1skopeo-sync(1)()                                              skopeo-sync(1)()
2
3
4

NAME

6       skopeo-sync - Synchronize images between container registries and local
7       directories.
8
9

SYNOPSIS

11       skopeo sync --src transport --dest transport source destination
12
13

DESCRIPTION

15       Synchronize images between container registries and local  directories.
16       The  synchronization  is  achieved  by  copying all the images found at
17       source to destination.
18
19
20       Useful to synchronize a local container registry mirror, and to to pop‐
21       ulate registries running inside of air-gapped environments.
22
23
24       Differently  from  other  skopeo  commands,  skopeo  sync requires both
25       source and destination  transports  to  be  specified  separately  from
26       source and destination.  One of the problems of prefixing a destination
27       with its transport is that, the registry  docker://hostname:port  would
28       be  wrongly  interpreted as an image reference at a non-fully qualified
29       registry, with hostname and port the image name and tag.
30
31
32       Available source transports:
33        - docker (i.e. --src docker): source is a repository hosted on a  con‐
34       tainer registry (e.g.: registry.example.com/busybox).
35        If no image tag is specified, skopeo sync copies all the tags found in
36       that repository.
37        - dir (i.e. --src dir): source is a local directory path  (e.g.:  /me‐
38       dia/usb/). Refer to skopeo(1) dir:path for the local image format.
39        - yaml (i.e. --src yaml): source is local YAML file path.
40        The  YAML file should specify the list of images copied from different
41       container registries (local directories are not  supported).  Refer  to
42       EXAMPLES for the file format.
43
44
45       Available destination transports:
46        -  docker  (i.e.  --dest  docker): destination is a container registry
47       (e.g.: my-registry.local.lan).
48        - dir (i.e. --dest dir): destination is a local directory path  (e.g.:
49       /media/usb/).
50        One directory per source 'image:tag' is created for each copied image.
51
52
53       When  the  --scoped  option  is specified, images are prefixed with the
54       source image path so that multiple images with the  same  name  can  be
55       stored at destination.
56
57

OPTIONS

59       --all  If  one of the images in src refers to a list of images, instead
60       of copying just the image which matches the current OS and architecture
61       (subject  to  the  use of the global --override-os, --override-arch and
62       --override-variant options), attempt to copy all of the images  in  the
63       list, and the list itself.
64
65
66       --authfile path
67
68
69       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
70       ers/auth.json, which is set using skopeo login.  If  the  authorization
71       state  is  not found there, $HOME/.docker/config.json is checked, which
72       is set using docker login.
73
74
75       --src-authfile path
76
77
78       Path of the authentication file for  the  source  registry.  Uses  path
79       given by --authfile, if not provided.
80
81
82       --dest-authfile path
83
84
85       Path of the authentication file for the destination registry. Uses path
86       given by --authfile, if not provided.
87
88
89       --src transport Transport for the source repository.
90
91
92       --dest transport Destination transport.
93
94
95       --format, -f manifest-type Manifest Type (oci, v2s1, or  v2s2)  to  use
96       when  syncing  image(s)  to  a destination (default is manifest type of
97       source).
98
99
100       --scoped Prefix images with the source image path, so that multiple im‐
101       ages with the same name can be stored at destination.
102
103
104       --remove-signatures  Do not copy signatures, if any, from source-image.
105       This is necessary when copying a signed image to  a  destination  which
106       does not support signatures.
107
108
109       --sign-by=key-id  Add  a  signature using that key ID for an image name
110       corresponding to destination-image.
111
112
113       --src-creds username[:password] for accessing the source registry.
114
115
116       --dest-creds username[:password] for  accessing  the  destination  reg‐
117       istry.
118
119
120       --src-cert-dir  path Use certificates (*.crt, *.cert, *.key) at path to
121       connect to the source registry or daemon.
122
123
124       --src-no-creds bool-value Access the registry anonymously.
125
126
127       --src-tls-verify bool-value Require HTTPS and verify certificates  when
128       talking to a container source registry or daemon (defaults to true).
129
130
131       --dest-cert-dir path Use certificates (*.crt, *.cert, *.key) at path to
132       connect to the destination registry or daemon.
133
134
135       --dest-no-creds bool-value  Access the registry anonymously.
136
137
138       --dest-tls-verify bool-value Require HTTPS and verify certificates when
139       talking  to  a  container  destination  registry or daemon (defaults to
140       true).
141
142
143       --src-registry-token Bearer token for accessing the source registry.
144
145
146       --dest-registry-token Bearer token for accessing the  destination  reg‐
147       istry.
148
149

