Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

migrate away from DockerHub container registry #163

Closed
mmguero opened this issue Mar 15, 2023 · 2 comments
Closed

migrate away from DockerHub container registry #163

mmguero opened this issue Mar 15, 2023 · 2 comments
Assignees
@mmguero
Labels
docker Relating to docker and docker-compose as used by Malcolm external Depends on a bug or feature external to this project release Related to creation/packaging of Malcolm releases research Research or proof-of-concept for an idea

Comments

@mmguero
Copy link
Collaborator

mmguero commented Mar 15, 2023

Docker (the company) has announced then are "sunsetting free teams" plans, which I am pretty sure will affect Malcolm.

See docker/hub-feedback#2314

We have a few options:

  • start using idaholab namespace (e.g., from docker.io/malcolmnetsec/zeek to docker.io/idaholab/malcolmnetsec/zeek)
  • start using GitHub's container registry (e.g., from docker.io/malcolmnetsec/zeek to ghcr.io/idaholab/malcolmnetsec/zeek)
  • investigate other registries with free plans (e.g., quay.io)

My instinct is to go with GitHub (ghcr.io) as we're already using GitHub for source code, for issue and project tracking, and CI actions.

There are issues, both technical and social, about how to handle this. For example, what about the existing malcolmnetsec namespace? We want to avoid squatters as this is a serious security concern, although it's more on Docker to answer this.
@mmguero mmguero added docker Relating to docker and docker-compose as used by Malcolm external Depends on a bug or feature external to this project research Research or proof-of-concept for an idea release Related to creation/packaging of Malcolm releases labels Mar 15, 2023
@mmguero mmguero self-assigned this Mar 15, 2023
@mmguero mmguero added this to Malcolm Mar 15, 2023
@idaholab idaholab deleted a comment from Vad1mo Mar 15, 2023
@mavam
Copy link

mavam commented Mar 16, 2023

My instinct is to go with GitHub (ghcr.io)

We are going there as well. It works well both as registry and cache, which we used extensively in the past.

mmguero pushed a commit to mmguero-dev/Malcolm that referenced this issue Mar 17, 2023
@malcolminl
for idaholab#163, move docker images from docker.io/malcolmnetsec/foo…
f4d8267 
…bar:version to ghcr.io/idaholab/malcolm/foobar:version
@mmguero
Copy link
Collaborator Author

mmguero commented Mar 17, 2023

Old image name format:

malcolmnetsec/zeek:23.03.0

New image name format:

ghcr.io/idaholab/malcolm/zeek:23.03.0

This will be in the next release.

@mmguero mmguero moved this to Testing in Malcolm Mar 17, 2023
@mmguero mmguero moved this from Testing to Done in Malcolm Mar 17, 2023
@mmguero mmguero closed this as completed Mar 17, 2023
This was referenced Apr 4, 2023
Merged
Merged
mmguero added a commit that referenced this issue Apr 5, 2023
@mmguero
Merge pull request #179 from mmguero-dev/v23.04.0_merge_idaholab
93c34a3 
Malcolm v23.04.0 is a release with enhancements, component version updates and bug fixes.

IMPORTANT NOTE: In March 2023 Docker Inc. announced its decision to sunset the "Docker Free Team" plan, which prompted us to decide to migrate away from Docker Hub to the Github Container Registry or "ghcr" (see #163). Due to public backlash, Docker Inc. reversed its decision. However, the Malcolm project will continue with the decision to use GHCR beginning with this release (Malcolm v23.04.0) and moving forward. If you're updating an existing instance of Malcolm, it's recommended that you back up your `docker-compose.yml` and `docker-compose-standalone.yml` files, replace them with the ones from this release and re-run `./scripts/install.py --configure` to ensure that you're pointing at the latest images (this is actually always good practice when moving to a new release of Malcolm).

v23.03.0...v23.04.0

* Enhancements
    - autostart `install.py --configure` on Malcolm ISO first boot (#157)
    - clarify information about auth_setup's use of external OpenSearch connections (#160)
    - migrate away from DockerHub container registry (#163)
    - give easier option for transferring SSL client files from Malcolm to forwarder (#177)
        + added `tx-rx-secure.sh` script as wrapper around [croc](https://github.com/schollz/croc) automatically creating and using a local-only relay

* Component version updates
    - [Zeek v5.2.0](https://github.com/zeek/zeek/releases) (#161)
    - [fluent bit v2.0.10](https://fluentbit.io/announcements/v2.0.10/)
    - [NetBox v3.4.7](https://github.com/netbox-community/netbox/releases/tag/v3.4.7)

* Fixes
    - XFCE4's "save session on exit" causes conflict with Hedgehog kiosk mode if firefox instance is started upon session restore (#164)
    - docker-compose move from go-yaml/v3 breaks Malcolm's docker-compose YAML files (#178, docker/compose#10411)
    - increase index.mapping.nested_fields.limit in opensearch index template (#180)
mmguero added a commit to cisagov/Malcolm that referenced this issue Apr 5, 2023
@mmguero
Merge pull request #247 from mmguero-dev/v23.04.0_merge_cisagov
37bb7f7 
Malcolm v23.04.0 is a release with enhancements, component version updates and bug fixes.

IMPORTANT NOTE: In March 2023 Docker Inc. announced its decision to sunset the "Docker Free Team" plan, which prompted us to decide to migrate away from Docker Hub to the Github Container Registry or "ghcr" (see idaholab#163). Due to public backlash, Docker Inc. reversed its decision. However, the Malcolm project will continue with the decision to use GHCR beginning with this release (Malcolm v23.04.0) and moving forward. If you're updating an existing instance of Malcolm, it's recommended that you back up your `docker-compose.yml` and `docker-compose-standalone.yml` files, replace them with the ones from this release and re-run `./scripts/install.py --configure` to ensure that you're pointing at the latest images (this is actually always good practice when moving to a new release of Malcolm).

v23.03.0...v23.04.0

* Enhancements
    - autostart `install.py --configure` on Malcolm ISO first boot (idaholab#157)
    - clarify information about auth_setup's use of external OpenSearch connections (idaholab#160)
    - migrate away from DockerHub container registry (idaholab#163)
    - give easier option for transferring SSL client files from Malcolm to forwarder (idaholab#177)
        + added `tx-rx-secure.sh` script as wrapper around [croc](https://github.com/schollz/croc) automatically creating and using a local-only relay

* Component version updates
    - [Zeek v5.2.0](https://github.com/zeek/zeek/releases) (idaholab#161)
    - [fluent bit v2.0.10](https://fluentbit.io/announcements/v2.0.10/)
    - [NetBox v3.4.7](https://github.com/netbox-community/netbox/releases/tag/v3.4.7)

* Fixes
    - XFCE4's "save session on exit" causes conflict with Hedgehog kiosk mode if firefox instance is started upon session restore (idaholab#164)
    - docker-compose move from go-yaml/v3 breaks Malcolm's docker-compose YAML files (idaholab#178, docker/compose#10411)
    - increase index.mapping.nested_fields.limit in opensearch index template (idaholab#180)
@mmguero mmguero moved this from Done to Released in Malcolm Apr 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
docker Relating to docker and docker-compose as used by Malcolm external Depends on a bug or feature external to this project release Related to creation/packaging of Malcolm releases research Research or proof-of-concept for an idea
Projects
Malcolm
Status: Released
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mavam @mmguero