pull images or starting containers from registry hosted images about docker-api HOT 14 CLOSED

Your approach is sane, but it could lead to security issues. I would recommend running your custom docker-api code directly from the host, in lieu of telling your client to point at the Docker instance. This is because the unix socket interface is much more secure, only allowing clients on that host to communicate with it.

To pull an image, simply use Docker::Image.create. For example if you're trying to pull my_repo:custom_tag from a registry at registry.quay.io you could do:

require 'docker'

# Increase the default timeout from 60s to 300s for long pulls
Docker.options = { :read_timeout => 300 }

# Pull the image from your registry
pulled_image = Docker::Image.create('fromImage' => 'registry.quay.io/my_repo', 'tag' => 'custom_tag')

# Interact with the pulled image

If you're looking to use Docker to deploy apps, I'd recommend using dockly, our other Docker-based gem that uses docker-api to build packages. If you're using AWS, you can use our gem aerosol to coordinate deploys.

from docker-api.

Thanks for the feedback. I stumbled onto the approach of using Docker::Image.create a bit earlier in the day and am seeing some oddness. I'm using the 1.10.1 docker-api gem and Docker.url is pointing to a box running 0.9.0

pulled_image = Docker::Image.create('fromImage' => 'quay.io/REDACTED/new', 'tag' => 'latest')

~/.rvm/gems/ruby-1.9.3-p327/gems/docker-api-1.10.1/lib/docker/base.rb:16:in `initialize': Must have id, got: {"id"=>nil, :headers=>{}} (Docker::Error::ArgumentError)

Odd, because the repo certainly does exist up on quay

I should also mention it looks like authorization may be failing despite the fact that my test script sets Docker.creds (which is used during the push up to quay). Here's some debug goodness from the server end:

2014/03/18 14:56:39 POST /v1.10/images/create?fromImage=quay.io%2FREDACTED%2Fnew&tag=latest
[/u01/docker|9e317d55] +job pull(quay.io/REDACTED/new, latest)
[debug] registry.go:58 Registry standalone header: ''
[debug] registry.go:58 Registry standalone header: ''
[debug] registry.go:716 Endpoint https://quay.io/v1/ is eligible for private registry auth. Enabling decorator.
[debug] registry.go:316 [registry] Calling GET https://quay.io/v1/repositories/REDACTED/new/images
[debug] http.go:168 https://quay.io/v1/repositories/REDACTED/new/images -- HEADERS: map[User-Agent:[docker/0.9.0 go/go1.2.1 git-commit/2b3fdf2 kernel/3.8.0-23-generic os/linux arch/amd64 ] Authorization:[Basic Og==]]
HTTP code: 403

from docker-api.

Try setting the EXCON_DEBUG environment variable to true when running your script -- that will show you tho raw docker output.

from docker-api.

I don't see anything useful when adding that level of debugging output:

excon.response  {:body=>"{\"status\":\"Pulling repository quay.io/REDACTED/new\"}\r\n{\"errorDetail\":{\"message\":\"HTTP code: 403\"},\"error\":\"HTTP code: 403\"}\r\n", :headers=>{"Content-Type"=>"application/json", "Date"=>"Tue, 18 Mar 2014 16:49:24 GMT", "Connection"=>"close", "Transfer-Encoding"=>""}, :status=>200, :remote_ip=>"REDACTED"}

Seems the idea that Docker.creds is not being used is reflected in the server output I posted earlier.
Also, bear in mind my use of 'REDACTED" in the snip above...

from docker-api.

@windowsrefund can you pull quay.io/foo/new from the command line? If so, what do the registry logs look like in comparison to the POST /v1.10/images/create above?

from docker-api.

From a shell on my Docker node, I can

sudo docker login --username="REDACTED" --password="REDACTED" https://quay.io/v1/
sudo docker pull quay.io/REDACTED/new

Something tells me this involves a deeper problem with Docker::Image#create. For example, credentials is clearly not being instantiated with Docker.creds which means the headers are not being created. That's just part of the problem though from what I can determine....

from docker-api.

Cool. We'll take a look.

from docker-api.

@windowsrefund I found the issue in Docker::Image.create, sending out a pull right now.

from docker-api.

😸

from docker-api.

Merged #110.

from docker-api.

Closing the issue, @windowsrefund feel free to re-open it if your issue persists.

from docker-api.

I have similar problem. I am trying to pull my image from my Docker Hub account.

dc = Docker::Connection.new("tcp://#{some_remote_ip_here}", {})

img = Docker::Image.create(
    {'registry' => 'tikijian/tournament'}, 
    {username: 'tikijian', password: '******', auth: '', email: 'my_email_here'}, 
    dc
)

#=> Docker::Error::ArgumentError: Must have id, got: {"id"=>nil, :headers=>{"X-Registry-Auth"=>"eyJ1c2VybmFtZSI6InRpa2lqaWFuIiwicGFzc3dvcmQiOiIyMzYyMjk5OSIsImF1dGgiOiIiLCJlbWFpbCI6InRpbXVydDE5ODhAdHJpYW5nbGUuZ3MifQ=="}}

from docker-api.

Also, I tried changing 'registry' to 'fromImage', and something simple, like:

img = Docker::Image.create(
    {'fromImage' => 'redis'}, 
    {username: 'tikijian', password: '******', auth: '', email: 'my_email_here'}, 
    dc
)

And still got that error.
Also excon debug says

:body => "{\"status\":\"Pulling repository redis\"}\r\n{\"errorDetail\":{\"message\":\"HTTP code: 500\"},\"error\":\"HTTP code: 500\"}\r\n"

from docker-api.

EDIT: I'm not really sure how, but it seems to be working now.

from docker-api.