Scale your Development Experience by Migrating any Container Registry to Artifactory
With the range of available package formats developers have to work with today, the complexity of managing and maintaining these tools is continuously growing. JFrog Artifactory is a universal artifact manager that supports all major package formats, that fits in with virtually any development ecosystem – including Docker environments.
For an enhanced experience working with Docker you can seamlessly migrate your Docker registry to Artifactory.
Whether you are using Amazon’s ECR, Docker’s DTR, Docker Hub, Google’s GCR, Quay or any generic token based registry, the process can be as simple as running a single command when you use our Docker2Artifactory migrator. This includes Docker image migration as well as permissions migration for select sources. Migration includes groups, users, permissions, and organization robots (for quay) for select sources.
Determine your source and authentication methods
The Docker2Artifactory migrator tool adapts to the various registries, each with their own unique mode of operation and authentication requirements. As such, the first step to migrating will be to determine what type of registry you are using. See the chart below to determine the source and authentication methods you should be using:
| Registry Provider | Option to use | Authentication method |
| Amazon | ecr | AWS generated token |
| gcr | JSON Key file | |
| Quay (quay.io) | quay | OAuth2 Access Token |
| Quay (on premise enterprise) | quayee | Super user username/password or OAuth2 Access Token |
| Other (DTR, Artifactory, etc) | generic | Anonymous or username/password |
How it all works
Once you know your source and the type of authentication method, you are ready to migrate. You may be asking yourself, what exactly is the tool doing? The tool works by using common Docker REST APIs where available and registry provided custom APIs when they are not. The tool will use your credentials to perform various calls and build a list of images that should be migrated. Once the list is in place, it will call on various workers to simultaneously download and deploy the images to the specified Artifactory repository. The tool is smart enough to migrate only what it needs to and will not overwrite existing images (unless you tell it to). Once the process is complete, it will produce a report of the number of images it found and the number it successfully migrated.
Migrate only the repositories you want
You get to determine what you want to migrate, whether it is the entire contents of the source registry or just a subset. The default behavior of the tool is to search for and migrate each and every tag for all the repositories. You also have the option to provide a list of repository and/or repository:tag combinations. If you specify a repository name without a tag, all tags of that repository will be migrated by default. In some cases you wouldn’t want this and you would only want to migrate specific tags. In those cases, all you have to do is to specify a repository:tag combination, and only that specific tag will be imported.
Some Examples
GCR
$ python DockerMigrator.py gcr my-gcr-permissions.json https://my-new.artifactory/artifactory admin password docker-local
ECR
$ aws ecr get-login --no-include-email
docker login -u AWS -p eyh...h9 https://113776848705.dkr.ecr.us-west-2.amazonaws.com
$ python DockerMigrator.py ecr https://113776848705.dkr.ecr.us-west-2.amazonaws.com eyh...h9 https://my-new.artifactory/artifactory admin password docker-local
Generic (anonymous) with image file
$ python DockerMigrator.py generic https://registry-1.docker.io https://my-new.artifactory/artifactory admin password docker-local --image-file image-file.txt
Generic with credentials
$ python DockerMigrator.py generic https://registry-1.docker.io https://my-new.artifactory/artifactory admin password docker-local --source-username someuser --source-password somepassword
Migrate permissions data
Several registries have built in user, group and permission management. To help ease your transition, you can use the accompanying SecurityMigrator tool to map these to your Artifactory instance. This is currently supported for Quay Enterprise Edition and DTR.
All of the details and examples on how to use this tool and what it offers can be found in our public Docker2Artifactory project on GitHub.
Visit us at DockerCon in San Francisco between June 12-14th at our Booth G22 to learn how to Migrate your Containers to Artifactory.
