How to find all image tags of a running Docker container?

前端 未结 4 847
没有蜡笔的小新
没有蜡笔的小新 2021-02-19 10:18

I have a bunch of Docker containers running on a server and I used the \"latest\" tag or no tag at all for all of them. Now I want to freeze the image versions, but I have no id

相关标签:
4条回答
  • 2021-02-19 10:47

    The RepoDigest field in the image inspect will have a sha256 reference if you pulled the image from a registry:

    docker ps --format '{{.Image}}' | xargs \
      docker image inspect --format '{{if .RepoDigests}}{{index .RepoDigests 0}}{{end}}'
    

    For a single image like node:latest on your host, that looks like:

    docker image inspect --format '{{index .RepoDigests 0}}' node:latest
    

    That digest cannot be changed by a push to the registry of the same tag name. When you pull the updated tag from the registry, you will see this digest update.

    0 讨论(0)
  • 2021-02-19 10:50

    Docker images and containers are identified by an ID and for a running container you can get the Id of its image and then pull the image corresponding to the given ID.

    First you need to use docker inspect on all your running containers in order to get the sha256 Id the image on which the container is based.

    docker inspect returns the image ID under "Image" :

    {
      "Id": "6de053a2afa4499471c5e5c2afe0b0d83c9c7e50fc7e687fb63a7ebfd2bff320",
      ...
      },
      "Image": "sha256:26eb6780e26887a6838684a549562c0404fd85c55f71e0af6c79a4da5505d2a7",
      ....
    }
    

    Then you simply have to pull those images by digest (immutable identifier)

    $ docker pull node@sha256:the-image-digest-here
    

    or

    $ docker pull node@sha256:26eb6780e26887a6838684a549562c0404fd85c55f71e0af6c79a4da5505d2a7
    

    If you are lucky images corresponding to those digests are still available into the docker hub.

    After that, is you are still facing latest images I will suggest you to rename those images with a proper name and tag and pull them in your own docker hub repository to be able to use them directly...

    0 讨论(0)
  • 2021-02-19 10:51

    I think this is a better approach without inspecting the container, as docker ps already printing the docker image tag form which the container is created.

    docker inspect $(docker ps  | awk '{print $2}' | grep -v ID) | jq .[].RepoTags
    

    So first this gets the list of running containers, then inspect each image being used by running container and using jq get all repo tags of that image.

    Here is the output.

    Updated:

    Here is you go using skopeo , you can do using API but will do the effort, so why if you have skopeo

    You do not need to install skopeo you can run the container and then or remove once get the result, or you can install, script support both

    running_container=$(docker ps  | awk '{print $2}' | grep -v ID) 
    echo "running container: $running_container"
    for image in $running_container
    do
    local_tag=$(echo "$image" | awk -F":" '{print $2}')
    if [ -z $local_tag ]; then
    # if tag is empty then tag is latest
    local_tag="latest"
    image="$image":"$local_tag"
    fi
    local_digest=$(docker inspect $image | jq '.[].RepoDigests[]' | awk -F"@" '{print $2}' | tr -d '"')
    echo "Local digest is:" $local_digest
    remote_digest=$(docker run --rm --env image=$image alexeiled/skopeo:latest ash -c "skopeo inspect docker://docker.io/$image" | jq '.Digest' | tr -d '"' )
    echo $remote_digest 
    
    # option2 install the skopeo on your local system
    # remote_digest=$(skopeo inspect docker://docker.io/$image | jq '.Digest' | tr -d '"')
    echo "Remote digest is : "$remote_digest
    
    if [ "${local_digest}" == "${remote_digest}" ]; then
    echo "local image is up to date with remote"
    else
    echo "Remote image is updated; please run docker pull $image"
    fi
    done
    

    0 讨论(0)
  • 2021-02-19 10:58

    The docker inspect command can be used for this. You can take a look at the answer here https://stackoverflow.com/a/54075889/8113039

    0 讨论(0)
提交回复
热议问题