Open Stack

If they have a valid CA signed cert for the docker registry, it should 'Just work (TM)' :)

Self signing is a different issue. Maybe just an additional option in addition to the prefix option to pass a CA to add to the root trust chain?

Thanks,
Kevin

________________________________
From: Hongbin Lu [hongbin.lu at huawei.com]
Sent: Tuesday, April 19, 2016 11:50 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Magnum]Cache docker images

Yes, that is an alternative. The complication is how to secure the communication between Magnum bays and the standalone docker registry. I assume we needs some custom logic to setup the communication channel (i.e. install the TLS credential). One way to support it is to add a configuration hook [1] that allows operators to customize the setup. Pre-built docker images into the glance image is another approach. I think Magnum can offer both.

[1] https://blueprints.launchpad.net/magnum/+spec/allow-user-softwareconfig

Best regards,
Hongbin

From: Fox, Kevin M [mailto:Kevin.Fox at pnnl.gov]
Sent: April-19-16 1:12 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Magnum]Cache docker images

why not just allow a prefix to be added to the container name?

you can then have a container named:
foo/mycontainer

and the prefix could be set to mylocalserver.org:8080:
mylocalserver.org:8080/foo/mycontainer

Then if the site needs local only containers, they can set up a local repo. Be it a stand alone docker registry, the docker datacenter product, artifactory with the docker plugin, etc.

Thanks,
Kevin
________________________________
From: 王华 [wanghua.humble at gmail.com]
Sent: Monday, April 18, 2016 7:57 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [Magnum]Cache docker images
Hi all,

We want to eliminate pulling docker images over the Internet on bay provisioning. There are two problems of this approach:
1. Pulling docker images over the Internet is slow and fragile.
2. Some clouds don't have external Internet access.

It is suggested to build all the required images into the cloud images to resolved the issue.

Here is a solution:
We export the docker images as tar files, and put the tar files into a dir in the image when we build the image. And we add scripts to load the tar files in cloud-init, so that we don't need to download the docker images.

Any advice for this solution or any better solution?

Regards,
Wanghua
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160419/a7dbd0c6/attachment.html>