dutchiechris/docker-registry-with-s3-notes.txt

## docker-registry-with-s3-notes.txt
This doc explains how the registry API works:
 https://github.com/docker/distribution/blob/master/docs/spec/api.md

Here’s an example using curl.

Check details of an image that was pushed to the registry:

[root@3-kvm1 ~]# curl -v -X GET 3-docker10.nltestlab.hq.netapp.com:5000/v2/busybox/manifests/latest
* About to connect() to 3-docker10.nltestlab.hq.netapp.com port 5000 (#0)
*   Trying 10.64.28.160...
* Connected to 3-docker10.nltestlab.hq.netapp.com (10.64.28.160) port 5000 (#0)
> GET /v2/busybox/manifests/latest HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 3-docker10.nltestlab.hq.netapp.com:5000
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Length: 2781
< Content-Type: application/vnd.docker.distribution.manifest.v1+prettyjws
< Docker-Content-Digest: sha256:5053364a26da320cbdad81253f3ce2aa5ec4ee121c1ebf6919d3e7d023a69355
< Docker-Distribution-Api-Version: registry/2.0
< Etag: "sha256:5053364a26da320cbdad81253f3ce2aa5ec4ee121c1ebf6919d3e7d023a69355"
< X-Content-Type-Options: nosniff
< Date: Fri, 01 Sep 2017 14:12:50 GMT
<
{
   "schemaVersion": 1,
   "name": "busybox",
   "tag": "latest",
   "architecture": "amd64",
   "fsLayers": [
      {
         "blobSum": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
      },
      {
         "blobSum": "sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e"
      }
   ],
   "history": [
      {
         "v1Compatibility": "{\"architecture\":\"amd64\",\"config\":{\"Hostname\":\"dfb178f19369\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"sh\"],\"ArgsEscaped\":true,\"Image\":\"sha256:0348edacacf159ab6f19138182733dea8a418e06f526a2233d317c1f94549b4a\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":{}},\"container\":\"f06386f489abf85537c32f826603214955d8731ccc5b45103d5548688abfa417\",\"container_config\":{\"Hostname\":\"dfb178f19369\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) \",\"CMD [\\\"sh\\\"]\"],\"ArgsEscaped\":true,\"Image\":\"sha256:0348edacacf159ab6f19138182733dea8a418e06f526a2233d317c1f94549b4a\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":{}},\"created\":\"2017-08-23T22:31:12.496245278Z\",\"docker_version\":\"17.03.2-ce\",\"id\":\"5af35a2126de25b5d499e108331dafd9cf1aa6d3c1a377949a5cd49e94179dac\",\"os\":\"linux\",\"parent\":\"00e34fc12d885133ebb172d49a70fb5f6df2f3207a58a3b761e70692ec3727d6\",\"throwaway\":true}"
      },
      {
         "v1Compatibility": "{\"id\":\"00e34fc12d885133ebb172d49a70fb5f6df2f3207a58a3b761e70692ec3727d6\",\"created\":\"2017-08-23T22:31:12.211403101Z\",\"container_config\":{\"Cmd\":[\"/bin/sh -c #(nop) ADD file:645231abe6e10e7282a6e78b49723a3ba35b62741fc08228b4086ffb95128f98 in / \"]}}"
      }
   ],
   "signatures": [
      {
         "header": {
            "jwk": {
               "crv": "P-256",
               "kid": "OCND:ZMNS:GAUL:AQCP:LN7X:DPGR:E4SP:J5UO:FGRQ:SWJY:MU5Y:YF3Y",
               "kty": "EC",
               "x": "_HHmEWra584LNXQEm0GVCNhM92XHM400nkS_QtNFMLI",
               "y": "UTA85Yfpguyojt2BzLJmeyeXrvCk-lEh8OyBr-Oe4WM"
            },
            "alg": "ES256"
         },
         "signature": "pijTJDP_FJ1KZhR8ORAuD2ZL8iHT_20zSKagS-B4TqE4jzI8mrBsUb-vbZDT9p57WoZ1Q0OFgQ4m4y6Ns-EvOA",
         "protected": "eyJmb3JtYXRMZW5ndGgiOjIxMzQsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNy0wOS0wMVQxNDoxMjo1MFoifQ"
      }
   ]
}

Grab a layer and observe you get a redirect to the S3 target with presigned url valid for 20 minutes:

root@3-kvm1 ~]#curl -v -X GET 3-docker10.nltestlab.hq.netapp.com:5000/v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
* About to connect() to 3-docker10.nltestlab.hq.netapp.com port 5000 (#0)
*   Trying 10.64.28.160...
* Connected to 3-docker10.nltestlab.hq.netapp.com (10.64.28.160) port 5000 (#0)
> GET /v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 3-docker10.nltestlab.hq.netapp.com:5000
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
< Content-Type: application/octet-stream
< Docker-Distribution-Api-Version: registry/2.0
< Location: https://webscaledemo.netapp.com:8082/registry/docker/registry/v2/blobs/sha256/a3/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=R90MMKKISS8OUZDB7OOE%2F20170901%2Flocal%2Fs3%2Faws4_request&X-Amz-Date=20170901T141306Z&X-Amz-Expires=1200&X-Amz-SignedHeaders=host&X-Amz-Signature=93f48af48c6a24a5893dc7b948f79b1ce4eb82b3b210342b4d1e99e463709451
< X-Content-Type-Options: nosniff
< Date: Fri, 01 Sep 2017 14:13:06 GMT
< Content-Length: 469
<
<a href="https://webscaledemo.netapp.com:8082/registry/docker/registry/v2/blobs/sha256/a3/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=R90MMKKISS8OUZDB7OOE%2F20170901%2Flocal%2Fs3%2Faws4_request&amp;X-Amz-Date=20170901T141306Z&amp;X-Amz-Expires=1200&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=93f48af48c6a24a5893dc7b948f79b1ce4eb82b3b210342b4d1e99e463709451">Temporary Redirect</a>.
	This doc explains how the registry API works:
	https://github.com/docker/distribution/blob/master/docs/spec/api.md

	Here’s an example using curl.

	Check details of an image that was pushed to the registry:

	[root@3-kvm1 ~]# curl -v -X GET 3-docker10.nltestlab.hq.netapp.com:5000/v2/busybox/manifests/latest
	* About to connect() to 3-docker10.nltestlab.hq.netapp.com port 5000 (#0)
	* Trying 10.64.28.160...
	* Connected to 3-docker10.nltestlab.hq.netapp.com (10.64.28.160) port 5000 (#0)
	> GET /v2/busybox/manifests/latest HTTP/1.1
	> User-Agent: curl/7.29.0
	> Host: 3-docker10.nltestlab.hq.netapp.com:5000
	> Accept: /
	>
	< HTTP/1.1 200 OK
	< Content-Length: 2781
	< Content-Type: application/vnd.docker.distribution.manifest.v1+prettyjws
	< Docker-Content-Digest: sha256:5053364a26da320cbdad81253f3ce2aa5ec4ee121c1ebf6919d3e7d023a69355
	< Docker-Distribution-Api-Version: registry/2.0
	< Etag: "sha256:5053364a26da320cbdad81253f3ce2aa5ec4ee121c1ebf6919d3e7d023a69355"
	< X-Content-Type-Options: nosniff
	< Date: Fri, 01 Sep 2017 14:12:50 GMT
	<
	{
	"schemaVersion": 1,
	"name": "busybox",
	"tag": "latest",
	"architecture": "amd64",
	"fsLayers": [
	{
	"blobSum": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
	},
	{
	"blobSum": "sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e"
	}
	],
	"history": [
	{
	"v1Compatibility": "{\"architecture\":\"amd64\",\"config\":{\"Hostname\":\"dfb178f19369\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"sh\"],\"ArgsEscaped\":true,\"Image\":\"sha256:0348edacacf159ab6f19138182733dea8a418e06f526a2233d317c1f94549b4a\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":{}},\"container\":\"f06386f489abf85537c32f826603214955d8731ccc5b45103d5548688abfa417\",\"container_config\":{\"Hostname\":\"dfb178f19369\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) \",\"CMD [\\\"sh\\\"]\"],\"ArgsEscaped\":true,\"Image\":\"sha256:0348edacacf159ab6f19138182733dea8a418e06f526a2233d317c1f94549b4a\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":{}},\"created\":\"2017-08-23T22:31:12.496245278Z\",\"docker_version\":\"17.03.2-ce\",\"id\":\"5af35a2126de25b5d499e108331dafd9cf1aa6d3c1a377949a5cd49e94179dac\",\"os\":\"linux\",\"parent\":\"00e34fc12d885133ebb172d49a70fb5f6df2f3207a58a3b761e70692ec3727d6\",\"throwaway\":true}"
	},
	{
	"v1Compatibility": "{\"id\":\"00e34fc12d885133ebb172d49a70fb5f6df2f3207a58a3b761e70692ec3727d6\",\"created\":\"2017-08-23T22:31:12.211403101Z\",\"container_config\":{\"Cmd\":[\"/bin/sh -c #(nop) ADD file:645231abe6e10e7282a6e78b49723a3ba35b62741fc08228b4086ffb95128f98 in / \"]}}"
	}
	],
	"signatures": [
	{
	"header": {
	"jwk": {
	"crv": "P-256",
	"kid": "OCND:ZMNS:GAUL:AQCP:LN7X:DPGR:E4SP:J5UO:FGRQ:SWJY:MU5Y:YF3Y",
	"kty": "EC",
	"x": "_HHmEWra584LNXQEm0GVCNhM92XHM400nkS_QtNFMLI",
	"y": "UTA85Yfpguyojt2BzLJmeyeXrvCk-lEh8OyBr-Oe4WM"
	},
	"alg": "ES256"
	},
	"signature": "pijTJDP_FJ1KZhR8ORAuD2ZL8iHT_20zSKagS-B4TqE4jzI8mrBsUb-vbZDT9p57WoZ1Q0OFgQ4m4y6Ns-EvOA",
	"protected": "eyJmb3JtYXRMZW5ndGgiOjIxMzQsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNy0wOS0wMVQxNDoxMjo1MFoifQ"
	}
	]
	}

	Grab a layer and observe you get a redirect to the S3 target with presigned url valid for 20 minutes:

	root@3-kvm1 ~]#curl -v -X GET 3-docker10.nltestlab.hq.netapp.com:5000/v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
	* About to connect() to 3-docker10.nltestlab.hq.netapp.com port 5000 (#0)
	* Trying 10.64.28.160...
	* Connected to 3-docker10.nltestlab.hq.netapp.com (10.64.28.160) port 5000 (#0)
	> GET /v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1
	> User-Agent: curl/7.29.0
	> Host: 3-docker10.nltestlab.hq.netapp.com:5000
	> Accept: /
	>
	< HTTP/1.1 307 Temporary Redirect
	< Content-Type: application/octet-stream
	< Docker-Distribution-Api-Version: registry/2.0
	< Location: https://webscaledemo.netapp.com:8082/registry/docker/registry/v2/blobs/sha256/a3/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=R90MMKKISS8OUZDB7OOE%2F20170901%2Flocal%2Fs3%2Faws4_request&X-Amz-Date=20170901T141306Z&X-Amz-Expires=1200&X-Amz-SignedHeaders=host&X-Amz-Signature=93f48af48c6a24a5893dc7b948f79b1ce4eb82b3b210342b4d1e99e463709451
	< X-Content-Type-Options: nosniff
	< Date: Fri, 01 Sep 2017 14:13:06 GMT
	< Content-Length: 469
	<
	<a href="https://webscaledemo.netapp.com:8082/registry/docker/registry/v2/blobs/sha256/a3/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=R90MMKKISS8OUZDB7OOE%2F20170901%2Flocal%2Fs3%2Faws4_request&X-Amz-Date=20170901T141306Z&X-Amz-Expires=1200&X-Amz-SignedHeaders=host&X-Amz-Signature=93f48af48c6a24a5893dc7b948f79b1ce4eb82b3b210342b4d1e99e463709451">Temporary Redirect</a>.