Add aliyun mirror support to hack/install.sh#28858
Add aliyun mirror support to hack/install.sh#28858twang2218 wants to merge 1 commit intomoby:masterfrom
Conversation
hack/install.sh
Outdated
There was a problem hiding this comment.
Would you mind removing the trailing /s for consistency?
Signed-off-by: Tao Wang <twang2218@gmail.com>
d4faec3 to
9c79ff2
Compare
|
An idea for supporting other mirrors, e.g. aliyuncs (can be another PR)
@twang2218 @Hyzhou |
|
There are 2 docker repo mirrors in Aliyun. One for public, another one for Aliyun internal hosts. Reference: http://acs-public-mirror.oss-cn-hangzhou.aliyuncs.com/docker-engine/help?spm=5176.100239.blogcont7695.10.ddIFD3 According to the 2 modified version of install.sh, public: http://acs-public-mirror.oss-cn-hangzhou.aliyuncs.com/docker-engine/internet, and internal: http://acs-public-mirror.oss-cn-hangzhou.aliyuncs.com/docker-engine/intranet, the public docker repo mirror is: apt_url="http://mirrors.aliyun.com/docker-engine/apt"
yum_url="http://mirrors.aliyun.com/docker-engine/yum"and internal mirror is: apt_url="http://mirrors.cloud.aliyuncs.com/docker-engine/apt"
yum_url="http://mirrors.cloud.aliyuncs.com/docker-engine/yum"Public mirror are accessible from both inside of Alibaba Cloud and outside public internet, but only Alibaba Cloud internal hosts can access the internal mirror. So I don't think we should add a cloud-specific mirror to the official script. BTW, @AkihiroSuda About Such as, DaoCloud repo mirror, another popular docker mirror in China. http://get.daocloud.io/docker/, they use different schema. apt: https://get.daocloud.io/docker/apt-repo, yum: https://get.daocloud.io/docker/yum-repo. And about allowing arbitrary mirrors, I think it's quite useful. The use cases of using mirrors are not limited to China's GFW situation, some companies have restricted internet access, only limited sites can be accessed from internal, so if user can specify a internal supervised repo mirror, it's good for both security and speed. As long as the downloaded packages can be trusted, I think install.sh should support user specified mirror. |
Yes, so, if we adopt the CLI proposed in #28858 (comment), DaoCloud customers would be able to use and . However, they would not be able to use |
|
cc @allencloud |
|
Great, Thanks a lot @AkihiroSuda @twang2218 /cc @yank1, my colleague in DaoCloud. |
|
HI @AkihiroSuda , DaoCloud has offered a Docker Mirror to the community for about 1.5 years. It's very useful and fast in China. And it's trusted by many users. We are very glad to see the official mirror script support mirroring now. And we are working on the new schema like Azure. |
|
/cc @icecrime |
|
@twang2218 it looks like the mirror doesn't support the |
|
@friism Yes, 😞 , AFAIK, the aliyun mirror doesn't support |
|
Actually I found that script in https://get.docker.com/ has not been updated. Since there is no any mirrors there. Even no AzureChinaCloud. Maybe we need to use this install_docker.sh to update https://get.docker.com/. |
|
@allencloud i think it was merged after 1.12, so will be updated together with 1.13 (unless we manually update); https://test.docker.com does have it though |
|
@allencloud The script on https://get.docker.com/ is for current released version, which should be 1.12.3. And the AzureChinaCloud mirror support is added after that, and now it's on https://test.docker.com/ and https://experimental.docker.com/ |
|
+1 on arbitrary mirrors. As @twang2218 mentioned, replacing default mirror cloud be quite useful not only to Chinese users (who face GFW), but any users within restricted / not-very-ideal network environments. Hard-coded mirrors won't help the latter. Besides, I think it's not very appropriate to include non-https mirrors in official installation script. It introduces risks to those who place their trust in docker team keeping the script safe. However, it's OK for users to specify a non-https mirror by themselves, as they should understand what they are doing and the risks behind it. While I like the CLI proposed by @AkihiroSuda, I guess it may be easier to implement something like this: --apt-mirror xxx --yum-mirror xxx |
|
I'm -1 on supporting just any URL. This script is intended as an "express" install to bootstrap docker, but not intended for "serious" use. If more customizations are desired, it's easy for users to either write a custom script, or follow the manual procedure.
Agreed, it should be a TLS mirror (although the gpg key is used to verify the downloaded binaries) |
I guess this got more important in light of CVE-2016-1252 / DSA-3733-1 in apt ping @Hyzhou do you know if a TLS mirror is being worked on? |
|
That is great for users to use a mirror which supports https. Actually now DaoCloud mirror has updated to the consistent apt shema and supported https. |
|
@allencloud Have you done the updating the directory structure to match the official repo? I tried but I think the structure is still as same as before. For example, the But there is no And
And the index of download directories is disabled, so I cannot understand the file structure, so I'm not sure this structure is followed. Maybe I still accessed the old repo? Could you point me to the updated apt/yum repo of DaoCloud? So, maybe I can create another PR for adding DaoCloud mirror to the 'hack/install.sh'. |
|
Sorry, @twang2218 I'm closing this PR for now, given that there's no TLS support yet for this mirror, but ping us if TLS support was added, then we can look at this again. |
|
The TLS support is enabled for Aliyun mirror, and the new PR is opened in #30907 Thanks |
Add Aliyun Docker apt/yum mirror support to
hack/install.sh, so it will help people in China to overcome firewall issue. To use Aliyun mirror, just runcurl -sSL https://get.docker.com/ | sh -s -- --mirror AliyunSigned-off-by: Tao Wang twang2218@gmail.com