docker 创建私有仓库registry 链接ldap
2017-06-15 16:23
771 查看
1,与前边一篇步骤一样,只是将auth_config.yml中加点配置,在里边改吧改吧,即
actions: []
2,运行命令:
1,docker run -d --name docker_auth -p 5001:5001 \
-v /data/192.168.111.128/config:/config:ro \
--restart=always \
-v /data/192.168.111.128/ssl:/ssl cesanta/docker_auth /config/ldap_auth.yml
3,docker run -d -p 5000:5000 \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-e REGISTRY_AUTH=token \
-e REGISTRY_AUTH_TOKEN_REALM=https://192.168.111.128:5001/auth \
-e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \
-e REGISTRY_AUTH_TOKEN_ISSUER="Acme auth server" \
-e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem \
-v /data/192.168.111.128/ssl:/ssl \
--restart=always \
--name registry registry
4,就可以用ldap中的用户登录,push和pull了。
# . See reference.yml for explanation for explanation of all options. |
# |
# auth: |
# token: |
# realm: "https://127.0.0.1:5001/auth" |
# service: "Docker registry" |
# issuer: "Acme auth server" |
# rootcertbundle: "/path/to/server.pem" |
server: |
addr: ":5001" |
certificate: "/certs/auth.crt" |
key: "/certs/auth.key" |
token: |
issuer: "Acme auth server" # Must match issuer in the Registry config. |
expiration: 900 |
# LDAP authentication. |
# Authentication is performed by first binding to the server, looking up the user entry |
# by using the specified filter, and then re-binding using the matched DN and the password provided. |
ldap_auth: |
addr: "ldap:389" |
#tls: true |
# In case bind DN and password is required for querying user information, |
# specify them here. Plain text password is read from the file. |
bind_dn: "uid=serviceaccount,ou=it,dc=example,dc=com" |
# Make sure you remove newlines and carriage returns from the password file. |
bind_password_file: /tmp/ldap_password.txt.clean |
# User query settings. ${account} is expanded from auth request |
base: "ou=musicians,dc=example,dc=com" |
filter: "(&(uid=${account})(objectClass=organizationalPerson))" |
users: |
# Password is specified as a BCrypt hash. Use htpasswd -B to generate. |
"admin": |
password: "$2y$05$LO.vzwpWC5LZGqThvEfznu8qhb5SGqvBSWY1J3yZ4AxtMRZ3kN5jC" # badmin |
"test": |
password: "$2y$05$WuwBasGDAgr.QCbGIjKJaep4dhxeai9gNZdmBnQXqpKly57oNutya" # 123 |
acl: |
# Admin has full access to everything. |
- match: {account: "admin"} |
actions: ["*"] |
# User "user" can pull stuff. |
- match: {account: "test"} |
actions: ["pull"] |
# This will allow authenticated users to pull/push |
- match: |
account: /.+/ |
actions: ['*'] |
# The user "serviceaccount" (from LDAP) may not perform any docker actions |
# like push or pull. |
- match: {account: "serviceaccount"} |
2,运行命令:
1,docker run -d --name docker_auth -p 5001:5001 \
-v /data/192.168.111.128/config:/config:ro \
--restart=always \
-v /data/192.168.111.128/ssl:/ssl cesanta/docker_auth /config/ldap_auth.yml
3,docker run -d -p 5000:5000 \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-e REGISTRY_AUTH=token \
-e REGISTRY_AUTH_TOKEN_REALM=https://192.168.111.128:5001/auth \
-e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \
-e REGISTRY_AUTH_TOKEN_ISSUER="Acme auth server" \
-e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem \
-v /data/192.168.111.128/ssl:/ssl \
--restart=always \
--name registry registry
4,就可以用ldap中的用户登录,push和pull了。
相关文章推荐
- 使用Docker registry镜像创建私有仓库
- Docker Registry创建自己私有仓库
- 使用Docker registry镜像创建私有仓库
- 使用Docker registry镜像创建私有仓库的方法
- 使用Docker registry镜像创建私有仓库
- docker 创建和使用私有仓库
- 转载:教你分分钟搞定Docker私有仓库Registry
- 局域网部署docker--从无到有创建自己的docker私有仓库
- docker私有仓库搭建 使用Portus管理docker registry 私有仓库
- docker registry私有仓库部署
- docker基础:私有仓库repository搭建(1):registry
- 如何创建一个有密码保护的私有Docker Registry
- 可能是最详细的部署:Docker Registry企业级私有镜像仓库Harbor管理WEB UI
- docker 创建镜像,并推送到私有仓库
- docker创建 私有仓库
- docker私有仓库registry的本地搭建
- 创建docker私有仓库
- Docker私有仓库registry+nginx(https) for centos7.2
- Docker私有仓库Registry 搭建
- docker 搭建registry私有仓库 (Centos6.5)