EXAMPLES

151   Synchronizing to a local directory
152              $ skopeo sync --src docker --dest dir registry.example.com/busybox /media/usb
153
154
155
156       Images are located at:
157
158
159              /media/usb/busybox:1-glibc
160              /media/usb/busybox:1-musl
161              /media/usb/busybox:1-ubuntu
162              /media/usb/busybox:latest
163
164
165
166   Synchronizing to a container registry from local
167       Images are located at:
168
169
170              /media/usb/busybox:1-glibc
171
172
173
174       Sync run
175
176
177              $ skopeo sync --src dir --dest docker /media/usb/busybox:1-glibc my-registry.local.lan/test/
178
179
180
181       Destination registry content:
182
183
184              REPO                                 TAGS
185              my-registry.local.lan/test/busybox   1-glibc
186
187
188
189   Synchronizing to a local directory, scoped
190              $ skopeo sync --src docker --dest dir --scoped registry.example.com/busybox /media/usb
191
192
193
194       Images are located at:
195
196
197              /media/usb/registry.example.com/busybox:1-glibc
198              /media/usb/registry.example.com/busybox:1-musl
199              /media/usb/registry.example.com/busybox:1-ubuntu
200              /media/usb/registry.example.com/busybox:latest
201
202
203
204   Synchronizing to a container registry
205              skopeo sync --src docker --dest docker registry.example.com/busybox my-registry.local.lan
206
207
208
209       Destination registry content:
210
211
212              REPO                         TAGS
213              registry.local.lan/busybox   1-glibc, 1-musl, 1-ubuntu, ..., latest
214
215
216
217   Synchronizing to a container registry keeping the repository
218              skopeo sync --src docker --dest docker registry.example.com/repo/busybox my-registry.local.lan/repo
219
220
221
222       Destination registry content:
223
224
225              REPO                              TAGS
226              registry.local.lan/repo/busybox   1-glibc, 1-musl, 1-ubuntu, ..., latest
227
228
229
230   YAML file content (used source for **--src yaml**)
231              registry.example.com:
232                  images:
233                      busybox: []
234                      redis:
235                          - "1.0"
236                          - "2.0"
237                          - "sha256:0000000000000000000000000000000011111111111111111111111111111111"
238                  images-by-tag-regex:
239                      nginx: ^1\.13\.[12]-alpine-perl$
240                  credentials:
241                      username: john
242                      password: this is a secret
243                  tls-verify: true
244                  cert-dir: /home/john/certs
245              quay.io:
246                  tls-verify: false
247                  images:
248                      coreos/etcd:
249                          - latest
250
251
252
253       If the yaml filename is sync.yml, sync run:
254
255
256              skopeo sync --src yaml --dest docker sync.yml my-registry.local.lan/repo/
257
258
259
260       This  will  copy  the  following  images:  -  Repository registry.exam‐
261       ple.com/busybox: all images, as no tags are  specified.   -  Repository
262       registry.example.com/redis:  images  tagged  "1.0" and "2.0" along with
263       image                            with                            digest
264       "sha256:0000000000000000000000000000000011111111111111111111111111111111".
265       -     Repository     registry.example.com/nginx:     images      tagged
266       "1.13.1-alpine-perl"    and    "1.13.2-alpine-perl".     -   Repository
267       quay.io/coreos/etcd: images tagged "latest".
268
269
270       For the registry registry.example.com, the "john"/"this  is  a  secret"
271       credentials   are   used,  with  server  TLS  certificates  located  at
272       /home/john/certs.
273
274
275       TLS verification is normally enabled, and it can  be  disabled  setting
276       tls-verify to false.  In the above example, TLS verification is enabled
277       for registry.example.com, while is disabled for quay.io.
278
279

SEE ALSO

281       skopeo(1), skopeo-login(1),  docker-login(1),  containers-auth.json(5),
282       containers-policy.json(5), containers-transports(5)
283
284

AUTHORS

286       Flavio  Castelli  fcastelli@suse.com ⟨mailto:fcastelli@suse.com⟩, Marco
287       Vedovati mvedovati@suse.com ⟨mailto:mvedovati@suse.com⟩
288
289
290
291                                                              skopeo-sync(1)()
Impressum