The script attempts to collect what images are used in current (or given namespace) and what objects reference them.
jq
utility needs to be installed on machine running this command
#!/bin/bash | |
set -iuo pipefail | |
IFS=$'\n\t' | |
readonly AUDITOR_ROLE='system:image-auditor' | |
readonly USAGE="Usage: $(basename ${BASH_SOURCE[0]}) [OPTIONS] | |
It fetches manifests of images from OpenShift integrated registry forcing it to |
sudo journalctl -u docker -e --since=-1h | |
... | |
Oct 13 09:38:55 f24-ose.vm docker[4241]: time="2016-10-13T09:38:55.958654078+02:00" level=info msg="{Action=push, Username=vagrant, LoginUID=1001, PID=17124}" | |
Oct 13 09:38:55 f24-ose.vm docker[4241]: time="2016-10-13T07:38:55.961106686Z" level=debug msg="authorizing request" go.version=go1.6.3 http.request.host=registry.f24-ose.vm http.request.id=a2511965-e841-45da-a2f6-a4c140f931d4 http.request.method=GET http.request.remoteaddr=192.168.100.80 http.request.uri="/v2/" http. | |
Oct 13 09:38:55 f24-ose.vm docker[4241]: time="2016-10-13T07:38:55.961300887Z" level=error msg="error authorizing context: authorization header required" go.version=go1.6.3 http.request.host=registry.f24-ose.vm http.request.id=a2511965-e841-45da-a2f6-a4c140f931d4 http.request.method=GET http.request.remoteaddr=192.168 | |
Oct 13 09:38:55 f24-ose.vm docker[4241]: 172.17.0.1 - - [13/Oct/2016:07:38:55 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.6.3 kernel/4.7.6-200.fc24.x86_64 os/linux a |
version: 0.1 | |
log: | |
fields: | |
service: registry | |
storage: | |
cache: | |
blobdescriptor: inmemory | |
swift: | |
# Access object store container at http://qeos.centralci.eng.rdu2.redhat.com/ | |
# Project -> Compute -> Access & Security -> Identity |
set localconfig | |
set autoupdategist | |
let configpath='~/.config/google-chrome/cVimrc' | |
let vimport=8001 | |
let nextmatchpattern='((?!first)(next|older|more|>|→|›|»|forward|další|dále|následující|starší|více| )+)' | |
let prevmatchpattern='((?!last)(prev(ious)?|newer|back|«|less|<|←|‹|předchozí|novější|méně| )+)' | |
" default insert keybindings |
thank you for cooperation. Here's what I'd like to get/see: | |
1. exact version of docker-registry image being run | |
- the output of: oc describe dc/docker-registry | grep -i image | |
2. the output of curl on blob from inside of cluster: | |
1. inside a cluster, `oc login` with a user that can have a token |
time="2016-06-14T15:06:14.026887046Z" level=debug msg="Origin auth: checking for access to registry:catalog:*" go.version=go1.6 http.request.host=hub.10.2.2.2 http.request.id=4a86efce-a543-478b-ae87-7639a1fa9423 http.request.method=GET http.request.remoteaddr=10.2.2.1 http.request.uri="/v2/_catalog" http.request.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0" instance.id=1b2e8f60-9412-4f1e-ae2c-63e857c1e2dc | |
time="2016-06-14T15:06:14.027401558Z" level=error msg="error checking authorization: unsupported resource" go.version=go1.6 http.request.host=hub.10.2.2.2 http.request.id=4a86efce-a543-478b-ae87-7639a1fa9423 http.request.method=GET http.request.remoteaddr=10.2.2.1 http.request.uri="/v2/_catalog" http.request.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0" instance.id=1b2e8f60-9412-4f1e-ae2c-63e857c1e2dc |
package main | |
const ( | |
// The supported type of image signature. | |
ImageSignatureTypeAtomic string = "atomic" | |
// Signature wasn't recognized or a check couldn't be performed for some reason. | |
SignatureStateUnknown SignatureState = "unknown" | |
// Signature didn't match particular image, given type or it couldn't be parsed. | |
SignatureStateUntrusted SignatureState = "untrusted" |
FROM miminarnb.vm:5002/openshift3/ose-docker-registry:latest | |
RUN mkdir /dockerregistry || : | |
COPY dockerregistry /dockerregistry/dockerregistry | |
VOLUME /distribution | |
CMD [ "/bin/sh", "-c", "DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_SERVICE_HOST}:${DOCKER_REGISTRY_SERVICE_PORT} /dockerregistry/dockerregistry ${REGISTRY_CONFIGURATION_PATH}" ] |