1skopeo-sync(1)()                                              skopeo-sync(1)()
2
3
4

NAME

6       skopeo-sync - Synchronize images between container registries and local
7       directories.
8
9

SYNOPSIS

11       skopeo sync --src transport --dest transport source destination
12
13

DESCRIPTION

15       Synchronize images between container registries and local  directories.
16       The  synchronization  is  achieved  by  copying all the images found at
17       source to destination.
18
19
20       Useful to synchronize a local container registry mirror, and to to pop‐
21       ulate registries running inside of air-gapped environments.
22
23
24       Differently  from  other  skopeo  commands,  skopeo  sync requires both
25       source and destination  transports  to  be  specified  separately  from
26       source and destination.  One of the problems of prefixing a destination
27       with its transport is that, the registry  docker://hostname:port  would
28       be  wrongly  interpreted as an image reference at a non-fully qualified
29       registry, with hostname and port the image name and tag.
30
31
32       Available source transports:
33        - docker (i.e. --src docker): source is a repository hosted on a  con‐
34       tainer registry (e.g.: registry.example.com/busybox).
35        If no image tag is specified, skopeo sync copies all the tags found in
36       that repository.
37        - dir (i.e. --src dir):  source  is  a  local  directory  path  (e.g.:
38       /media/usb/). Refer to skopeo(1) dir:path for the local image format.
39        - yaml (i.e. --src yaml): source is local YAML file path.
40        The  YAML file should specify the list of images copied from different
41       container registries (local directories are not  supported).  Refer  to
42       EXAMPLES for the file format.
43
44
45       Available destination transports:
46        -  docker  (i.e.  --dest  docker): destination is a container registry
47       (e.g.: my-registry.local.lan).
48        - dir (i.e. --dest dir): destination is a local directory path  (e.g.:
49       /media/usb/).
50        One directory per source 'image:tag' is created for each copied image.
51
52
53       When  the  --scoped  option  is specified, images are prefixed with the
54       source image path so that multiple images with the  same  name  can  be
55       stored at destination.
56
57

OPTIONS

59       --all  If  one of the images in src refers to a list of images, instead
60       of copying just the image which matches the current OS and architecture
61       (subject  to  the  use of the global --override-os, --override-arch and
62       --override-variant options), attempt to copy all of the images  in  the
63       list, and the list itself.
64
65
66       --authfile path
67
68
69       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
70       ers/auth.json, which is set using skopeo login.  If  the  authorization
71       state  is  not found there, $HOME/.docker/config.json is checked, which
72       is set using docker login.
73
74
75       --src-authfile path
76
77
78       Path of the authentication file for  the  source  registry.  Uses  path
79       given by --authfile, if not provided.
80
81
82       --dest-authfile path
83
84
85       Path of the authentication file for the destination registry. Uses path
86       given by --authfile, if not provided.
87
88
89       --src transport Transport for the source repository.
90
91
92       --dest transport Destination transport.
93
94
95       --scoped Prefix images with the source image  path,  so  that  multiple
96       images with the same name can be stored at destination.
97
98
99       --remove-signatures  Do not copy signatures, if any, from source-image.
100       This is necessary when copying a signed image to  a  destination  which
101       does not support signatures.
102
103
104       --sign-by=key-id  Add  a  signature using that key ID for an image name
105       corresponding to destination-image.
106
107
108       --src-creds username[:password] for accessing the source registry.
109
110
111       --dest-creds username[:password] for  accessing  the  destination  reg‐
112       istry.
113
114
115       --src-cert-dir  path Use certificates (*.crt, *.cert, *.key) at path to
116       connect to the source registry or daemon.
117
118
119       --src-no-creds bool-value Access the registry anonymously.
120
121
122       --src-tls-verify bool-value Require HTTPS and verify certificates  when
123       talking to a container source registry or daemon (defaults to true).
124
125
126       --dest-cert-dir path Use certificates (*.crt, *.cert, *.key) at path to
127       connect to the destination registry or daemon.
128
129
130       --dest-no-creds bool-value  Access the registry anonymously.
131
132
133       --dest-tls-verify bool-value Require HTTPS and verify certificates when
134       talking  to  a  container  destination  registry or daemon (defaults to
135       true).
136
137
138       --src-registry-token Bearer token for accessing the source registry.
139
140
141       --dest-registry-token Bearer token for accessing the  destination  reg‐
142       istry.
143
144

