Date
1 - 6 of 6
Running Docker private images on CF
|
dharmi
We have CF v214 with Diego deployed on AWS.
I am able to successfully create apps from Docker public repo, as per the apidocs <http://apidocs.cloudfoundry.org/214/apps/creating_an_app.html> , but, while creating apps from the Docker private repos, I see the below error from 'cf logs' when starting the app. [API/0] OUT Updated app with guid bcb8f363-xyz ({"route"=>"5af6948b-xyz"}) [API/0] OUT Updated app with guid bcb8f363-xyz ({"state"=>"STARTED"}) [STG/0] OUT Creating container [STG/0] OUT Successfully created container [STG/0] OUT Staging... [STG/0] OUT Staging process started ... [STG/0] ERR Staging process failed: Exit trace for group: [STG/0] ERR builder exited with error: failed to fetch metadata from [:dockerid/go-app] with tag [latest] and insecure registries [] due to HTTP code: 404 [STG/0] OUT Exit status 2 [STG/0] ERR Staging Failed: Exited with status 2 [API/0] ERR Failed to stage application: staging failed cf curl command for reference. cf curl /v2/apps -X POST -H "Content-Type: application/json" -H "Authorization: bearer *accessToken*" -d ' {"name": "myapp", "space_guid": "71b22eba-xyz", "docker_image": ":dockerid/go-app", "diego": true, "docker_credentials_json": {"docker_login_server": "https://index.docker.io/v1/", "docker_user": ":dockerid", "docker_password": ":dockerpwd", "docker_email": ":email" } }' Looking at the apidocs, the 'Example value' for 'docker_credentials_json' indicates a Hash value (#<RspecApiDocumentation::Views::HtmlExample:0x0000000bb883e0>), but looking inside the code, we found the below JSON format. let(:docker_credentials) do { docker_login_server: login_server, docker_user: user, docker_password: password, docker_email: email } Pls correct me if I am missing something. Thanks, Dharmi -- View this message in context: http://cf-dev.70369.x6.nabble.com/Running-Docker-private-images-on-CF-tp1148.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
Gwenn Etourneau
t "#<RspecApiDocumentation::Views::HtmlExample:0x0000000bb883e0>" To be a
toggle quoted message
Show quoted text
bug in the Documentation tracked here https://www.pivotaltracker.com/n/projects/1003146/stories/100845526 Real example is ( https://github.com/cloudfoundry/cloud_controller_ng/blob/dfcb9553bab8ca8c430a399620b5b4a028bdd2f7/spec/api/documentation/apps_api_spec.rb#L49 ) { 'docker_user' => 'user name', 'docker_password' => 's3cr3t', 'docker_email' => 'email(a)example.com', 'docker_login_server' => 'https://index.docker.io/v1/' } But you error 404 just mean something was not found host, docker image not sure which one On Wed, Aug 12, 2015 at 1:32 AM, dharmi <dharmi(a)gmail.com> wrote:
We have CF v214 with Diego deployed on AWS. |
|
|
|
Eric Malm <emalm@...>
Hi, Dharmi,
toggle quoted message
Show quoted text
In order to run private docker images (that is, ones that require user/password/email authentication with the registry), you'll have to stage them into the optional diego-docker-cache deployed alongside Diego. The BOSH release is located at https://github.com/cloudfoundry-incubator/diego-docker-cache-release. If you've already deployed Diego using the spiff-based manifest-generation templates in diego-release, the deployment for this release should be similar. If you deploy the caching registry release without TLS enabled or enabled but with a self-signed certificate, Diego should then be configured with the URL "docker-registry.service.cf.internal:8080" supplied in the diego.garden-linux.insecure_docker_registry_list property, and diego.stager.insecure_docker_registry set to 'true', as you can see in https://github.com/cloudfoundry-incubator/diego-docker-cache-release/blob/develop/stubs-for-diego-release/bosh-lite-property-overrides.yml . Once that release is deployed, you can follow the instructions at https://github.com/cloudfoundry-incubator/diego-docker-cache-release#caching-docker-image-with-diego to stage your image into the cache, which should be as simple as setting the DIEGO_DOCKER_CACHE env var to 'true' on your app before staging it. When you start the app, Diego will then instruct Garden to pull the image from the internal caching registry rather than from the remote registry you staged it from. This has the added benefit of ensuring that you're always running exactly the Docker image you staged, rather than something that may have changed in the remote registry. Thanks, Eric, CF Runtime Diego PM On Tue, Aug 11, 2015 at 9:32 AM, dharmi <dharmi(a)gmail.com> wrote:
We have CF v214 with Diego deployed on AWS. |
|
|
|
James Bayer
i don't believe the current docker support includes support for private
toggle quoted message
Show quoted text
docker images on a docker registry that require authentication. that does not seem to be listed in the diego docker docs [1] yet, but we should make that explicitly clear. [1] https://github.com/cloudfoundry-incubator/diego-design-notes/blob/master/docker-support.md On Mon, Aug 10, 2015 at 3:34 PM, Dharmendra Sarkar <dharmi(a)gmail.com> wrote:
--
Thank you, James Bayer |
|
|
|
dharmi
Thanks for the details.
toggle quoted message
Show quoted text
I deployed diego-docker-cache-release and I could run private docker images now. One note however. I had to modify the **property-overrides.yml *to add the IP:<port> of the *docker-cache/0* job among the *insecure_docker_registry_list* of for it to work. Without which it says {"timestamp":"1439701925.514369965","source":"garden-linux","message":"garden-linux.pool.umojd9q7s54.provide-rootfs-failed","log_level":2,"data":{"error":"repository_fetcher: ProvideRegistry: could not fetch image f93137f1-.. from registry 10.250.21.80:8080: Registry 10.250.21.80:8080 is missing from -insecureDockerRegistryList ([docker-registry.service.cf.internal:8080])","session":"2.13"}} Consul discovery at fault I suspect, if not, pls suggest. Another observation on the Docker registry URI while running docker private images(*, not a Diego issue, I guess*) Looks like by default (*when I don't mention **docker_login_server*), the images are pulled using the V1 api $ cf start myapp Starting app myapp in org myorg / space default as user... Creating container Successfully created container Staging... Docker daemon running Staging process started ... Caching docker image ... *Logging to https://index.docker.io/v1/ <https://index.docker.io/v1/> ...* WARNING: login credentials saved in /root/.dockercfg. Login Succeeded Logged in. Pulling docker image <dockerid>/<image>:latest ... latest: Pulling from <dockerid>/image 511136ea3c5a: Pulling fs layer 30d39e59ffe2: Pulling fs layer c90d655b99b2: Pulling fs layer ….. when I explicitly mention the V2 URI, which is *registry.hub.docker.com <http://registry.hub.docker.com>* (*correct me if I am wrong*), pulling the image fails. $ cf start myapp Starting app myapp in org myorg / space default as user... Creating container Successfully created container Staging... Docker daemon running Staging process started ... Caching docker image ... *Logging to https://registry.hub.docker.com/ <https://registry.hub.docker.com/> ...* WARNING: login credentials saved in /root/.dockercfg. *Login Succeeded* Logged in. Pulling docker image <dockerid>/<image>:latest ... time="2015-08-19T19:59:44Z" level=error msg=*"Error from V2 registry: Authentication is required."* Pulling repository <dockerid>/<image> Error: image <dockerid>/<image>:latest ... not found Thanks On Tue, Aug 11, 2015 at 6:45 PM, Eric Malm <emalm(a)pivotal.io> wrote:
Hi, Dharmi, --
Wise people learn when they can. Fools learn when they must.” - The Duke of Ellington |
|
|
|
Dmitri Sarytchev
Hi,
Dharmi in this thread states that they are successfully running CF214 with Diego (I assume 0.1398.0) on AWS - was that deployed via Bosh-Lite documented approach or similar to what cf-boshworkspace does? Did you use cf-aws-tiny.yml deployment for CF? Can you please share your deployment approach? I'm trying to deploy it via CF-Boshworkspace and keep running into the same error 'Database_z1/0 isn't running after update'. Thanks, Dmitri. |
|
|