Ship "docker" images to remote isolated Islands in your Infrastructure

Oct 29, 2015·
Dennis
Dennis
· 3 min read
Image credit: DALL-E

It’s quite easy to pull images via docker down to your local developer machine. But sometimes you need to get images onto servers which have no access to the World Wide Web (WWW) nor to an internal docker registry. In this article I show you how to use docker save and docker load to get the required images onto those servers.

Setup test environment

First of all we’re going to make sure, that no root-shell or sudo is required to run docker. If you know what you’re doing or don’t want to change your local setup, you can safely skip this section and go on with the next one, but maybe not all commands will work as expected. Please, add your local user to the docker-group.

# Add user to group
gpasswd -a <user> docker

After that, either logout/login or update your current group to docker with the following command. This command will start a new shell with the docker group being your primary group. So this one is only a temporary “change of group” local to that shell.

# Start shell with new primary group
newgrp docker

Please, check if your groups have been updated. The output you get should be similar to the following.

# Check groups
id
# => uid=1002(test1) gid=142(docker) groups=142(docker),1006(test1)

Pull Image

Now pull the image you need at your isolated remote system, down to your local machine. This assumes, that your machine has unlimited access to the WWW.

    • Pro-Tip
  • If you're using "Arch Linux" and need to use a proxy, create a file named `/etc/docker/proxy.conf`. Add `https_proxy=https://:` and `http_proxy=http://:` to this file. Now copy `/usr/lib/systemd/system/docker.service` to `/etc/systemd/system/docker.service` and add `EnvironmentFile=/etc/docker/proxy.conf` to the `.service`-file. After that run `sudo systemctl daemon-reload` and `sudo systemctl restart docker`.

If you’re behind a proxy, make sure, that “docker” works in such an environment and can pull the image.

# Pull docker image
docker pull feduxorg/centos

Export image

After that, export the downloaded image to a tar.gz-file. It’s important to use docker save here, because this also exports the metadata like the CMD, ENTRYPOINT and ENV. Even the name of the image “feduxorg/centos” is exported.

# Save image
docker save -o image.tar.gz feduxorg/centos

Transfer image to destination

If this has finished, transfer the image to the isolated system. I’m going to use scp (SSH) for this. You may need to use a different tool depending on your environment – or even a USB-stick, an SD-card or a DVD.

# Uplodate image to "host"
scp image.tar.gz <host>:~/

Import image

After that, login to your remote system and import the image there. Please make sure, that your user is also member of the docker-group on the remote system. You can re-use the commands used earlier on your local workstation.

# Login to remote system
ssh <host>

# Import image
docker load -i image.tar.gz

Conclusion

That’s it. Easy, isn’t it? I regularly forget about save and use export instead. The same happens with load and import. But export and import don’t work with meta data which is something I always want to be exported/imported. After using export/import the CMD and ENTRYPOINT of your image are gone. So this article is a reminder for you and me to prevent frustration. Hope this helps you as well.

Thanks for reading!