Mirroring quay.io repository
IBM Security provides scripts you can use to mirror your repository with quay.io.
The App Host is limited to one repository; therefore you cannot connect to your own repository and quay.io, where the apps are located. In order to use both the apps published in the IBM® App Exchange and your own custom apps, you need to copy the published containers from quay.io to your repository.
You can use the following scripts, both available from here.
- mirror-all-images.sh, which you use to copy all app container images from quay.io to your private repository.
- mirror-images.sh, which you use to copy select apps container images from quay.io to your private repository.
Before running either script, review the following:
- Podman or docker is installed on your system, and the command line JSON processor, jq, is available.
- The script does not provide a login to your repository. You must log in or have write access to
the your container repository before running the script. If root permissions are needed to run these
commands, use
sudo
orsu
to access the login account. - If working with HTTP registry with podman, add
insecure_registry
as an argument. If working with docker, you might be required to edit/.docker/config.json
or an environment variable. - Use
latest_tag
to retrieve only the most recent version of the app instead of all the unique versions that exist on quay.io.
To run the mirror-all-images script, enter the following command along with the name or IP
address of your repository and, optionally, the tool you use. If the tool name is not entered, the
script attempts to determine which tool
exists.
/bin/bash mirror-all-images <name or IP address of replication registry> [docker | podman]
In the following example, the replication repository is fqdn.registry.io and the tool is
podman.
/bin/bash mirror-all-images fqdn.registry.io podman
To run the mirror-images script, you need to add two files, which are used to control the
behavior of the script:
- repo_quay.conf - a list of container names and versions, one per line, to replicate. The format
of a line is
container_name:x.x.x
where x.x.x is the tagged version. - preserved_images.conf - a list of container names and versions, one per line, to retain in the
local docker or podman image container environment. The format of a line is the same as used in the
repo_quay.conf file,
container_name:x.x.x
.
Use the following command to run the mirror-images script.
/bin/bash mirror-images <name or IP address of replication registry> [docker | podman]
In the following example, the replication repository is fqdn.registry.io and the tool is podman.
The repo_quay.conf file lists two apps to replicate and the preserved_images.conf file lists one app
to
preserve.
/bin/bash mirror-images fqdn.registry.io podman repo_quay.conf
fn_utilities:1.140
fn_xforce:1.0.0
preserved_images.conf
fn_utilities:1.140