When it tried to pull an image from gcr.io, you might fall into the following errors. Adding the certificate wouldn't help because it's a bug in Palo Alto Networks (PAN) SSL intercepting firewall bug # 59030 prior to PAN-OS 6.0.1 release.
# docker pull gcr.io/google_containers/pause:0.8.0
Error response from daemon: invalid registry endpoint https://gcr.io/v0/: unable to ping registry endpoint https://gcr.io/v0/
v2 ping attempt failed with error: Get https://gcr.io/v2/: tls: failed to parse certificate from server: x509: RSA modulus is not a positive number
v1 ping attempt failed with error: Get https://gcr.io/v1/_ping: tls: failed to parse certificate from server: x509: RSA modulus is not a positive number. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry gcr.io` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/gcr.io/ca.crt
#!/bin/bash
[[ -n $DEBUG ]] && set -x
image=kubernetes/pause
tag=latest
registry=registry.hub.docker.com
user=repaceitwithyouruseridondockerhub
password=repaceitwithyourpassword
name=$(basename $image)
cookiefile=/tmp/.$name.cookie.$$
tmpfolder=/tmp/$name.$$
endpoint=$(curl -ksSL -o /dev/null -D- "https://$registry/v1/repositories/$image/images" | awk '/X-Docker-Endpoints/{print $2}' | tr -d '\r ' | sed 's/,//')
# get token, cookie, user authentication is required
token=$(curl -u $user:$password -ksSL -o /dev/null -D- -H 'X-Docker-Token: true' "https://$registry/v1/repositories/$image/images" --cookie -jar $cookiefile | tr -d '\r' | awk '/X-Docker-Token/{print $2}')
# get image id
image_id=$(curl -ks --cookie $cookiefile -H "Authorization: Token $token" https://$endpoint/v1/repositories/$image/tags/ $tag|sed 's/"//g')
# get ancestries
ancestries=$(curl -ks -H "Authorization: Token $token" https://$endpoint/v1/images/$image_id/ancestry|python -mjson.tool|sed -e 's/"//g' -e '/\[/d' -e 's/,//' -e '/\]/d' -e 's/ *//')
# get layer and json file
mkdir -p $tmpfolder
declare -A kid
for i in $ancestries;do
mkdir -p $tmpfolder/$i
curl -ksSL -H "Authorization: Token $token" https://$endpoint/v1/images/$i/layer > $tmpfolder/$i/layer.tar
curl -ksSL -H "Authorization: Token $token" https://$endpoint/v1/images/$i/json > $tmpfolder/$i/json
done
echo {\"$image\":{\"$tag\":\"$image_id\"}}>$tmpfolder/repositories
tar -C $tmpfolder -cf $name.tar .
rm $cookiefile
rm -rf $tmpfolder
echo use \"docker load -i $name.tar\" to load the file
[root@rhel7 ~]# cat docker-pull.sh
#!/bin/bash
[[ -n $DEBUG ]] && set -x
image=kubernetes/pause
tag=latest
registry=registry.hub.docker.com
user=kenzheng
password=abc12345
cookiefile=/tmp/.$(basename $image).cookie.$$
tmpfolder=/tmp/$(basename $image).$$
name=$(basename $image)
# get endpoint
endpoint=$(curl -ksSL -o /dev/null -D- "https://$registry/v1/repositories/$image/images" | awk '/X-Docker-Endpoints/{print $2}' | tr -d '\r' | sed 's/,//')
# get token
token=$(curl -u $user:$password -ksSL -o /dev/null -D- -H 'X-Docker-Token: true' "https://$registry/v1/repositories/$image/images" --cookie-jar $cookiefile | tr -d '\r' | awk '/X-Docker-Token/{print $2}')
# get image id
image_id=$(curl -ks -u $user:$password --cookie $cookiefile -H "Authorization: Token $token" https://$endpoint/v1/repositories/$image/tags/$tag|sed 's/"//g')
# get ancestries
ancestries=$(curl -ks -H "Authorization: Token $token" https://$endpoint/v1/images/$image_id/ancestry|python -mjson.tool|sed -e 's/"//g' -e '/\[/d' -e 's/,//' -e '/\]/d' -e 's/ *//')
# get layer and json file
mkdir -p $tmpfolder
declare -A kid
for i in $ancestries;do
mkdir -p $tmpfolder/$i
curl -ksSL -H "Authorization: Token $token" https://$endpoint/v1/images/$i/layer > $tmpfolder/$i/layer.tar
curl -ksSL -H "Authorization: Token $token" https://$endpoint/v1/images/$i/json > $tmpfolder/$i/json
done
echo {\"$image\":{\"$tag\":\"$image_id\"}}>$tmpfolder/repositories
tar -C $tmpfolder -cf $name.tar .
rm $cookiefile
rm -rf $tmpfolder
echo use \"docker load -i $name.tar\" to load the file
No comments:
Post a Comment