Comments (14)
Your approach is sane, but it could lead to security issues. I would recommend running your custom docker-api
code directly from the host, in lieu of telling your client to point at the Docker instance. This is because the unix socket interface is much more secure, only allowing clients on that host to communicate with it.
To pull an image, simply use Docker::Image.create
. For example if you're trying to pull my_repo:custom_tag
from a registry at registry.quay.io
you could do:
require 'docker'
# Increase the default timeout from 60s to 300s for long pulls
Docker.options = { :read_timeout => 300 }
# Pull the image from your registry
pulled_image = Docker::Image.create('fromImage' => 'registry.quay.io/my_repo', 'tag' => 'custom_tag')
# Interact with the pulled image
If you're looking to use Docker to deploy apps, I'd recommend using dockly, our other Docker-based gem that uses docker-api
to build packages. If you're using AWS, you can use our gem aerosol to coordinate deploys.
from docker-api.
Thanks for the feedback. I stumbled onto the approach of using Docker::Image.create
a bit earlier in the day and am seeing some oddness. I'm using the 1.10.1 docker-api gem and Docker.url
is pointing to a box running 0.9.0
pulled_image = Docker::Image.create('fromImage' => 'quay.io/REDACTED/new', 'tag' => 'latest')
~/.rvm/gems/ruby-1.9.3-p327/gems/docker-api-1.10.1/lib/docker/base.rb:16:in `initialize': Must have id, got: {"id"=>nil, :headers=>{}} (Docker::Error::ArgumentError)
Odd, because the repo certainly does exist up on quay
I should also mention it looks like authorization may be failing despite the fact that my test script sets Docker.creds
(which is used during the push up to quay). Here's some debug goodness from the server end:
2014/03/18 14:56:39 POST /v1.10/images/create?fromImage=quay.io%2FREDACTED%2Fnew&tag=latest
[/u01/docker|9e317d55] +job pull(quay.io/REDACTED/new, latest)
[debug] registry.go:58 Registry standalone header: ''
[debug] registry.go:58 Registry standalone header: ''
[debug] registry.go:716 Endpoint https://quay.io/v1/ is eligible for private registry auth. Enabling decorator.
[debug] registry.go:316 [registry] Calling GET https://quay.io/v1/repositories/REDACTED/new/images
[debug] http.go:168 https://quay.io/v1/repositories/REDACTED/new/images -- HEADERS: map[User-Agent:[docker/0.9.0 go/go1.2.1 git-commit/2b3fdf2 kernel/3.8.0-23-generic os/linux arch/amd64 ] Authorization:[Basic Og==]]
HTTP code: 403
from docker-api.
Try setting the EXCON_DEBUG
environment variable to true
when running your script -- that will show you tho raw docker output.
from docker-api.
I don't see anything useful when adding that level of debugging output:
excon.response {:body=>"{\"status\":\"Pulling repository quay.io/REDACTED/new\"}\r\n{\"errorDetail\":{\"message\":\"HTTP code: 403\"},\"error\":\"HTTP code: 403\"}\r\n", :headers=>{"Content-Type"=>"application/json", "Date"=>"Tue, 18 Mar 2014 16:49:24 GMT", "Connection"=>"close", "Transfer-Encoding"=>""}, :status=>200, :remote_ip=>"REDACTED"}
Seems the idea that Docker.creds
is not being used is reflected in the server output I posted earlier.
Also, bear in mind my use of 'REDACTED" in the snip above...
from docker-api.
@windowsrefund can you pull quay.io/foo/new
from the command line? If so, what do the registry logs look like in comparison to the POST /v1.10/images/create
above?
from docker-api.
From a shell on my Docker node, I can
sudo docker login --username="REDACTED" --password="REDACTED" https://quay.io/v1/
sudo docker pull quay.io/REDACTED/new
Something tells me this involves a deeper problem with Docker::Image#create
. For example, credentials
is clearly not being instantiated with Docker.creds
which means the headers are not being created. That's just part of the problem though from what I can determine....
from docker-api.
Cool. We'll take a look.
from docker-api.
@windowsrefund I found the issue in Docker::Image.create
, sending out a pull right now.
from docker-api.
😸
from docker-api.
Merged #110.
from docker-api.
Closing the issue, @windowsrefund feel free to re-open it if your issue persists.
from docker-api.
I have similar problem. I am trying to pull my image from my Docker Hub account.
dc = Docker::Connection.new("tcp://#{some_remote_ip_here}", {})
img = Docker::Image.create(
{'registry' => 'tikijian/tournament'},
{username: 'tikijian', password: '******', auth: '', email: 'my_email_here'},
dc
)
#=> Docker::Error::ArgumentError: Must have id, got: {"id"=>nil, :headers=>{"X-Registry-Auth"=>"eyJ1c2VybmFtZSI6InRpa2lqaWFuIiwicGFzc3dvcmQiOiIyMzYyMjk5OSIsImF1dGgiOiIiLCJlbWFpbCI6InRpbXVydDE5ODhAdHJpYW5nbGUuZ3MifQ=="}}
from docker-api.
Also, I tried changing 'registry' to 'fromImage', and something simple, like:
img = Docker::Image.create(
{'fromImage' => 'redis'},
{username: 'tikijian', password: '******', auth: '', email: 'my_email_here'},
dc
)
And still got that error.
Also excon debug says
:body => "{\"status\":\"Pulling repository redis\"}\r\n{\"errorDetail\":{\"message\":\"HTTP code: 500\"},\"error\":\"HTTP code: 500\"}\r\n"
from docker-api.
EDIT: I'm not really sure how, but it seems to be working now.
from docker-api.
Related Issues (20)
- Docker::Image.create raises 404 when there is not enough disk space
- Feature request: support docker system calls.
- Warning: URI.escape is obsolete (Ruby 2.7.0) HOT 4
- warning: URI.escape is obsolete HOT 1
- undefined method `copy' on 2.0.0 HOT 2
- validate_version! doesn't exist HOT 2
- Please tag v2 releases in github
- Docker version in README
- Docker::Container.get throws `no implicit conversion of nil into String (TypeError)` Error
- The default connection type should be application/x-tar HOT 1
- The connection content_type should be modified based on the type of operation occuring
- Question: is BuildKit supported, for SSH credentials specifically? HOT 2
- Cannot use Docker API gem with Docker Desktop on Windows HOT 2
- Parameters that accept (string) Paths should also accept Pathname objects
- Ability to read a file from the container by chunks
- .dockerignore support seems broken
- class Docker::Plugin object that maps to the Plugins section of the API
- How to pass env variables when starting a container? HOT 1
- The `:host` parameter should not be set for `unix://` connections. HOT 1
- Docker::Event.stream documentation should mention how to waive the read_timeout HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-api.