Private registry authentication distinct from host

2024-12-12 09:04:17 +02:00 · 2016-10-13 18:16:24 +01:00 · 2016-10-13 18:16:24 +01:00 · 25f1fee8e2
commit 25f1fee8e2
parent 02bca8d6a4
2 changed files with 40 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -46,7 +46,9 @@ docker run -d \
  --name watchtower \
  -e REPO_USER="username" -e REPO_PASS="pass" -e REPO_EMAIL="email" \
  -v /var/run/docker.sock:/var/run/docker.sock \
-  drud/watchtower container_to_watch --debug
+  drud/watchtower container_to_watch \
+  --registry private.registry.net:port \
+  --debug
 ```

 ### Arguments
@ -73,6 +75,7 @@ docker run --rm centurylink/watchtower --help
 ```

 * `--host, -h` Docker daemon socket to connect to. Defaults to "unix:///var/run/docker.sock" but can be pointed at a remote Docker host by specifying a TCP endpoint as "tcp://hostname:port". The host value can also be provided by setting the `DOCKER_HOST` environment variable.
+* `--registry` The private Docker registry from which to pull images, if different from `host`.
 * `--interval, -i` Poll interval (in seconds). This value controls how frequently watchtower will poll for new images. Defaults to 300 seconds (5 minutes).
 * `--no-pull` Do not pull new images. When this flag is specified, watchtower will not attempt to pull new images from the registry. Instead it will only monitor the local image cache for changes. Use this option if you are building new images directly on the Docker host without pushing them to a registry.
 * `--cleanup` Remove old images after updating. When this flag is specified, watchtower will remove the old image after restarting a container with a new image. Use this option to prevent the accumulation of orphaned images on your system as containers are updated.
--- a/main.go
+++ b/main.go
@ -11,18 +11,22 @@ import (
 	"sync"
 	"syscall"
 	"time"
+	"context"

 	"github.com/CenturyLinkLabs/watchtower/actions"
 	"github.com/CenturyLinkLabs/watchtower/container"
 	log "github.com/Sirupsen/logrus"
 	"github.com/codegangsta/cli"
+	dockerclient "github.com/docker/docker/client"
+	"github.com/docker/docker/api/types"
 )

 var (
-	wg           sync.WaitGroup
-	client       container.Client
-	pollInterval time.Duration
-	cleanup      bool
+	wg              sync.WaitGroup
+	client          container.Client
+	registryClient  container.Client
+	pollInterval    time.Duration
+	cleanup         bool
 )

 func init() {
@ -48,6 +52,12 @@ func main() {
 			Value:  "unix:///var/run/docker.sock",
 			EnvVar: "DOCKER_HOST",
 		},
+		cli.StringFlag{
+			Name:   "registry",
+			Usage:  "docker registry from which to pull images",
+			Value:  "unix:///var/run/docker.sock",
+			EnvVar: "DOCKER_REGISTRY",
+		},
 		cli.IntFlag{
 			Name:  "interval, i",
 			Usage: "poll interval (in seconds)",
@ -111,11 +121,33 @@ func before(c *cli.Context) error {
 	}

 	client = container.NewClient(c.GlobalString("host"), tls, !c.GlobalBool("no-pull"))
+	login(c)

 	handleSignals()
 	return nil
 }

+func login(c *cli.Context) {
+	registry := c.GlobalString("registry")
+	if registry != "" && registry != c.GlobalString("host") {
+		log.Debug("Logging into registry")
+		clint, err := dockerclient.NewEnvClient()
+		if err != nil {
+			panic(err)
+		}
+		regAuth := types.AuthConfig{
+					Username: "testuser",
+					Password: "testpassword",
+					ServerAddress: registry,
+		}
+		resp, err := clint.RegistryLogin(context.Background(), regAuth)
+		if err != nil {
+			panic(err)
+		}
+		log.Debugf("Authenticated client with registry %s, %s", registry, resp)
+	}
+}
+
 func start(c *cli.Context) {
 	names := c.Args()