Comments (8)
danieljuhl
commented on May 24, 2024
1
For your reference, I have already opened an issue in moby/moby#33929
from shepherd.
caoer
commented on May 24, 2024
probably need to pass the credential about the private registry info into docker environment.
I tried running ./shepherd on the host machine, the updates works.
from shepherd.
danieljuhl
commented on May 24, 2024
@caoer you are probably right.. how to pass/expose the credentials to shepherd? And how to ensure that shepherd has access to the credentials used during service create? Let's say I create a shepherd service, and then add new services to the swarm. I would then manually have to re-create the shepherd service, or?
from shepherd.
caoer
commented on May 24, 2024
to pass credential, use docker's environment virable, and then passed into the shepherd script.
I dont' think it needs manually re-create the service, if manually...this script just makes no sense.
checkout the script, It runs docker command docker service inspect to find out which service needs to run update command. If in the swarm environment, I believe it will be fine if it runs on manager node.
I'm just too lazy/busy...so I'm fine with running outside of docker for it...But It is a wonderful idea, and PRs are always welcome!
from shepherd.
djmaze
commented on May 24, 2024
Just had a quick look this. Yes, the credentials have to be passed somehow. Unfortunately I won't have time to look at this until the week after next. In the meantime, as @caoer said, PR's are welcome ;)
from shepherd.
danieljuhl
commented on May 24, 2024
@djmaze I'm more than happy to help - but to be honest.. I have no idea where to start :)
I think for it to really work, the credentials has to be "exposed" from the host. If you'd have to pass the credentials manually to the shepherd service, you would also have to know in advance which services in running and will be running in the swarm.
So ideally, shepherd should (if possible) use the credentials from the host, as Docker already make sure, that all manager nodes is having access to the registry auth, and has the possibility to pass these credentials to the worker nodes.
from shepherd.
tbenton
commented on May 24, 2024
To work around the problem, we are using secrets to pass the credentials for our registry. Added a docker login inside the shepherd script. Our private repository images now update correctly.
@danieljuhl Thank you for outlining a solution.
from shepherd.
ledermann
commented on May 24, 2024
I stumbled upon the same issue and found the following solution:
- Use the fork of @pdeveltere with the WITH_REGISTRY_AUTH env
- Mount
/root/.docker/config.jsonto the service, so the service has access to the credentials
docker service create --name shepherd \
--constraint "node.role==manager" \
--env SLEEP_TIME="1m" \
--env BLACKLIST_SERVICES="shepherd" \
--env WITH_REGISTRY_AUTH="true" \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \
--mount type=bind,source=/root/.docker/config.json,target=/root/.docker/config.json,ro \
ledermann/shepherd
This works fine for me (with an image build by myself). Will add a PR about this soon.
from shepherd.
Related Issues (20)
- Switch default branch from `master` to `main`
- Can't update some services: no such manifest HOT 9
- This seems like a perfectly valid way to deploy this seeing as it seems a bit inconsistent documentation wise HOT 2
- armhf support HOT 2
- Update containers in other DockerSwarm stacks HOT 1
- Shepherd updates back and forth between sha version and latest HOT 16
- How does it determine if there is an update or not? HOT 5
- latest does not exist or it is not available HOT 10
- Latest not available or does not exist HOT 10
- Auto Image delete HOT 6
- Multiple Registries HOT 1
- Crazymax cron cotainer not starting HOT 1
- Excessive amount of image pulls HOT 7
- Allow insecure-registries HOT 5
- Cannot access to INSECURE registry while adding WITH_INSECURE_REGISTRY to true HOT 1
- [Question] Default docker auth for private registry HOT 4
- Docker Swarm - cannot service with update multiple replicas HOT 3
- Request: Notification on completion HOT 5
- Looking for a new maintainer HOT 25
- Service gets stuck when calling "docker service update" and won't progress HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shepherd.