1skopeo-sync(1)()                                              skopeo-sync(1)()
2
3
4

NAME

6       skopeo-sync - Synchronize images between container registries and local
7       directories.
8
9

SYNOPSIS

11       skopeo sync --src transport --dest transport source destination
12
13

DESCRIPTION

15       Synchronize images between container registries and local  directories.
16       The  synchronization  is  achieved  by  copying all the images found at
17       source to destination.
18
19
20       Useful to synchronize a local container registry mirror, and to to pop‐
21       ulate registries running inside of air-gapped environments.
22
23
24       Differently  from  other  skopeo  commands,  skopeo  sync requires both
25       source and destination  transports  to  be  specified  separately  from
26       source and destination.  One of the problems of prefixing a destination
27       with its transport is that, the registry  docker://hostname:port  would
28       be  wrongly  interpreted as an image reference at a non-fully qualified
29       registry, with hostname and port the image name and tag.
30
31
32       Available source transports:
33        - docker (i.e. --src docker): source is a repository hosted on a  con‐
34       tainer registry (e.g.: registry.example.com/busybox).
35        If no image tag is specified, skopeo sync copies all the tags found in
36       that repository.
37        - dir (i.e. --src dir):  source  is  a  local  directory  path  (e.g.:
38       /media/usb/). Refer to skopeo(1) dir:path for the local image format.
39        - yaml (i.e. --src yaml): source is local YAML file path.
40        The  YAML file should specify the list of images copied from different
41       container registries (local directories are not  supported).  Refer  to
42       EXAMPLES for the file format.
43
44
45       Available destination transports:
46        -  docker  (i.e.  --dest  docker): destination is a container registry
47       (e.g.: my-registry.local.lan).
48        - dir (i.e. --dest dir): destination is a local directory path  (e.g.:
49       /media/usb/).
50        One directory per source 'image:tag' is created for each copied image.
51
52
53       When  the  --scoped  option  is specified, images are prefixed with the
54       source image path so that multiple images with the  same  name  can  be
55       stored at destination.
56
57

OPTIONS

59       --authfile path
60
61
62       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
63       ers/auth.json, which is set using podman login.  If  the  authorization
64       state  is  not found there, $HOME/.docker/config.json is checked, which
65       is set using docker login.
66
67
68       --src-authfile path
69
70
71       Path of the authentication file for  the  source  registry.  Uses  path
72       given by --authfile, if not provided.
73
74
75       --dest-authfile path
76
77
78       Path of the authentication file for the destination registry. Uses path
79       given by --authfile, if not provided.
80
81
82       --src transport Transport for the source repository.
83
84
85       --dest transport Destination transport.
86
87
88       --scoped Prefix images with the source image  path,  so  that  multiple
89       images with the same name can be stored at destination.
90
91
92       --remove-signatures  Do not copy signatures, if any, from source-image.
93       This is necessary when copying a signed image to  a  destination  which
94       does not support signatures.
95
96
97       --sign-by=key-id  Add  a  signature using that key ID for an image name
98       corresponding to destination-image.
99
100
101       --src-creds username[:password] for accessing the source registry.
102
103
104       --dest-creds username[:password] for  accessing  the  destination  reg‐
105       istry.
106
107
108       --src-cert-dir  path Use certificates (*.crt, *.cert, *.key) at path to
109       connect to the source registry or daemon.
110
111
112       --src-no-creds bool-value Access the registry anonymously.
113
114
115       --src-tls-verify bool-value Require HTTPS and verify certificates  when
116       talking to a container source registry or daemon (defaults to true).
117
118
119       --dest-cert-dir path Use certificates (*.crt, *.cert, *.key) at path to
120       connect to the destination registry or daemon.
121
122
123       --dest-no-creds bool-value  Access the registry anonymously.
124
125
126       --dest-tls-verify bool-value Require HTTPS and verify certificates when
127       talking  to  a  container  destination  registry or daemon (defaults to
128       true).
129
130

EXAMPLES

132   Synchronizing to a local directory
133              $ skopeo sync --src docker --dest dir registry.example.com/busybox /media/usb
134
135
136
137       Images are located at:
138
139
140              /media/usb/busybox:1-glibc
141              /media/usb/busybox:1-musl
142              /media/usb/busybox:1-ubuntu
143              /media/usb/busybox:latest
144
145
146
147   Synchronizing to a local directory, scoped
148              $ skopeo sync --src docker --dest dir --scoped registry.example.com/busybox /media/usb
149
150
151
152       Images are located at:
153
154
155              /media/usb/registry.example.com/busybox:1-glibc
156              /media/usb/registry.example.com/busybox:1-musl
157              /media/usb/registry.example.com/busybox:1-ubuntu
158              /media/usb/registry.example.com/busybox:latest
159
160
161
162   Synchronizing to a container registry
163              skopeo sync --src docker --dest docker registry.example.com/busybox my-registry.local.lan
164
165
166
167       Destination registry content:
168
169
170              REPO                         TAGS
171              registry.local.lan/busybox   1-glibc, 1-musl, 1-ubuntu, ..., latest
172
173
174
175   Synchronizing to a container registry keeping the repository
176              skopeo sync --src docker --dest docker registry.example.com/repo/busybox my-registry.local.lan/repo
177
178
179
180       Destination registry content:
181
182
183              REPO                              TAGS
184              registry.local.lan/repo/busybox   1-glibc, 1-musl, 1-ubuntu, ..., latest
185
186
187
188   YAML file content (used source for **--src yaml**)
189              registry.example.com:
190                  images:
191                      busybox: []
192                      redis:
193                          - "1.0"
194                          - "2.0"
195                  credentials:
196                      username: john
197                      password: this is a secret
198                  tls-verify: true
199                  cert-dir: /home/john/certs
200              quay.io:
201                  tls-verify: false
202                  images:
203                      coreos/etcd:
204                          - latest
205
206
207
208       This will  copy  the  following  images:  -  Repository  registry.exam‐
209       ple.com/busybox:  all  images,  as no tags are specified.  - Repository
210       registry.example.com/redis: images tagged "1.0" and "2.0".   -  Reposi‐
211       tory quay.io/coreos/etcd: images tagged "latest".
212
213
214       For  the  registry  registry.example.com, the "john"/"this is a secret"
215       credentials  are  used,  with  server  TLS  certificates   located   at
216       /home/john/certs.
217
218
219       TLS  verification  is  normally enabled, and it can be disabled setting
220       tls-verify to true.  In the above example, TLS verification is  enabled
221       for reigstry.example.com, while is disabled for quay.io.
222
223

SEE ALSO

225       skopeo(1), podman-login(1), docker-login(1)
226
227

AUTHORS

229       Flavio  Castelli  fcastelli@suse.com ⟨mailto:fcastelli@suse.com⟩, Marco
230       Vedovati mvedovati@suse.com ⟨mailto:mvedovati@suse.com⟩
231
232
233
234                                                              skopeo-sync(1)()