使用凭证将图像推送到私人码头注册表

Question

我目前正在运行注册表码头容器和ngnix码头容器，类似于this setup以保护我的私人码头注册表。我正在运行Jenkins，以便在Docker容器中自动构建我的应用程序，然后将容器推送到我的私人码头注册表。

问题出在我需要推送图像时。詹金斯（在一个容器中同时运行）执行包含以下步骤的shell脚本：

sudo docker run hello-world 
sudo docker tag -f hello-world localhost:5000/hello:latest 
sudo docker login -u username -p pass -e info@example.com localhost:5000/ 

sudo docker search localhost:5000/ 
sudo docker push localhost:5000/hello:latest 

然后构建失败，出现以下的输出：

Building in workspace /var/jenkins_home/jobs/HelloWorld/workspace [workspace] $ /bin/sh -xe /tmp/hudson6027890842360704977.sh 
+ sudo docker images 
REPOSITORY     TAG     IMAGE ID   CREATED    VIRTUAL SIZE 
registry     latest    e255d21840f8  2 days ago   422.9 MB 
jenkins      latest    fc39417bd5fb  13 days ago   708.2 MB 
nginx      latest    407195ab8b07  2 weeks ago   133.9 MB 
localhost:5000/hello  latest    0a6ba66e537a  3 months ago  960 B hello-world    latest    0a6ba66e537a  3 months ago  960 B 
+ sudo docker run hello-world 

Hello from Docker. This message shows that your installation appears to be working correctly. 

To generate this message, Docker took the following steps: 
1. The Docker client contacted the Docker daemon. 
2. The Docker daemon pulled the "hello-world" image from the Docker Hub. 
3. The Docker daemon created a new container from that image which runs the 
    executable that produces the output you are currently reading. 
4. The Docker daemon streamed that output to the Docker client, which sent it 
    to your terminal. 

To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash 

Share images, automate workflows, and more with a free Docker Hub account: https://hub.docker.com 

For more examples and ideas, visit: https://docs.docker.com/userguide/ 

+ sudo docker tag -f hello-world localhost:5000/hello:latest 
+ sudo docker login -u username -p pass -e info@example.com localhost:5000/ 
WARNING: login credentials saved in /root/.docker/config.json Login Succeeded 
+ sudo docker search localhost:5000/ 
NAME   DESCRIPTION STARS  OFFICIAL AUTOMATED 
library/hello     0   

+ sudo docker push localhost:5000/hello:latest 
The push refers to a repository [localhost:5000/hello] (len: 1) 
Sending image list Pushing repository localhost:5000/hello (1 tags) 
b901d36b6f2f: Pushing 

Please login prior to push: 
Username (username): EOF 
Build step 'Execute shell' marked build as failure 
Finished: FAILURE 

换句话说，我能跑标记hello-world容器。我可以登录到我的私人注册表并搜索它。但是，如果我想推送自己的图像，则需要再次进行验证。

希望有人知道一个简单的解决方案，到目前为止我找不到自己的一个。我运行码头版本1.9.1，在Ubuntu 14.04.3 LTS上构建a34a1d5。

Answer 1

我设法通过更改docker-compose.yml使用的github source代码来创建工作设置，因此它使用注册表v2（注册表：2.2是精确的）而不是v1，并添加了以下内容路线nginx.conf文件：

location /v2 { 
     if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go).*\$") { 
     return 404; 
     } 
     auth_basic "Registry realm"; 
     auth_basic_user_file docker-registry.htpasswd; 

     add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; 

     proxy_pass       http://docker-registry; 
     proxy_set_header Host    $http_host; 
     proxy_set_header X-Real-IP   $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header X-Forwarded-Proto $scheme; 
     #proxy_set_header Authorization ''; 
     proxy_read_timeout     900;  
    } 

注册V2 does not support searching the registry yet，所以我不得不从我的詹金斯建立以删除命令。现在，当我开始一项新工作时，所有工作都会正常工作，并且您好世界的图像被拉到，标记并推入（在登录注册表后）到我的私人注册表中。

詹金斯控制台输出：

Building in workspace /var/jenkins_home/jobs/HelloWorld/workspace [workspace] $ /bin/sh -xe /tmp/hudson56731521101471087.sh 
+ sudo docker run hello-world 
Unable to find image 'hello-world:latest' locally 
latest: Pulling from library/hello-world 
b901d36b6f2f: Pulling fs layer 
0a6ba66e537a: Pulling fs layer 
b901d36b6f2f: Verifying Checksum 
b901d36b6f2f: Download complete 
0a6ba66e537a: Verifying Checksum 
0a6ba66e537a: Download complete 
b901d36b6f2f: Pull complete 
0a6ba66e537a: Pull complete 
Digest: sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7 
Status: Downloaded newer image for hello-world:latest 

Hello from Docker. This message shows that your installation appears to be working correctly. 

To generate this message, Docker took the following steps: 
1. The Docker client contacted the Docker daemon. 
2. The Docker daemon pulled the "hello-world" image from the Docker Hub. 
3. The Docker daemon created a new container from that image which runs the 
    executable that produces the output you are currently reading. 
4. The Docker daemon streamed that output to the Docker client, which sent it 
    to your terminal. 

To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash 

Share images, automate workflows, and more with a free Docker Hub account: https://hub.docker.com 

For more examples and ideas, visit: https://docs.docker.com/userguide/ 

+ sudo docker tag -f hello-world localhost:5000/hello-world:latest 
+ sudo docker login -u username -p pass -e info@example.com localhost:5000/ 
WARNING: login credentials saved in /root/.docker/config.json Login Succeeded  
Login Succeeded 

+ sudo docker push localhost:5000/hello-world:latest 
The push refers to a repository [localhost:5000/hello-world] (len: 1) 
Sending image list Pushing repository localhost:5000/hello-world (1 tags) 
0a6ba66e537a: Preparing 
0a6ba66e537a: Pushing 
0a6ba66e537a: Pushed 
b901d36b6f2f: Preparing 
b901d36b6f2f: Pushing 
b901d36b6f2f: Pushed 
latest: digest: sha256:1c7adb1ac65df0bebb40cd4a84533f787148b102684b74cb27a1982967008e4b size: 2744 
Finished: SUCCESS 

虽然我现在有一个工作的设置，我还没有发现与使用注册表V1的问题的解决方案。