1. 首页
  2. 问答
  3. 如何通过Docker Hub API确定标签的Docker镜像ID?

如何通过Docker Hub API确定标签的Docker镜像ID?

2017-01-23 106 views
7

给定一个'latest`标签,我们想要在Docker Hub上找到另一个具有相同图像ID的标签。如何通过Docker Hub API确定标签的Docker镜像ID?

这里是如何找出所有标签与泊坞枢纽API V2回购:

TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "'${UNAME}'", "password": "'${UPASS}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token) 
curl -s -H "Authorization: JWT ${TOKEN}" https://hub.docker.com/v2/repositories/fluent/fluentd/tags/?page_size=100 | jq

(见gist.github.com/kizbitz

不幸的是,它不包含图像ID,但总是此密钥的空值:

$ curl -s -H "Authorization: JWT ${TOKEN}" https://hub.docker.com/v2/repositories/fluent/fluentd/tags/?page_size=100 | jq 
{ 
    "count": 36, 
    "next": null, 
    "previous": null, 
    "results": [ 
... 
    { 
     "name": "v0.14.11", 
     "full_size": 11964464, 
     "id": 7084687, 
     "repository": 219785, 
     "creator": 2923, 
     "last_updater": 2923, 
     "last_updated": "2016-12-27T07:16:41.294807Z", 
     "image_id": null, 
     "v2": true, 
     "platforms": [ 
     5 
     ] 
    }, 
...

不幸的是,图像ID与上面JSON中的“id”有些不同。

$ docker images | grep fluent 
docker.io/fluent/fluentd     v0.14.11   1441d57beff9  3 weeks ago   38.25 MB

从理论上讲,它应该可以访问泊坞窗舱单及沿与此泊坞注册调用图像ID,但它并没有帮助:

$ curl -s -H "Authorization: JWT ${TOKEN}" "https://registry.hub.docker.com/v2/fluent/fluentd/manifests/latest" 
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Name":"fluent/fluentd","Action":"pull"}]}]}

(见stackoverflow.com

以下是Docker GitHub仓库中的类似问题,但我仍然无法找出解决方案:https://github.com/docker/distribution/issues/1490

P.S:这是我的泊坞窗版本,我试图把测试图像:

$ docker version 
Client: 
Version:   1.12.6 
API version:  1.24 
Package version: docker-common-1.12.6-5.git037a2f5.fc25.x86_64 
Go version:  go1.7.4 
Git commit:  037a2f5/1.12.6 
Built:   Wed Jan 18 12:11:29 2017 
OS/Arch:   linux/amd64

来源

2017-01-23 Janux

回答

9

泊坞注册表API v2的图像消化,而不是图像ID来区分图像的身份。

摘要可以从HTTP响应报头的Docker-Content-Digest通过使下面的API调用来获得的图像:

$ REPOSITORY=fluent/fluentd 

$ TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPOSITORY:pull" | jq -r .token) 

$ curl -s -D - -H "Authorization: Bearer $TOKEN" -H "Accept: application/vnd.docker.distribution.manifest.v2+json" https://index.docker.io/v2/$REPOSITORY/manifests/latest 
HTTP/1.1 200 OK 
Content-Length: 1982 
Content-Type: application/vnd.docker.distribution.manifest.v2+json 
Docker-Content-Digest: sha256:eaea1edffc34cff3b5e31ee738ea56e46326f90731b4139a19948814a4f0a4db 
Docker-Distribution-Api-Version: registry/2.0 
Etag: "sha256:eaea1edffc34cff3b5e31ee738ea56e46326f90731b4139a19948814a4f0a4db" 
Date: Tue, 24 Jan 2017 13:34:53 GMT 
Strict-Transport-Security: max-age=31536000 
...

所有标签可以用下面的API调用来获得:

$ curl -s -H "Authorization: Bearer $TOKEN" https://index.docker.io/v2/$REPOSITORY/tags/list 
{"name":"fluent/fluentd","tags":["edge-onbuild","edge","jemalloc","latest-onbuild","latest","onbuild","stable-onbuild","stable","ubuntu-base","v0.12-latest-onbuild","v0.12-latest","v0.12-onbuild","v0.12.16","v0.12.18","v0.12.19","v0.12.20","v0.12.21","v0.12.23","v0.12.24","v0.12.26-2","v0.12.26-onbuild","v0.12.26","v0.12.27-onbuild","v0.12.27","v0.12.28-onbuild","v0.12.28","v0.12.29-onbuild","v0.12.29","v0.12.30-onbuild","v0.12.30","v0.12.31-onbuild","v0.12.31","v0.12","v0.14-latest-onbuild","v0.14-latest","v0.14-onbuild","v0.14.1","v0.14.10-onbuild","v0.14.10","v0.14.11-onbuild","v0.14.11","v0.14.2","v0.14.6","v0.14.8","v0.14"]}

基于在上面,为了找到与特定标签相同的摘要,它将是如下的脚本。

#!/bin/bash 

REPOSITORY=$1 
TARGET_TAG=$2 

# get authorization token 
TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPOSITORY:pull" | jq -r .token) 

# find all tags 
ALL_TAGS=$(curl -s -H "Authorization: Bearer $TOKEN" https://index.docker.io/v2/$REPOSITORY/tags/list | jq -r .tags[]) 

# get image digest for target 
TARGET_DIGEST=$(curl -s -D - -H "Authorization: Bearer $TOKEN" -H "Accept: application/vnd.docker.distribution.manifest.v2+json" https://index.docker.io/v2/$REPOSITORY/manifests/$TARGET_TAG | grep Docker-Content-Digest | cut -d ' ' -f 2) 

# for each tags 
for tag in ${ALL_TAGS[@]}; do 
    # get image digest 
    digest=$(curl -s -D - -H "Authorization: Bearer $TOKEN" -H "Accept: application/vnd.docker.distribution.manifest.v2+json" https://index.docker.io/v2/$REPOSITORY/manifests/$tag | grep Docker-Content-Digest | cut -d ' ' -f 2) 

    # check digest 
    if [[ $TARGET_DIGEST = $digest ]]; then 
    echo "$tag $digest" 
    fi 
done

结果如下:

$ ./find_same_digest.sh fluent/fluentd latest 
latest sha256:eaea1edffc34cff3b5e31ee738ea56e46326f90731b4139a19948814a4f0a4db 
stable sha256:eaea1edffc34cff3b5e31ee738ea56e46326f90731b4139a19948814a4f0a4db 
v0.12.31 sha256:eaea1edffc34cff3b5e31ee738ea56e46326f90731b4139a19948814a4f0a4db 
v0.12 sha256:eaea1edffc34cff3b5e31ee738ea56e46326f90731b4139a19948814a4f0a4db

如果要检查本地图像的摘要,你可以用docker images --digests得到它:

$ docker images --digests | grep fluentd 
fluent/fluentd     latest    sha256:eaea1edffc34cff3b5e31ee738ea56e46326f90731b4139a19948814a4f0a4db 1788ee7dcfcc  14 hours ago  35.41 MB

来源

2017-01-24 13:53:44 minamijoyo

+0

小纸条,因为你只希望头文件使用'curl -I'来做一个HTTP HEAD。另外,'-i'与'-D -'完全相同。 –

相关问题

 相关问题