Fix problems with deleting test repository from registry
Some checks are pending
Some checks are pending
This commit is contained in:
parent
69690f9391
commit
9420de4105
1 changed files with 19 additions and 158 deletions
|
|
@ -557,10 +557,12 @@ services:
|
|||
networks:
|
||||
- registry_network
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-k", "-f", "https://localhost:5000/v2/_catalog"]
|
||||
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "https://localhost:5000/v2/", "--no-check-certificate"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 40s
|
||||
|
||||
|
||||
registry-ui:
|
||||
image: joxit/docker-registry-ui:latest
|
||||
|
|
@ -636,7 +638,7 @@ http {
|
|||
|
||||
# Proxy registry API requests
|
||||
location /v2/ {
|
||||
proxy_pass http://registry_api;
|
||||
proxy_pass https://registry_api;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
@ -644,6 +646,7 @@ http {
|
|||
proxy_connect_timeout 30s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_read_timeout 30s;
|
||||
proxy_ssl_verify off;
|
||||
}
|
||||
|
||||
# Proxy registry UI requests
|
||||
|
|
@ -687,155 +690,6 @@ docker compose up -d
|
|||
exit
|
||||
```
|
||||
|
||||
#### 4.6.1 Restart Registry with Updated Configuration
|
||||
|
||||
If you've already started the registry and then updated the `REGISTRY_URL` in the docker-compose.yml file, you need to restart the containers for the changes to take effect:
|
||||
|
||||
```bash
|
||||
# Switch to SERVICE_USER (registry directory owner)
|
||||
sudo su - SERVICE_USER
|
||||
|
||||
cd /opt/registry
|
||||
|
||||
# Stop and remove the existing containers
|
||||
docker compose down
|
||||
|
||||
# Start the containers with the updated configuration
|
||||
docker compose up -d
|
||||
|
||||
# Exit SERVICE_USER shell
|
||||
exit
|
||||
```
|
||||
|
||||
**Note**: This step is only needed if you've already started the registry and then updated the `REGISTRY_URL`. If you're starting fresh, Step 4.6 is sufficient.
|
||||
|
||||
#### 4.6.2 Troubleshoot Connection Issues
|
||||
|
||||
If you get "Unable to Connect" when accessing `https://YOUR_CI_CD_IP:8080`, run these diagnostic commands:
|
||||
|
||||
```bash
|
||||
# Switch to SERVICE_USER (registry directory owner)
|
||||
sudo su - SERVICE_USER
|
||||
|
||||
cd /opt/registry
|
||||
|
||||
# Check if all containers are running
|
||||
docker compose ps
|
||||
|
||||
# Check container logs for errors
|
||||
docker compose logs nginx
|
||||
docker compose logs registry-ui
|
||||
docker compose logs registry
|
||||
|
||||
# Check if nginx is listening on port 8080
|
||||
netstat -tlnp | grep :8080
|
||||
|
||||
# Test nginx directly
|
||||
curl -k https://localhost:8080
|
||||
|
||||
# Exit SERVICE_USER shell
|
||||
exit
|
||||
```
|
||||
|
||||
**Common Issues and Solutions:**
|
||||
- **Container not running**: Run `docker compose up -d` to start containers
|
||||
- **Port conflict**: Check if port 8080 is already in use
|
||||
- **SSL certificate issues**: Verify the certificate files exist and have correct permissions
|
||||
- **Firewall blocking**: Ensure port 8080 is open in your firewall
|
||||
|
||||
#### 4.6.3 Fix Container Restart Issues
|
||||
|
||||
If containers are restarting repeatedly, check the logs and fix the configuration:
|
||||
|
||||
```bash
|
||||
# Switch to SERVICE_USER (registry directory owner)
|
||||
sudo su - SERVICE_USER
|
||||
|
||||
cd /opt/registry
|
||||
|
||||
# Stop all containers
|
||||
docker compose down
|
||||
|
||||
# Check if SSL certificates exist
|
||||
ls -la ssl/
|
||||
|
||||
# If certificates don't exist, generate them
|
||||
if [ ! -f ssl/registry.crt ]; then
|
||||
echo "Generating SSL certificates..."
|
||||
mkdir -p ssl
|
||||
openssl req -x509 -newkey rsa:4096 -keyout ssl/registry.key -out ssl/registry.crt -days 365 -nodes -subj "/C=US/ST=State/L=City/O=Organization/CN=YOUR_CI_CD_IP"
|
||||
chmod 600 ssl/registry.key
|
||||
chmod 644 ssl/registry.crt
|
||||
fi
|
||||
|
||||
# Check if nginx.conf exists
|
||||
ls -la nginx.conf
|
||||
|
||||
# If nginx.conf doesn't exist, create it
|
||||
if [ ! -f nginx.conf ]; then
|
||||
echo "Creating nginx configuration..."
|
||||
cat > nginx.conf << 'EOF'
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
upstream registry_ui {
|
||||
server registry-ui:80;
|
||||
}
|
||||
|
||||
upstream registry_api {
|
||||
server registry:5000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name YOUR_CI_CD_IP;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/registry.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/registry.key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
|
||||
# Proxy registry API requests
|
||||
location /v2/ {
|
||||
proxy_pass http://registry_api;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Proxy registry UI requests
|
||||
location / {
|
||||
proxy_pass http://registry_ui;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
# Replace YOUR_CI_CD_IP with actual IP in nginx.conf
|
||||
sed -i "s/YOUR_CI_CD_IP/YOUR_ACTUAL_CI_CD_IP/g" nginx.conf
|
||||
|
||||
# Start containers and check logs
|
||||
docker compose up -d
|
||||
|
||||
# Wait a moment, then check logs
|
||||
sleep 5
|
||||
docker compose logs nginx
|
||||
docker compose logs registry
|
||||
|
||||
# Exit SERVICE_USER shell
|
||||
exit
|
||||
```
|
||||
|
||||
**Important**: Replace `YOUR_ACTUAL_CI_CD_IP` with your actual CI/CD Linode IP address in the command above.
|
||||
|
||||
#### 4.7 Test Registry Setup
|
||||
|
||||
```bash
|
||||
|
|
@ -878,15 +732,22 @@ docker rmi localhost:8080/test:latest
|
|||
# Clean up test file
|
||||
rm /tmp/test.Dockerfile
|
||||
|
||||
# Clean up test repository using registry UI
|
||||
# 1. Open your browser and go to: https://YOUR_CI_CD_IP:8080
|
||||
# 2. You should see the 'test' repository listed
|
||||
# 3. Click on the 'test' repository
|
||||
# 4. Click the delete button (trash icon) next to the 'latest' tag
|
||||
# 5. Confirm the deletion
|
||||
# 6. The test repository should now be removed
|
||||
# Get the manifest digest for the 'latest' tag
|
||||
curl -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
|
||||
https://localhost:8080/v2/test/manifests/latest
|
||||
|
||||
# Copy the "config.digest" value from the output above (starts with "sha256:")
|
||||
# Then delete the tag using that digest:
|
||||
curl -k -X DELETE https://localhost:8080/v2/test/manifests/<digest>
|
||||
|
||||
# Run garbage collection to remove orphaned blobs
|
||||
docker compose exec registry /bin/registry garbage-collect /etc/docker/registry/config.yml --delete-untagged
|
||||
|
||||
# Remove the repository directory structure
|
||||
docker compose exec registry rm -rf /var/lib/registry/docker/registry/v2/repositories/test
|
||||
|
||||
# Verify registry is empty
|
||||
echo "Verifying registry is now empty..."
|
||||
curl -k https://localhost:8080/v2/_catalog
|
||||
|
||||
# Exit SERVICE_USER shell
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue