mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gilbert Song <songzihao1...@gmail.com>
Subject Re: Review Request 54537: Support 'Basic' auth docker registry on Unified Containerizer.
Date Tue, 03 Jan 2017 22:39:37 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54537/
-----------------------------------------------------------

(Updated Jan. 3, 2017, 2:39 p.m.)


Review request for mesos, Artem Harutyunyan, Jie Yu, Shuai Lin, and Timothy Chen.


Bugs: MESOS-6758
    https://issues.apache.org/jira/browse/MESOS-6758


Repository: mesos


Description
-------

This patch implements the support for 'Basic' docker registry
authorization. It is tested by a local authenticated private
registry using 'localhost:443/alpine' docker image.
Please note that the AWS ECS uses Basic authorization but it
does not work yet due to the redirect issue MESOS-5172.


Diffs
-----

  src/uri/fetchers/docker.cpp 3f38dddfb4c089322fe4e13b1ef2070b4835885c 

Diff: https://reviews.apache.org/r/54537/diff/


Testing
-------

make check

Tested with local authenticated registry. Please follow the steps below:

1. Start a local private registry and push an image to it.
```
docker run -d -p 443:5000 --restart=always --name registry \
  -v `pwd`/auth:/auth \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
  -v `pwd`/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/localhost.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/localhost.key \
  registry:2
```
(*Note: need to generate TLS certificate file and key first)

Then, push an image to the registry.
```
docker push localhost:443/alpine
```

2. Use `mesos-execute` to test the `localhost:443/alpine` image.
(*Note: need to configure the curl using the curl's default RC file), e.g., in `~/.curlrc`
file:
cacert = "/path/to/cacert.pem"


Thanks,

Gilbert Song


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message