docker 创建私有仓库registry 链接ldap
2017-06-15 16:23
771 查看
1,与前边一篇步骤一样,只是将auth_config.yml中加点配置,在里边改吧改吧,即
actions: []
2,运行命令:
1,docker run -d --name docker_auth -p 5001:5001 \
-v /data/192.168.111.128/config:/config:ro \
--restart=always \
-v /data/192.168.111.128/ssl:/ssl cesanta/docker_auth /config/ldap_auth.yml
3,docker run -d -p 5000:5000 \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-e REGISTRY_AUTH=token \
-e REGISTRY_AUTH_TOKEN_REALM=https://192.168.111.128:5001/auth \
-e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \
-e REGISTRY_AUTH_TOKEN_ISSUER="Acme auth server" \
-e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem \
-v /data/192.168.111.128/ssl:/ssl \
--restart=always \
--name registry registry
4,就可以用ldap中的用户登录,push和pull了。
| # . See reference.yml for explanation for explanation of all options. |
| # |
| # auth: |
| # token: |
| # realm: "https://127.0.0.1:5001/auth" |
| # service: "Docker registry" |
| # issuer: "Acme auth server" |
| # rootcertbundle: "/path/to/server.pem" |
| server: |
| addr: ":5001" |
| certificate: "/certs/auth.crt" |
| key: "/certs/auth.key" |
| token: |
| issuer: "Acme auth server" # Must match issuer in the Registry config. |
| expiration: 900 |
| # LDAP authentication. |
| # Authentication is performed by first binding to the server, looking up the user entry |
| # by using the specified filter, and then re-binding using the matched DN and the password provided. |
| ldap_auth: |
| addr: "ldap:389" |
| #tls: true |
| # In case bind DN and password is required for querying user information, |
| # specify them here. Plain text password is read from the file. |
| bind_dn: "uid=serviceaccount,ou=it,dc=example,dc=com" |
| # Make sure you remove newlines and carriage returns from the password file. |
| bind_password_file: /tmp/ldap_password.txt.clean |
| # User query settings. ${account} is expanded from auth request |
| base: "ou=musicians,dc=example,dc=com" |
| filter: "(&(uid=${account})(objectClass=organizationalPerson))" |
| users: |
| # Password is specified as a BCrypt hash. Use htpasswd -B to generate. |
| "admin": |
| password: "$2y$05$LO.vzwpWC5LZGqThvEfznu8qhb5SGqvBSWY1J3yZ4AxtMRZ3kN5jC" # badmin |
| "test": |
| password: "$2y$05$WuwBasGDAgr.QCbGIjKJaep4dhxeai9gNZdmBnQXqpKly57oNutya" # 123 |
| acl: |
| # Admin has full access to everything. |
| - match: {account: "admin"} |
| actions: ["*"] |
| # User "user" can pull stuff. |
| - match: {account: "test"} |
| actions: ["pull"] |
| # This will allow authenticated users to pull/push |
| - match: |
| account: /.+/ |
| actions: ['*'] |
| # The user "serviceaccount" (from LDAP) may not perform any docker actions |
| # like push or pull. |
| - match: {account: "serviceaccount"} |
2,运行命令:
1,docker run -d --name docker_auth -p 5001:5001 \
-v /data/192.168.111.128/config:/config:ro \
--restart=always \
-v /data/192.168.111.128/ssl:/ssl cesanta/docker_auth /config/ldap_auth.yml
3,docker run -d -p 5000:5000 \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-e REGISTRY_AUTH=token \
-e REGISTRY_AUTH_TOKEN_REALM=https://192.168.111.128:5001/auth \
-e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \
-e REGISTRY_AUTH_TOKEN_ISSUER="Acme auth server" \
-e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem \
-v /data/192.168.111.128/ssl:/ssl \
--restart=always \
--name registry registry
4,就可以用ldap中的用户登录,push和pull了。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 使用Docker registry镜像创建私有仓库
- Docker Registry创建自己私有仓库
- 使用Docker registry镜像创建私有仓库
- 使用Docker registry镜像创建私有仓库的方法
- 使用Docker registry镜像创建私有仓库
- docker 创建和使用私有仓库
- 转载:教你分分钟搞定Docker私有仓库Registry
- 局域网部署docker--从无到有创建自己的docker私有仓库
- docker私有仓库搭建 使用Portus管理docker registry 私有仓库
- docker registry私有仓库部署
- docker基础:私有仓库repository搭建(1):registry
- 如何创建一个有密码保护的私有Docker Registry
- 可能是最详细的部署:Docker Registry企业级私有镜像仓库Harbor管理WEB UI
- docker 创建镜像,并推送到私有仓库
- docker创建 私有仓库
- docker私有仓库registry的本地搭建
- 创建docker私有仓库
- Docker私有仓库registry+nginx(https) for centos7.2
- Docker私有仓库Registry 搭建
- docker 搭建registry私有仓库 (Centos6.5)