1skopeo-sync(1)() skopeo-sync(1)()
2
6 skopeo-sync - Synchronize images between container registries and local
7 directories.
8
11 skopeo sync --src transport --dest transport source destination
12
15 Synchronize images between container registries and local directories.
16 The synchronization is achieved by copying all the images found at
17 source to destination.
18 Useful to synchronize a local container registry mirror, and to to pop‐
21 ulate registries running inside of air-gapped environments.
22 Differently from other skopeo commands, skopeo sync requires both
25 source and destination transports to be specified separately from
26 source and destination. One of the problems of prefixing a destination
27 with its transport is that, the registry docker://hostname:port would
28 be wrongly interpreted as an image reference at a non-fully qualified
29 registry, with hostname and port the image name and tag.
30 Available source transports:
33 - docker (i.e. --src docker): source is a repository hosted on a con‐
34 tainer registry (e.g.: registry.example.com/busybox).
35 If no image tag is specified, skopeo sync copies all the tags found in
36 that repository.
37 - dir (i.e. --src dir): source is a local directory path (e.g.:
38 /media/usb/). Refer to skopeo(1) dir:path for the local image format.
39 - yaml (i.e. --src yaml): source is local YAML file path.
40 The YAML file should specify the list of images copied from different
41 container registries (local directories are not supported). Refer to
42 EXAMPLES for the file format.
43 Available destination transports:
46 - docker (i.e. --dest docker): destination is a container registry
47 (e.g.: my-registry.local.lan).
48 - dir (i.e. --dest dir): destination is a local directory path (e.g.:
49 /media/usb/).
50 One directory per source 'image:tag' is created for each copied image.
51 When the --scoped option is specified, images are prefixed with the
54 source image path so that multiple images with the same name can be
55 stored at destination.
56
59 --all If one of the images in src refers to a list of images, instead
60 of copying just the image which matches the current OS and architecture
61 (subject to the use of the global --override-os, --override-arch and
62 --override-variant options), attempt to copy all of the images in the
63 list, and the list itself.
64 --authfile path
67 Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
70 ers/auth.json, which is set using skopeo login. If the authorization
71 state is not found there, $HOME/.docker/config.json is checked, which
72 is set using docker login.
73 --src-authfile path
76 Path of the authentication file for the source registry. Uses path
79 given by --authfile, if not provided.
80 --dest-authfile path
83 Path of the authentication file for the destination registry. Uses path
86 given by --authfile, if not provided.
87 --src transport Transport for the source repository.
90 --dest transport Destination transport.
93 --scoped Prefix images with the source image path, so that multiple
96 images with the same name can be stored at destination.
97 --remove-signatures Do not copy signatures, if any, from source-image.
100 This is necessary when copying a signed image to a destination which
101 does not support signatures.
102 --sign-by=key-id Add a signature using that key ID for an image name
105 corresponding to destination-image.
106 --src-creds username[:password] for accessing the source registry.
109 --dest-creds username[:password] for accessing the destination reg‐
112 istry.
113 --src-cert-dir path Use certificates (*.crt, *.cert, *.key) at path to
116 connect to the source registry or daemon.
117 --src-no-creds bool-value Access the registry anonymously.
120 --src-tls-verify bool-value Require HTTPS and verify certificates when
123 talking to a container source registry or daemon (defaults to true).
124 --dest-cert-dir path Use certificates (*.crt, *.cert, *.key) at path to
127 connect to the destination registry or daemon.
128 --dest-no-creds bool-value Access the registry anonymously.
131 --dest-tls-verify bool-value Require HTTPS and verify certificates when
134 talking to a container destination registry or daemon (defaults to
135 true).
136 --src-registry-token Bearer token for accessing the source registry.
139 --dest-registry-token Bearer token for accessing the destination reg‐
142 istry.
143
146 Synchronizing to a local directory
147 $ skopeo sync --src docker --dest dir registry.example.com/busybox /media/usb
148 Images are located at:
152 /media/usb/busybox:1-glibc
155 /media/usb/busybox:1-musl
156 /media/usb/busybox:1-ubuntu
157 /media/usb/busybox:latest
158 Synchronizing to a container registry from local
162 Images are located at:
163 /media/usb/busybox:1-glibc
166 Sync run
170 $ skopeo sync --src dir --dest docker /media/usb/busybox:1-glibc my-registry.local.lan/test/
173 Destination registry content:
177 REPO TAGS
180 my-registry.local.lan/test/busybox 1-glibc
181 Synchronizing to a local directory, scoped
185 $ skopeo sync --src docker --dest dir --scoped registry.example.com/busybox /media/usb
186 Images are located at:
190 /media/usb/registry.example.com/busybox:1-glibc
193 /media/usb/registry.example.com/busybox:1-musl
194 /media/usb/registry.example.com/busybox:1-ubuntu
195 /media/usb/registry.example.com/busybox:latest
196 Synchronizing to a container registry
200 skopeo sync --src docker --dest docker registry.example.com/busybox my-registry.local.lan
201 Destination registry content:
205 REPO TAGS
208 registry.local.lan/busybox 1-glibc, 1-musl, 1-ubuntu, ..., latest
209 Synchronizing to a container registry keeping the repository
213 skopeo sync --src docker --dest docker registry.example.com/repo/busybox my-registry.local.lan/repo
214 Destination registry content:
218 REPO TAGS
221 registry.local.lan/repo/busybox 1-glibc, 1-musl, 1-ubuntu, ..., latest
222 YAML file content (used source for **--src yaml**)
226 registry.example.com:
227 images:
228 busybox: []
229 redis:
230 - "1.0"
231 - "2.0"
232 - "sha256:0000000000000000000000000000000011111111111111111111111111111111"
233 images-by-tag-regex:
234 nginx: ^1\.13\.[12]-alpine-perl$
235 credentials:
236 username: john
237 password: this is a secret
238 tls-verify: true
239 cert-dir: /home/john/certs
240 quay.io:
241 tls-verify: false
242 images:
243 coreos/etcd:
244 - latest
245 If the yaml filename is sync.yml, sync run:
249 skopeo sync --src yaml --dest docker sync.yml my-registry.local.lan/repo/
252 This will copy the following images: - Repository registry.exam‐
256 ple.com/busybox: all images, as no tags are specified. - Repository
257 registry.example.com/redis: images tagged "1.0" and "2.0" along with
258 image with digest
259 "sha256:0000000000000000000000000000000011111111111111111111111111111111".
260 - Repository registry.example.com/nginx: images tagged
261 "1.13.1-alpine-perl" and "1.13.2-alpine-perl". - Repository
262 quay.io/coreos/etcd: images tagged "latest".
263 For the registry registry.example.com, the "john"/"this is a secret"
266 credentials are used, with server TLS certificates located at
267 /home/john/certs.
268 TLS verification is normally enabled, and it can be disabled setting
271 tls-verify to false. In the above example, TLS verification is enabled
272 for registry.example.com, while is disabled for quay.io.
273
276 skopeo(1), skopeo-login(1), docker-login(1), containers-auth.json(5),
277 containers-policy.json(5), containers-transports(5)
278
281 Flavio Castelli fcastelli@suse.com ⟨mailto:fcastelli@suse.com⟩, Marco
282 Vedovati mvedovati@suse.com ⟨mailto:mvedovati@suse.com⟩
283 skopeo-sync(1)()