13th, 2014, it has been built and the image then was a531daec9f98. You can do FROM a531daec9f98 on your dockerfile to make sure it will never change or you can docker tag a531daec9f98 shortfellow/centos (you will need to docker pull a531daec9f98 before).
It is very similar to git in a sense that if you are using someone's repository, and if that someone does not use tags or branches, when he updates his reposiroty and you re pull, you will have the latest version with the new changes. In order to get back to the version you liked, you need to find the commit id. The solution would be to fork the repository. Which you can do on Docker by tagging the image under you username and pushing to a registry (docker push username/image)

Related

How do I get the last push of an image with the x.x tag if I already have an old push of an x.x image?

In 2019, I made a pull image of Python 3.6. After that, I was sure that the image was self-updating (I did not use it actively, I just hoped that the latest pushes themselves were pulled from the repository or something like that), but I was surprised when I accidentally noticed the download/creation date is 2019.
Q: How does image pull work? Are there flags so that the layer hash/its relevance* is checked every time the image is built? Perhaps there is a way to set this check through the docker daemon config file? Or do I have to delete the base image every time to get a new image?
What I want: So that every time I build my images, the base image is checked for the last push (publication of image) in the docker hub repository.
Note: I'm talking about images with an identical tag. Also, I'm not afraid to re-build my images, there is no purpose to preserve them.
Thanks.
You need to explicitly docker pull the image to get updates. For your custom images, there are docker build --pull and docker-compose build --pull options that will pull the base image (though there is not a "pull" option for docker-compose up --build).
Without this, Docker will never check for updates for an image it already has. If your Dockerfile starts FROM python:3.6 and you already have a local image with that name and tag, Docker just uses it without contacting Docker Hub. If you don't have it then Docker will pull it, once, and then you'll have it locally.
The other thing to watch for is that the updates do eventually stop. If you look at the Docker Hub python image page you'll notice that there are no longer rebuilds for Python 3.5. If you pin to a very specific patch version, the automated builds generally only build the latest patch version for each supported minor version; if your image is FROM python:3.6.11 it will never get updates because 3.6.12 is the latest 3.6.x version.

how to keep docker images if pulling newer image

I'm using some docker images, which I have pulled from a registry:
docker pull registry.example.com/project/backend:latest
docker pull registry.example.com/project/frontend:latest
Now there is a new version on the server registry. If I do a new pull, I will overwrite the current images. But I need to keep the current working images in case I do get some problems with the newest latest images.
So, how do I create a kind of backup of my running backend:latest and frontend:latest? After that I can pull the latest latest image and in case I need to, I can use the old working images...
To keep the current image on your local environment you can use docker tag
docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
For example:
docker tag registry.example.com/project/backend:latest registry.example.com/project/backend:backup
Then when you pull the latest, the registry.example.com/project/backend:backup still existing
Pulling an image never deletes an existing image. However, if you have an image with the same name, the old image will become unnamed, and you'll have to refer to it by its image ID.
You've now seen the downside to using :latest tags. This is why it is better to reference an image by a specific version tag that the maintainer won't re-push.
First, you shouldn't be using latest in production environments. Rather define a tag you confirmed working.
And instead of executing stuff in an image to set it up, you should write a Dockerfile and make the installation repeatable and create your local image. That's actually one of the main reasons why docker is used.

Pulling Docker Images - Manifest not found

I'm trying to download a tagged docker image
docker pull clkao/postgres-plv8:10-2
and, in a compose file,
postgres:
image: clkao/postgres-plv8:10-2
But receive a manifest not found exception.
Unless I'm mistaken, that tag exists in Docker Hub, however I notice that it doesn't appear on the tags list.
Am I doing something wrong? Or is this perhaps an issue with Docker Hub or the way that repo has been set up?
If it isn't 'my fault', what's a recommendation to move forward? Create my own Dockerfile perhaps?
You might also try
docker pull -a <image>.
The -a will pull all versions of that image, which at least lets you know what is there.
(This is less useful if you really need a specific version, but helped me when I tried to pull an image that for some reason did not have a 'latest' tag.)
Edit: This is actually a really bad idea, since it will pull down the entire history, which for many repositories could be many GB. Better to go look at the repository site and see what tag you want. Note to self: don't post answers when you are tired. :-(
You get the error message because there exist no tag with "10-2".
You can try to figure out why and contact the repository owner or you can try to build your own one.
I just got over this "manifest for / not found: manifest unknown: The named manifest is not known to the registry."
Using
docker login <repo>
Check the docker's image also not only that the tag exists, I was trying to run Flyway version 5.0.1 for an image flyway/flyway which version did not exist, it existed only in version flyway/flyway:latest it seems, whereas 5.0.1 existed and I pulled it but in/from a different repository name, with repository name boxfuse/flyway.
for the error message 'docker manifest unknown'
When you use docker pull, without a tag, it will default to the tag :latest. Make sure that when we are building a image add tag latest or we can access the image by the tag name after image name with colon
I think you are trying to tag your image as v8.10.2. Make sure while tagging image locally you use same tag which you want to pull in future. So steps will be like below:
docker build -t clkao/postgres-pl:v8.10.2 .
docker push clkao/postgres-pl:v8.10.2
docker pull clkao/postgres-pl:v8.10.2
If this is from Git via docker.pkg.github.com then you need to switch to use ghcr.io. The former is deprecated and does not support the manifest endpoint so some docker clients, when they attempt to download various resources, fail with this error message. If you instead publish your image to ghcr (Github Container Repository), the docker image pulling process should complete successfully.
cd <dir with Dockerfile in it>
docker build -f Dockerfile -t ghcr.io/<org_id>/<project_id>:<version> .
docker push ghcr.io/<org_id>/<project_id>:<version>
More info here: https://docs.github.com/en/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry
Note: The Container registry is currently in public beta and subject
to change. During the beta, storage and bandwidth are free. To use the
Container registry, you must enable the feature preview. For more
information, see "Introduction to GitHub Packages" and "Enabling
improved container support with the Container registry."

Tag not found in repository docker.io/minio

We have been using locked version of the Minio image (RELEASE.2016-10-07T01-16-39Z), but now it seems to have been removed.
I'm getting this from Docker:
Pulling minio (minio/minio:RELEASE.2016-10-07T01-16-39Z)...
Pulling repository docker.io/minio/minio
ERROR: Tag RELEASE.2016-10-07T01-16-39Z not found in repository docker.io/minio/minio
I'm finding Docker hub hard to navigate. Where can I find a list of available versioned images, or a mirror to my exact image?
You can find the available tags for minio/minio on that repository's tag page.
If you have the image you want already downloaded on any of your systems, you can push it to Docker Hub yourself, then pull it onto your other systems. This has the benefit that you can control whether you delete that image (it's your account, not someone else's).
You can also use a private registry, if you want, which would prevent Docker from deleting the image from Docker Hub against your will for some reason. But that is extra work you may not wish to do (you would have to host the registry yourself, set it up, maintain it...)
We removed the docker version due to incompatibilities, from the recent releases it won't happen.

do I need to manually tag "latest" when pushing to docker public repository?

Suppose I have an image me/mystuff:v0.0.1
I find if I push it to the repository:
docker push me/mystuff:v0.0.1
latest is not created, and on a pull from another machine it will complain, e.g.
ssh me#faraway
(faraway) $ docker run -it me/mystuff /bin/bash
will result in a not found error for me/mystuff:latest
I can add the latest tag and push explicitly to the public repository:
docker login me
docker tag me/mystuff:v0.0.1 me/mystuff:latest
docker push me/mystuff:latest
and then from another machine:
docker pull me/mystuff
will work because latest exists.
I am also finding that once latest exists, it does not auto update when a new numbered version is pushed.
Can I somehow eliminate this step of manually tagging latest and have latest automatically point to the latest numbered version?
Or is it there for a reason, like allowing the separation of development versions (tagged with a vN.N.N only) from the production version (tagged latest)?
The latest is just the default value of the tag if none is specified. If you push a tagged image it does not replace the current image tagged with latest.

Resources