You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@mesos.apache.org by Christopher Snell <ch...@gmail.com> on 2015/04/30 05:29:40 UTC

Private docker registry authentication

Hi All,

I'm trying to get mesos-slave to pull images from my private docker
registry but it's having authentication problems.  I have a .dockercfg
generated from a successful 'docker login' but that file is not being put
into the containers and thus, is not present with mesos-slave attempts to
pull down a docker image.

Here's what I've done:

- I put a config file in /root/.dockercfg

- This file is owned by root and mode 600

- The HOME environment variable is set to /root when mesos-slave is started
(as root)

- I can log onto the slaves and manually do a 'docker login' to my private
registry and once that's done, I can push and pull images manually from the
CLI no problemo.

- Docker is definitely hitting the private registry when mesos-slave
executes the job, but the auth is not being sent and so the docker pull
fails.

- Here's the shell script that starts mesos-slave:
https://gist.github.com/chrissnell/471106f293d939d4d7d5

I'm out of ideas here.  Can you help? :)

Thanks,

Chris

AW: Private docker registry authentication

Posted by Mike Michel <mi...@mmbash.de>.

I don’t know Aurora but for Marathon this is the way http://mmbash.de/blog/mesosphere-marathon-and-private-docker-repository/ 

 

Von: Christopher Snell [mailto:chris.snell@gmail.com] 
Gesendet: Donnerstag, 30. April 2015 06:10
An: user@mesos.apache.org
Betreff: Re: Private docker registry authentication

 

Alright, I'm using Aurora so I will have to dig deeper to see if I can figure out how to get that framework to pass the URI to the .dockercfg.

 

thanks,

C

 

On Wed, Apr 29, 2015 at 8:56 PM, Mingqi Shao <mingqi.shao@gmail.com <ma...@gmail.com> > wrote:

You need include a URI pointing to the .dockercfg file in your mesos task.

 

please refer the link, Private Docker repository section:  

http://mesos.apache.org/documentation/latest/docker-containerizer/

 

 

On Thu, Apr 30, 2015 at 11:29 AM, Christopher Snell <chris.snell@gmail.com <ma...@gmail.com> > wrote:

Hi All,

 

I'm trying to get mesos-slave to pull images from my private docker registry but it's having authentication problems.  I have a .dockercfg generated from a successful 'docker login' but that file is not being put into the containers and thus, is not present with mesos-slave attempts to pull down a docker image.

 

Here's what I've done:

 

- I put a config file in /root/.dockercfg

 

- This file is owned by root and mode 600

 

- The HOME environment variable is set to /root when mesos-slave is started (as root)

 

- I can log onto the slaves and manually do a 'docker login' to my private registry and once that's done, I can push and pull images manually from the CLI no problemo.  

 

- Docker is definitely hitting the private registry when mesos-slave executes the job, but the auth is not being sent and so the docker pull fails.

 

- Here's the shell script that starts mesos-slave:  https://gist.github.com/chrissnell/471106f293d939d4d7d5

 

I'm out of ideas here.  Can you help? :)

 

Thanks,

 

Chris

Fwd: Private docker registry authentication

Posted by Kevin Sweeney <ke...@apache.org>.

In case you didn't see this thread

---------- Forwarded message ----------
From: *Christopher Snell* <ch...@gmail.com>
Date: Wednesday, April 29, 2015
Subject: Private docker registry authentication
To: user@mesos.apache.org


Alright, I'm using Aurora so I will have to dig deeper to see if I can
figure out how to get that framework to pass the URI to the .dockercfg.

thanks,
C

On Wed, Apr 29, 2015 at 8:56 PM, Mingqi Shao <mingqi.shao@gmail.com
<javascript:_e(%7B%7D,'cvml','mingqi.shao@gmail.com');>> wrote:

> You need include a URI pointing to the .dockercfg file in your mesos task.
>
> please refer the link, Private Docker repository section:
> http://mesos.apache.org/documentation/latest/docker-containerizer/
>
>
> On Thu, Apr 30, 2015 at 11:29 AM, Christopher Snell <chris.snell@gmail.com
> <javascript:_e(%7B%7D,'cvml','chris.snell@gmail.com');>> wrote:
>
>> Hi All,
>>
>> I'm trying to get mesos-slave to pull images from my private docker
>> registry but it's having authentication problems.  I have a .dockercfg
>> generated from a successful 'docker login' but that file is not being put
>> into the containers and thus, is not present with mesos-slave attempts to
>> pull down a docker image.
>>
>> Here's what I've done:
>>
>> - I put a config file in /root/.dockercfg
>>
>> - This file is owned by root and mode 600
>>
>> - The HOME environment variable is set to /root when mesos-slave is
>> started (as root)
>>
>> - I can log onto the slaves and manually do a 'docker login' to my
>> private registry and once that's done, I can push and pull images manually
>> from the CLI no problemo.
>>
>> - Docker is definitely hitting the private registry when mesos-slave
>> executes the job, but the auth is not being sent and so the docker pull
>> fails.
>>
>> - Here's the shell script that starts mesos-slave:
>> https://gist.github.com/chrissnell/471106f293d939d4d7d5
>>
>> I'm out of ideas here.  Can you help? :)
>>
>> Thanks,
>>
>> Chris
>>
>
>



-- 
Sent from Gmail Mobile

Re: Private docker registry authentication

Posted by Christopher Snell <ch...@gmail.com>.