EXAMPLES

146   Synchronizing to a local directory
147              $ skopeo sync --src docker --dest dir registry.example.com/busybox /media/usb
148
149
150
151       Images are located at:
152
153
154              /media/usb/busybox:1-glibc
155              /media/usb/busybox:1-musl
156              /media/usb/busybox:1-ubuntu
157              /media/usb/busybox:latest
158
159
160
161   Synchronizing to a container registry from local
162       Images are located at:
163
164
165              /media/usb/busybox:1-glibc
166
167
168
169       Sync run
170
171
172              $ skopeo sync --src dir --dest docker /media/usb/busybox:1-glibc my-registry.local.lan/test/
173
174
175
176       Destination registry content:
177
178
179              REPO                                 TAGS
180              my-registry.local.lan/test/busybox   1-glibc
181
182
183
184   Synchronizing to a local directory, scoped
185              $ skopeo sync --src docker --dest dir --scoped registry.example.com/busybox /media/usb
186
187
188
189       Images are located at:
190
191
192              /media/usb/registry.example.com/busybox:1-glibc
193              /media/usb/registry.example.com/busybox:1-musl
194              /media/usb/registry.example.com/busybox:1-ubuntu
195              /media/usb/registry.example.com/busybox:latest
196
197
198
199   Synchronizing to a container registry
200              skopeo sync --src docker --dest docker registry.example.com/busybox my-registry.local.lan
201
202
203
204       Destination registry content:
205
206
207              REPO                         TAGS
208              registry.local.lan/busybox   1-glibc, 1-musl, 1-ubuntu, ..., latest
209
210
211
212   Synchronizing to a container registry keeping the repository
213              skopeo sync --src docker --dest docker registry.example.com/repo/busybox my-registry.local.lan/repo
214
215
216
217       Destination registry content:
218
219
220              REPO                              TAGS
221              registry.local.lan/repo/busybox   1-glibc, 1-musl, 1-ubuntu, ..., latest
222
223
224
225   YAML file content (used source for **--src yaml**)
226              registry.example.com:
227                  images:
228                      busybox: []
229                      redis:
230                          - "1.0"
231                          - "2.0"
232                          - "sha256:0000000000000000000000000000000011111111111111111111111111111111"
233                  images-by-tag-regex:
234                      nginx: ^1\.13\.[12]-alpine-perl$
235                  credentials:
236                      username: john
237                      password: this is a secret
238                  tls-verify: true
239                  cert-dir: /home/john/certs
240              quay.io:
241                  tls-verify: false
242                  images:
243                      coreos/etcd:
244                          - latest
245
246
247
248       If the yaml filename is sync.yml, sync run:
249
250
251              skopeo sync --src yaml --dest docker sync.yml my-registry.local.lan/repo/
252
253
254
255       This  will  copy  the  following  images:  -  Repository registry.exam‐
256       ple.com/busybox: all images, as no tags are  specified.   -  Repository
257       registry.example.com/redis:  images  tagged  "1.0" and "2.0" along with
258       image                            with                            digest
259       "sha256:0000000000000000000000000000000011111111111111111111111111111111".
260       -     Repository     registry.example.com/nginx:     images      tagged
261       "1.13.1-alpine-perl"    and    "1.13.2-alpine-perl".     -   Repository
262       quay.io/coreos/etcd: images tagged "latest".
263
264
265       For the registry registry.example.com, the "john"/"this  is  a  secret"
266       credentials   are   used,  with  server  TLS  certificates  located  at
267       /home/john/certs.
268
269
270       TLS verification is normally enabled, and it can  be  disabled  setting
271       tls-verify to false.  In the above example, TLS verification is enabled
272       for registry.example.com, while is disabled for quay.io.
273
274

SEE ALSO

276       skopeo(1), skopeo-login(1),  docker-login(1),  containers-auth.json(5),
277       containers-policy.json(5), containers-transports(5)
278
279

AUTHORS

281       Flavio  Castelli  fcastelli@suse.com ⟨mailto:fcastelli@suse.com⟩, Marco
282       Vedovati mvedovati@suse.com ⟨mailto:mvedovati@suse.com⟩
283
284
285
286                                                              skopeo-sync(1)()
Impressum