docker-registry: switch to plugin

[proppy]

Fixes #14

/cc @dmp42 @ktintc @bshi

[bshi]

Thanks @proppy!

How hard would it be to set up a pre-release tag on index.docker.io? If it's trivial, I can do some quick testing tonight. Otherwise, I'll set up a dev environment to bake my own image tomorrow if I have some time.

[proppy]

proppy/docker-registry:plugin ;)

[bshi]

Using an unchanged configuration except for the image, the container fails to start with the following errors:

  Oct 07 17:55:13 docker-repository.c.ACME-PROJECT.internal systemd[1]: docker-repository.service: main process exited, code=exited, status=1/FAILURE
  Oct 07 17:55:13 docker-repository.c.ACME-PROJECT.internal systemd[1]: Unit docker-repository.service entered failed state.
  Oct 07 17:55:43 docker-repository.c.ACME-PROJECT.internal systemd[1]: docker-repository.service holdoff time over, scheduling restart.
  Oct 07 17:55:43 docker-repository.c.ACME-PROJECT.internal systemd[1]: Stopping ACMECO Docker Repository...
  Oct 07 17:55:43 docker-repository.c.ACME-PROJECT.internal systemd[1]: Starting ACMECO Docker Repository...
  Oct 07 17:55:43 docker-repository.c.ACME-PROJECT.internal systemd[1]: Started ACMECO Docker Repository.
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal docker[9513]: grep: /.config/gcloud/properties: No such file or directory
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal docker[9513]: find: `/.config/gcloud/legacy_credentials//.boto': No such file or directory
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal docker[9513]: /docker-registry/run.sh: line 37: wget: command not found
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal docker[9513]: Boto credentials not found.  Either:
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal docker[9513]: - Set GCP_OAUTH2_REFRESH_TOKEN
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal docker[9513]: - Set BOTO_PATH
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal docker[9513]: - Mount gcloud credentials under /.config in the container and optionally set GCP_ACCOUNT
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal docker[9513]: - Run in GCE with a service account configured for devstorage access
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal docker[9513]: docker run -e GCS_BUCKET=<YOUR_GCS_BUCKET_NAME> [-e GCP_ACCOUNT='<YOUR_EMAIL>' ] [-e BOTO_PATH='/.config/gcloud/legacy_credentials/<YOUR_EMAIL>/.boto'] [-e GCP_OAUTH2_REFRESH_TOKEN=<refresh token>] -p 5000:5000 [--volumes-from gcloud-config] google/docker-registry
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal systemd[1]: docker-repository.service: main process exited, code=exited, status=1/FAILURE
  Oct 07 17:55:45 docker-repository.c.ACME-PROJECT.internal systemd[1]: Unit docker-repository.service entered failed state.

[proppy]

can you show the command line you used to start the container?

[bshi]

Here's the systemd unit that's launching the container. See ExecStart - very basic invocation on a GCE host with the appropriate service accounts (tested the official release on this same host).

  vagrant@docker-repository /etc/systemd/system $ cat /etc/systemd/system/docker-repository.service
  [Unit]
  Description=ACMECO Docker Repository
  Author=ACMECO
  After=docker.service
  [Service]
  User=core
  Restart=always
  RestartSec=30
  TimeoutStartSec=5min
  ExecStart=/usr/bin/docker run \
        -p 80:5000 \
        -e GCS_BUCKET=acmeco-docker-repository \
        proppy/docker-registry:plugin

[dmp42]

You likely need to review your docker-registry configuration. You guys were using 0.6, and there is a long way to 0.8. Recommandation: start from scratch using config_sample as a start point.

Also, from your logs, you are missing a couple of files (.boto, .config) and run.sh is not there - if that was supposed to launch the registry in the past (I don't rememeber for sure) there is now a simple docker-registry launch command.

Hope that helps.

[proppy]

@dmp42, I did start from scratch (noticed the <<*common) but I might have missed some important parameters.

run.sh should be the ENTRYPOINT now and it is launched docker-registry, so something might be wrong with the GCE sniffing.

[proppy]

@bshi can you run again with docker run -entrypoint "bash -x /docker-registry/run.sh"? and paste the output.

[bshi]

I had to modify your command to "docker run -p 81:5000 -e GCS_BUCKET=acmeco-docker-repository --entrypoint "bash" proppy/docker-registry:plugin -x /docker-registry/run.sh" but here's the output

vagrant@docker-repository /etc/systemd/system $ docker run -p 81:5000 -e GCS_BUCKET=acmeco-docker-repository --entrypoint "bash" proppy/docker-registry:plugin -x /docker-registry/run.sh
+ USAGE='docker run -e GCS_BUCKET=<YOUR_GCS_BUCKET_NAME> [-e GCP_ACCOUNT='\''<YOUR_EMAIL>'\'' ] [-e BOTO_PATH='\''/.config/gcloud/legacy_credentials/<YOUR_EMAIL>/.boto'\''] [-e GCP_OAUTH2_REFRESH_TOKEN=<refresh token>] -p 5000:5000 [--volumes-from gcloud-config] google/docker-registry'
+ [[ -z acmeco-docker-repository ]]
+ [[ -n '' ]]
+ [[ -z '' ]]
+++ cut -d = -f 2
+++ grep account /.config/gcloud/properties
grep: /.config/gcloud/properties: No such file or directory
++ echo
+ GCP_ACCOUNT=
++ find /.config/gcloud/legacy_credentials//.boto
find: `/.config/gcloud/legacy_credentials//.boto': No such file or directory
+ BOTO_PATH=
+ [[ -n '' ]]
+ grep devstorage
+ wget -q '--header=Metadata-Flavor: Google' http://metadata.google.internal./computeMetadata/v1/instance/service-accounts/default/scopes -O -
/docker-registry/run.sh: line 37: wget: command not found
+ GCE_SA=1
+ [[ 1 -eq 0 ]]
+ echo 'Boto credentials not found.  Either:'
Boto credentials not found.  Either:
+ echo ' - Set GCP_OAUTH2_REFRESH_TOKEN'
 - Set GCP_OAUTH2_REFRESH_TOKEN
+ echo ' - Set BOTO_PATH'
 - Set BOTO_PATH
+ echo ' - Mount gcloud credentials under /.config in the container and optionally set GCP_ACCOUNT'
 - Mount gcloud credentials under /.config in the container and optionally set GCP_ACCOUNT
+ echo ' - Run in GCE with a service account configured for devstorage access'
 - Run in GCE with a service account configured for devstorage access
+ echo

+ echo 'docker run -e GCS_BUCKET=<YOUR_GCS_BUCKET_NAME> [-e GCP_ACCOUNT='\''<YOUR_EMAIL>'\'' ] [-e BOTO_PATH='\''/.config/gcloud/legacy_credentials/<YOUR_EMAIL>/.boto'\''] [-e GCP_OAUTH2_REFRESH_TOKEN=<refresh token>] -p 5000:5000 [--volumes-from gcloud-config] google/docker-registry'
docker run -e GCS_BUCKET=<YOUR_GCS_BUCKET_NAME> [-e GCP_ACCOUNT='<YOUR_EMAIL>' ] [-e BOTO_PATH='/.config/gcloud/legacy_credentials/<YOUR_EMAIL>/.boto'] [-e GCP_OAUTH2_REFRESH_TOKEN=<refresh token>] -p 5000:5000 [--volumes-from gcloud-config] google/docker-registry
+ exit 1

Looks like it's trying to invoke wget but it's not available in the image?

[proppy]

@bshi updated the image and the script with curl.

You can test it with proppy/docker-registry:plugin.

[bshi]

@proppy The latest change fixes the startup issue. I'm able to pull a basic image from it. Unfortunately, it looks like the O(n) scan issue described in #22 still exists. I am however, able to pull an image with very few tags so +1 from me from this limited testing.

[bshi]

Can this be merged?

[proppy]

ping @ktintc

[ktintc]

add to requirements?

[proppy]

Actually the plugin should only depends on core, but the docker image should install the registry binary manually to run it.

[ktintc]

Looks good! Thank you, @proppy! A couple of minors, squishing commits together and let's merge!

[proppy]

PTAL

[proppy]

Also see proppy@d92f7be which default SETTINGS_FLAVOR to prod to reduce logging (Fixes: #21). You can still override it with -e SETTINGS_FLAVOR=

[ktintc]

LGTM

[proppy]

rebased, merging.