Alright, I'm using Aurora so I will have to dig deeper to see if I can
figure out how to get that framework to pass the URI to the .dockercfg.

thanks,
C

On Wed, Apr 29, 2015 at 8:56 PM, Mingqi Shao <mi...@gmail.com> wrote:

> You need include a URI pointing to the .dockercfg file in your mesos task.
>
> please refer the link, Private Docker repository section:
> http://mesos.apache.org/documentation/latest/docker-containerizer/
>
>
> On Thu, Apr 30, 2015 at 11:29 AM, Christopher Snell <chris.snell@gmail.com
> > wrote:
>
>> Hi All,
>>
>> I'm trying to get mesos-slave to pull images from my private docker
>> registry but it's having authentication problems.  I have a .dockercfg
>> generated from a successful 'docker login' but that file is not being put
>> into the containers and thus, is not present with mesos-slave attempts to
>> pull down a docker image.
>>
>> Here's what I've done:
>>
>> - I put a config file in /root/.dockercfg
>>
>> - This file is owned by root and mode 600
>>
>> - The HOME environment variable is set to /root when mesos-slave is
>> started (as root)
>>
>> - I can log onto the slaves and manually do a 'docker login' to my
>> private registry and once that's done, I can push and pull images manually
>> from the CLI no problemo.
>>
>> - Docker is definitely hitting the private registry when mesos-slave
>> executes the job, but the auth is not being sent and so the docker pull
>> fails.
>>
>> - Here's the shell script that starts mesos-slave:
>> https://gist.github.com/chrissnell/471106f293d939d4d7d5
>>
>> I'm out of ideas here.  Can you help? :)
>>
>> Thanks,
>>
>> Chris
>>
>
>

Re: Private docker registry authentication

Posted by Mingqi Shao <mi...@gmail.com>.

You need include a URI pointing to the .dockercfg file in your mesos task.

please refer the link, Private Docker repository section:
http://mesos.apache.org/documentation/latest/docker-containerizer/


On Thu, Apr 30, 2015 at 11:29 AM, Christopher Snell <ch...@gmail.com>
wrote:

> Hi All,
>
> I'm trying to get mesos-slave to pull images from my private docker
> registry but it's having authentication problems.  I have a .dockercfg
> generated from a successful 'docker login' but that file is not being put
> into the containers and thus, is not present with mesos-slave attempts to
> pull down a docker image.
>
> Here's what I've done:
>
> - I put a config file in /root/.dockercfg
>
> - This file is owned by root and mode 600
>
> - The HOME environment variable is set to /root when mesos-slave is
> started (as root)
>
> - I can log onto the slaves and manually do a 'docker login' to my private
> registry and once that's done, I can push and pull images manually from the
> CLI no problemo.
>
> - Docker is definitely hitting the private registry when mesos-slave
> executes the job, but the auth is not being sent and so the docker pull
> fails.
>
> - Here's the shell script that starts mesos-slave:
> https://gist.github.com/chrissnell/471106f293d939d4d7d5
>
> I'm out of ideas here.  Can you help? :)
>
> Thanks,
>
> Chris
>

Re: Private docker registry authentication

Posted by TianYi Zhu <tz...@pureprofile.com>.

Hi Christopher,

Set URI to file:///root/.dockercfg will do the trick. mesos will copy the
file to the running directory.

and --executor_registration_timeout=5mins will resolve few potential
problems.

*TianYi ZHU | ?+ Pureprofile*

Sr Software Engineer

*T:* (02) 9333 9726 *A:* Level 1, 35 Reservoir Street, Surry Hills NSW 2010

pureprofile.com <http://pureprofile.com/au> businesses.pureprofile.com
blog.pureprofile.com

*WE'VE MOVED!*

You can now find the expanding Sydney team in our brand new Surry Hills
digs. If we're not in at Level 1, 35 Reservoir Street
<https://www.google.com.au/maps/place/35+Reservoir+St,+Surry+Hills+NSW+2010/@-33.8813326,151.209615,17z/data=!3m1!4b1!4m7!1m4!3m3!1s0x6b12ae2285dfbca5:0x565aab6f24f14176!2s35+Reservoir+St,+Surry+Hills+NSW+2010!3b1!3m1!1s0x6b12ae2285dfbca5:0x565aab6f24f14176>,
take a peek at Single Origin Roasters across the road - we're probably
grabbing our coffee fix.

IMPORTANT

The confidential and privileged nature of any information contained in this
email, or any attachments to this email, is not waived or lost if sent to
you by mistake or technological error. If you are not the intended
recipient, immediately notify Pureprofile and delete all copies of this
email from your system. Unless otherwise indicated, this email does not
represent the opinion of Pureprofile. It is your responsibility to check
this email, including any attachments, for viruses and other defects before
opening or forwarding them to others. Please consider our environment
before printing this email.

On Thu, Apr 30, 2015 at 1:29 PM, Christopher Snell <ch...@gmail.com>
wrote:

> Hi All,
>
> I'm trying to get mesos-slave to pull images from my private docker
> registry but it's having authentication problems.  I have a .dockercfg
> generated from a successful 'docker login' but that file is not being put
> into the containers and thus, is not present with mesos-slave attempts to
> pull down a docker image.
>
> Here's what I've done:
>
> - I put a config file in /root/.dockercfg
>
> - This file is owned by root and mode 600
>
> - The HOME environment variable is set to /root when mesos-slave is
> started (as root)
>
> - I can log onto the slaves and manually do a 'docker login' to my private
> registry and once that's done, I can push and pull images manually from the
> CLI no problemo.
>
> - Docker is definitely hitting the private registry when mesos-slave
> executes the job, but the auth is not being sent and so the docker pull
> fails.
>
> - Here's the shell script that starts mesos-slave:
> https://gist.github.com/chrissnell/471106f293d939d4d7d5
>
> I'm out of ideas here.  Can you help? :)
>
> Thanks,
>
> Chris
>