search

mortensteenrasmussen / docker-registry-manifest-cleanup

Cleans up docker registry by removing untagged manifests from the registry
Apache License 2.0
146 stars 33 forks source link

Doesn't work on Goharbor? - Token authentication #14

Closed shinebayar-g closed 5 years ago

shinebayar-g commented 5 years ago

Hi, I'm running Goharbor . It's running behind nginx reverse proxy with its own domain. Ex: reg.mydomain.com, it doesn't have basic auth, because goharbor has its own authentication method. Check its demo here. Right now I'm logged into my goharbor server and run the script like this:

docker run -it -v /data/registry:/registry -e REGISTRY_URL=https://reg.mydomain.com -e DRY_RUN="true" mortensrasmussen/docker-registry-manifest-cleanup

Ofc it returns 

Got an authentication error connecting to the registry. Check credentials, or add REGISTRY_AUTH='username:password'
Exiting

Then I've tried like this:

docker run -it -v /data/registry:/registry -e REGISTRY_URL=https://user:pass@reg.mydomain.com -e DRY_RUN="true" mortensrasmussen/docker-registry-manifest-cleanup

or

docker run -it -v /data/registry:/registry -e REGISTRY_URL=https://reg.mydomain.com -e REGISTRY_AUTH='user:pass'-e DRY_RUN="true" mortensrasmussen/docker-registry-manifest-cleanup

Both didn't work. What should I do?

If I run the script directly to port 5000

➜ docker run -it -v /data/registry:/registry -e REGISTRY_URL=http://127.0.0.1:5000 -e DRY_RUN="true" mortensrasmussen/docker-registry-manifest-cleanup                      
Running in dry-run mode. No changes will be made.

Running against local storage
Could not contact registry at http://127.0.0.1:5000 - error: HTTPConnectionPool(host='127.0.0.1', port=5000): Max retries exceeded with url: /v2/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f224e75cf28>: Failed to establish a new connection: [Errno 111] Connection refused',))
Exiting
mortensteenrasmussen commented 5 years ago

Hi, thanks for the report. The reason it doesn't work is that Harbor is using token authentication, and my script currently only supports HTTP Basic auth.

I'll try to look at adding token auth ASAP. I'll notify in this issue as soon as its implemented.

shinebayar-g commented 5 years ago

Thanks for the answer, I was really getting out of space. I deleted & uninstalled goharbor and started fresh today for now.

mortensteenrasmussen commented 5 years ago

Hi, too bad you deleted it. I have a version ready now that can handle it. Do you have a backup by chance? Or any way to test it? I'd like it tested before making an official release :)

shinebayar-g commented 5 years ago

Wow that's nice! Unfortunately I didn't make any backup. I just wiped clean, because our CI/CD would just push new images again. Again unfortunately we're not doing much since its holidays.. So after wipe out I haven't much images to test it yet.

mortensteenrasmussen commented 5 years ago

Hi, I have just released version 1.1.1 which should work with harbor. You can try it out as soon as your CI/build environment has overwritten a tag (eg. latest). I'll close this for now, but please try it out when you have time and comment here so I know if it worked. I set up harbor and tested it myself, and it seems to be working.

Best regards!

shinebayar-g commented 5 years ago

Hey there! @mortensteenrasmussen I'm finally able to test it right now. It works like a charm! On harbor 1.7.0 Thank you very much for this project! It's really useful! Just saved another bunch of space on my disk. :100: