从本地专用dockerregistry创buildSingularity容器
从Docker镜像创build奇点图像时,如何在本地不安全的私有registry中正确引用Docker镜像?
使用奇点2.2.1,尝试使用specfile:
Bootstrap: docker Registry: localhost:5000 From: tensorflow:latest %runscript exec /usr/bin/python "$@" %post echo "Post install stuffs!" 结果如下:
Executing Prebootstrap module VERBOSE [U=0,P=22966] message.c:52:init() : Set messagelevel to: 5 DEBUG [U=0,P=22966] get-section.c:66:main() : Iterating through /proc/mounts Executing Bootstrap 'docker' module From: tensorflow:latest Registry: https://localhost:5000 library/tensorflow:latest scope=repository:library/tensorflow:pull URL: https://localhost:5000/v2/library/tensorflow/manifests/latest Traceback (most recent call last): File "/usr/lib/x86_64-linux-gnu/singularity/python/cli.py", line 198, in <module> main() File "/usr/lib/x86_64-linux-gnu/singularity/python/cli.py", line 146, in main auth=doauth) File "/usr/lib/x86_64-linux-gnu/singularity/python/docker/api.py", line 156, in get_manifest response = api_get(base,headers=token,default_header=True) File "/usr/lib/x86_64-linux-gnu/singularity/python/utils.py", line 139, in api_get response = urllib2.urlopen(request) File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen return opener.open(url, data, timeout) File "/usr/lib/python2.7/urllib2.py", line 429, in open response = self._open(req, data) File "/usr/lib/python2.7/urllib2.py", line 447, in _open '_open', req) File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain result = func(*args) File "/usr/lib/python2.7/urllib2.py", line 1241, in https_open context=self._context) File "/usr/lib/python2.7/urllib2.py", line 1198, in do_open raise URLError(err) urllib2.URLError: <urlopen error [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:661)> Executing Postbootstrap module ERROR: Container does not contain the valid minimum requirement of /bin/sh DEBUG [U=0,P=22936] fork.c:52:handle_sigchld() : Checking child pids: 22941 22941
Singularity正在对私有registry进行HTTPS的假设。
谢谢,皮尔斯。
PS我无法创build标记“奇点”,因为我没有足够的声望点,但是在这篇文章中有意义。
回答我自己的问题 – 事实certificate,我需要做两件事情:
- 明确添加http://到本地registryURL
- 在Docker映像名称前加上“/”,这样它就不会被前缀“/ library /”
示例specfile:
Bootstrap: docker Registry: http://localhost:5000 From: /tensorflow:latest %runscript exec /usr/bin/python "$@" %post echo "Post install stuffs!"