Michal Minář miminar

## ose-migrate-images.sh
#!/bin/bash

set -iuo pipefail
IFS=$'\n\t'

readonly AUDITOR_ROLE='system:image-auditor'

readonly USAGE="Usage: $(basename ${BASH_SOURCE[0]}) [OPTIONS]

It fetches manifests of images from OpenShift integrated registry forcing it to

## README.md

      
              3 files
            
          
              0 forks
            
          
              2 comments
            
          
              0 stars
            
          
                miminar
                / README.md
            
            
              Last active
              February 27, 2017 20:56
            
              
                Print image layout in the namespace
              
          
    About

The script attempts to collect what images are used in current (or given namespace) and what objects reference them.
Requisities

jq utility needs to be installed on machine running this command
Usage


## docker-and-registry.log
sudo journalctl -u docker -e --since=-1h
...
Oct 13 09:38:55 f24-ose.vm docker[4241]: time="2016-10-13T09:38:55.958654078+02:00" level=info msg="{Action=push, Username=vagrant, LoginUID=1001, PID=17124}"
Oct 13 09:38:55 f24-ose.vm docker[4241]: time="2016-10-13T07:38:55.961106686Z" level=debug msg="authorizing request" go.version=go1.6.3 http.request.host=registry.f24-ose.vm http.request.id=a2511965-e841-45da-a2f6-a4c140f931d4 http.request.method=GET http.request.remoteaddr=192.168.100.80 http.request.uri="/v2/" http.
Oct 13 09:38:55 f24-ose.vm docker[4241]: time="2016-10-13T07:38:55.961300887Z" level=error msg="error authorizing context: authorization header required" go.version=go1.6.3 http.request.host=registry.f24-ose.vm http.request.id=a2511965-e841-45da-a2f6-a4c140f931d4 http.request.method=GET http.request.remoteaddr=192.168
Oct 13 09:38:55 f24-ose.vm docker[4241]: 172.17.0.1 - - [13/Oct/2016:07:38:55 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.6.3 kernel/4.7.6-200.fc24.x86_64 os/linux a

## config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  swift:
    # Access object store container at http://qeos.centralci.eng.rdu2.redhat.com/
    # Project -> Compute -> Access & Security -> Identity

## cVimrc
set localconfig
set autoupdategist

let configpath='~/.config/google-chrome/cVimrc'
let vimport=8001

let nextmatchpattern='((?!first)(next|older|more|>|→|›|»|forward|další|dále|následující|starší|více| )+)'
let prevmatchpattern='((?!last)(prev(ious)?|newer|back|«|less|<|←|‹|předchozí|novější|méně| )+)'

" default insert keybindings

## dev-int-preview.txt
thank you for cooperation. Here's what I'd like to get/see:

1. exact version of docker-registry image being run

  - the output of: oc describe dc/docker-registry | grep -i image

2. the output of curl on blob from inside of cluster:

  1. inside a cluster, `oc login` with a user that can have a token

## registry-catalog-failure.log
time="2016-06-14T15:06:14.026887046Z" level=debug msg="Origin auth: checking for access to registry:catalog:*" go.version=go1.6 http.request.host=hub.10.2.2.2 http.request.id=4a86efce-a543-478b-ae87-7639a1fa9423 http.request.method=GET http.request.remoteaddr=10.2.2.1 http.request.uri="/v2/_catalog" http.request.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0" instance.id=1b2e8f60-9412-4f1e-ae2c-63e857c1e2dc
time="2016-06-14T15:06:14.027401558Z" level=error msg="error checking authorization: unsupported resource" go.version=go1.6 http.request.host=hub.10.2.2.2 http.request.id=4a86efce-a543-478b-ae87-7639a1fa9423 http.request.method=GET http.request.remoteaddr=10.2.2.1 http.request.uri="/v2/_catalog" http.request.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0" instance.id=1b2e8f60-9412-4f1e-ae2c-63e857c1e2dc

## image-signature.go
package main

const (
	// The supported type of image signature.
	ImageSignatureTypeAtomic string = "atomic"

	// Signature wasn't recognized or a check couldn't be performed for some reason.
	SignatureStateUnknown SignatureState = "unknown"
	// Signature didn't match particular image, given type or it couldn't be parsed.
	SignatureStateUntrusted SignatureState = "untrusted"

## README.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                miminar
                / README.md
            
            
              Created
              May 6, 2016 19:50
            
          
    Reproducer of a slow push due to image complexity

Prerequisities


Deploy 2 VMs with RHEL7.
Install docker v1.8.2-10.el7 on both.
Choose a machine hosting upstream docker registry. Let's call it RegistryNode.
Let's call the other Client.
Remember the IP or hostname of the RegistryNode


## Dockerfile
FROM miminarnb.vm:5002/openshift3/ose-docker-registry:latest

RUN mkdir /dockerregistry || :
COPY dockerregistry /dockerregistry/dockerregistry
VOLUME /distribution
CMD [ "/bin/sh", "-c", "DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_SERVICE_HOST}:${DOCKER_REGISTRY_SERVICE_PORT} /dockerregistry/dockerregistry ${REGISTRY_CONFIGURATION_PATH}" ]
	#!/bin/bash

	set -iuo pipefail
	IFS=$'\n\t'

	readonly AUDITOR_ROLE='system:image-auditor'

	readonly USAGE="Usage: $(basename ${BASH_SOURCE[0]}) [OPTIONS]

	It fetches manifests of images from OpenShift integrated registry forcing it to
	sudo journalctl -u docker -e --since=-1h
	...
	Oct 13 09:38:55 f24-ose.vm docker[4241]: time="2016-10-13T09:38:55.958654078+02:00" level=info msg="{Action=push, Username=vagrant, LoginUID=1001, PID=17124}"
	Oct 13 09:38:55 f24-ose.vm docker[4241]: time="2016-10-13T07:38:55.961106686Z" level=debug msg="authorizing request" go.version=go1.6.3 http.request.host=registry.f24-ose.vm http.request.id=a2511965-e841-45da-a2f6-a4c140f931d4 http.request.method=GET http.request.remoteaddr=192.168.100.80 http.request.uri="/v2/" http.
	Oct 13 09:38:55 f24-ose.vm docker[4241]: time="2016-10-13T07:38:55.961300887Z" level=error msg="error authorizing context: authorization header required" go.version=go1.6.3 http.request.host=registry.f24-ose.vm http.request.id=a2511965-e841-45da-a2f6-a4c140f931d4 http.request.method=GET http.request.remoteaddr=192.168
	Oct 13 09:38:55 f24-ose.vm docker[4241]: 172.17.0.1 - - [13/Oct/2016:07:38:55 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.6.3 kernel/4.7.6-200.fc24.x86_64 os/linux a
	version: 0.1
	log:
	fields:
	service: registry
	storage:
	cache:
	blobdescriptor: inmemory
	swift:
	# Access object store container at http://qeos.centralci.eng.rdu2.redhat.com/
	# Project -> Compute -> Access & Security -> Identity
	set localconfig
	set autoupdategist

	let configpath='~/.config/google-chrome/cVimrc'
	let vimport=8001

	let nextmatchpattern='((?!first)(next\|older\|more\|>\|→\|›\|»\|forward\|další\|dále\|následující\|starší\|více\| )+)'
	let prevmatchpattern='((?!last)(prev(ious)?\|newer\|back\|«\|less\|<\|←\|‹\|předchozí\|novější\|méně\| )+)'

	" default insert keybindings
	thank you for cooperation. Here's what I'd like to get/see:

	1. exact version of docker-registry image being run

	- the output of: oc describe dc/docker-registry \| grep -i image

	2. the output of curl on blob from inside of cluster:

	1. inside a cluster, `oc login` with a user that can have a token
	package main

	const (
	// The supported type of image signature.
	ImageSignatureTypeAtomic string = "atomic"

	// Signature wasn't recognized or a check couldn't be performed for some reason.
	SignatureStateUnknown SignatureState = "unknown"
	// Signature didn't match particular image, given type or it couldn't be parsed.
	SignatureStateUntrusted SignatureState = "untrusted"
	FROM miminarnb.vm:5002/openshift3/ose-docker-registry:latest

	RUN mkdir /dockerregistry \|\| :
	COPY dockerregistry /dockerregistry/dockerregistry
	VOLUME /distribution
	CMD [ "/bin/sh", "-c", "DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_SERVICE_HOST}:${DOCKER_REGISTRY_SERVICE_PORT} /dockerregistry/dockerregistry ${REGISTRY_CONFIGURATION_PATH}" ]