0

I have 3 docker registries in my nexus repo: docker-hosted, docker-proxy, docker-group

docker-hosted is a registry that I can push images into it. docker-proxy is used when I want to pull images from the docker hub and used as a cache for the docker hub. I grouped these 2 registries in a docker-group repo.

I use this config in my Nginx so I can easily push and pull the docker images from my nexus repo.

    server {
        listen   *:443 default_server ssl;

.........................

        location ~ ^/(v1|v2)/[^/]+/?[^/]+/blobs/ {
            if ($request_method ~* (POST|PUT|DELETE|PATCH|HEAD) ) {
                rewrite ^/(.*)$ /repository/docker-hosted/$1 last;
            }
            rewrite ^/(.*)$ /repository/docker-group/$1 last;
        }

        location ~ ^/(v1|v2)/ {
            if ($request_method ~* (POST|PUT|DELETE|PATCH) ) {
                rewrite ^/(.*)$ /repository/docker-hosted/$1 last;
            }
            rewrite ^/(.*)$ /repository/docker-group/$1 last;
        }

        location / {
            proxy_pass http://nexus:8081/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto "https";
        }
    }

I have a simple dockerfile:

FROM mynexusrepo.com/python:3.7.1
ENV PYTHONUNBUFFERED=1
WORKDIR /code
COPY requirements.txt /code/
RUN pip install -r requirements.txt --default-timeout=1000 --no-cache-dir
COPY . /code/
CMD python /code/manage.py makemigrations && python /code/manage.py migrate && python /code/manage.py runserver 0.0.0.0:666

when I push this to registry I get this error:

cacb7942af06: Layer already exists
26636c98b4ec: Layer already exists
11fb6501ac00: Layer already exists
77ec1bf82c58: Layer already exists
c660d5dc256a: Layer already exists
9e701d0e0edd: Layer already exists
3294fae58626: Layer already exists
9e89ea4aeda3: Layer already exists
e02b32b1ff99: Layer already exists
f75e64f96dbc: Layer already exists
8f7ee6d76fd9: Layer already exists
c23711a84ad4: Layer already exists
90d1009ce6fe: Layer already exists
errors:
blob unknown: blob unknown to registry
blob unknown: blob unknown to registry
blob unknown: blob unknown to registry
blob unknown: blob unknown to registry
blob unknown: blob unknown to registry
blob unknown: blob unknown to registry
blob unknown: blob unknown to registry
blob unknown: blob unknown to registry
blob unknown: blob unknown to registry

nexus log:

Manifest refers to missing layer: sha256:dd7cc9ace2427e64037752916207e90ff203948d45fff8eb41cd250413c27f10 for: ....

I found that the missing layers are for mynexusrepo.com/python:3.7.1 . so I create a new python:3.7.1 with the tag mynexusrepo.com/python:3.7.1 and push it to my repo.

I check the nexus and find out that I can't reference the layer from docker-proxy to docker-hosted.

is there any solution to this problem?

Nader
  • 318
  • 1
  • 6
  • 16

1 Answers1

0

Unfortunately, this nexus bug NEXUS-28247 caused a similar issue for us around docker images.

After checking nexus developer forums and speaking directly to the company the only resolution was:

saving what was possible to fetch from the private nexus repo --> reverting to an earlier backup --> recreating images by CICD if possible.

I know this doesn't resolve your current situation but at least it explains the why of it.

under version 3.32.0 release notes they mentioned the bug fix

The forum in question nexus-developers

Noam Yizraeli
  • 4,446
  • 18
  • 35