有没有一种简单的方法可以用LDAP配置Docker Private Registry 2.0?
我试着按照这个指示去做: 在我的RHEL7(3.10内核)机器上。但这是一种连接到LDAP的更快、最简单的方法吗?我已启动Private registry 2.0,并使用TLS自签名证书运行。我能够从外部服务器推拉图像,但仍在寻找快速选项,将其放入我的命令中,以使注册表使用LDAP运行 现在我正在用这个命令运行Docker:有没有一种简单的方法可以用LDAP配置Docker Private Registry 2.0?,docker,ldap,docker-registry,rhel7,Docker,Ldap,Docker Registry,Rhel7,我试着按照这个指示去做: 在我的RHEL7(3.10内核)机器上。但这是一种连接到LDAP的更快、最简单的方法吗?我已启动Private registry 2.0,并使用TLS自签名证书运行。我能够从外部服务器推拉图像,但仍在寻找快速选项,将其放入我的命令中,以使注册表使用LDAP运行 现在我正在用这个命令运行Docker: docker run -d -p 5000:5000 --restart=always --name Docker_registry -v /data/docker_re
docker run -d -p 5000:5000 --restart=always --name Docker_registry -v /data/docker_registry:/var/lib/registry -v /etc/docker/certs.d:/etc/docker/certs.d -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs.d/d-l-tools.ocnet.local.crt -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs.d/d-l-tools.ocnet.local.key registry:2
docker run --rm -it --name docker_auth -p 5001:5001 -v /data/docker_registry/docker/docker_auth-master:/config:ro -v /var/log/docker_auth:/logs cesanta/docker_auth:stable /data/docker_registry/docker/docker_auth-master/docker-compose.yml
你能帮我吗?如果我告诉nginx使用LDAP,则会出现以下错误:
nginx_1 | 2016/05/31 10:37:31 [emerg] 1#1: unknown directive "ldap_server" in /etc/nginx/conf.d/registry.conf:31
nginx_1 | nginx: [emerg] unknown directive "ldap_server" in /etc/nginx/conf.d/registry.conf:31
docker_nginx_1 exited with code 1
似乎需要一个模块来使用ldap,但是当nginx只是一个docker容器时,如何添加它呢
编辑:
我也尝试过这种方法:
但当我使用该命令时:
docker run -d -p 5000:5000 --restart=always --name Docker_registry -v /data/docker_registry:/var/lib/registry -v /etc/docker/certs.d:/etc/docker/certs.d -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs.d/d-l-tools.ocnet.local.crt -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs.d/d-l-tools.ocnet.local.key registry:2
docker run --rm -it --name docker_auth -p 5001:5001 -v /data/docker_registry/docker/docker_auth-master:/config:ro -v /var/log/docker_auth:/logs cesanta/docker_auth:stable /data/docker_registry/docker/docker_auth-master/docker-compose.yml
我犯了那个错误:
F0601 10:42:30.862161 1 main.go:167] Failed to load config: could not read /data/docker_registry/docker/docker_auth-master/docker-compose.yml: open /data/docker_registry/docker/docker_auth-master/docker-compose.yml: no such file or directory
在那个错误之后,我将所有配置推到/tmp并从那里开始,但我遇到了相同的问题(即使我对docker-compose.yml文件拥有777个权限)
我的docker-compose.yml如下所示:
server:
addr: :5001
certificate: /data/docker_registry/docker/certs/docker-registry.crt
key: /data/docker_registry/docker/certs/docker-registry.key
token:
issuer: Acme auth server
expiration: 900
ldap_auth:
# Addr is the hostname:port or ip:port
addr: "ldaps://ldap.xxxxxx.com:636/OU=ROOT,DC=xxxxx,DC=local?sAMAccountName?sub?(&(memberOf:1.2.840.113556.1.4.1941:=cn=xx_DOCKER_USERS,OU=xxxx,OU=Groups,OU=GLOB000,OU=Global,OU=ROOT,DC=xxxxx,DC=local)(objectClass=person))" SSL
# Setup tls connection method to be
# "" or "none": the communication won't be encrypted
# "always": setup LDAP over SSL/TLS
# "starttls": sets StartTLS as the encryption method
tls: always
# set to true to allow insecure tls
insecure_tls_skip_verify: false
# In case bind DN and password is required for querying user information,
# specify them here. Plain text password is read from the file.
bind_dn: "CN=xx_Docker_xx,OU=xxxxx_xxxxx,OU=xxxxxx,OU=xxxxxx,OU=xxxxx,OU=Root,DC=xxxxx,DC=local"
bind_password_file: xxxxxxxx
# User query settings. ${account} is expanded from auth request
#base: o=example.com
#filter: (&(uid=${account})(objectClass=person))
acl:
# This will allow authenticated users to pull/push
- match:
account: /.+/
actions: ['*']
registry:
restart: always
image: registry:2
# hostname: "Registry_docker"
environment:
- REGISTRY_DELETE_ENABLED=true
volumes:
- /data/docker_registry:/var/lib/registry
ports:
- 5000:5000
我在docker上跑步:
cesanta]# docker version
Client:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Wed Apr 27 00:34:42 2016
OS/Arch: linux/amd64
Server:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Wed Apr 27 00:34:42 2016
OS/Arch: linux/amd64
这似乎更好更容易,但不知何故它无法读取我的配置文件。。。谢谢您的回答。最后,我使用了该解决方案: 在LDAP连接方面有一些TLS问题(我使用了ldaps://),openSSL应该在我这边升级(我有1.0.1版本),但最后它似乎是一个最简单的选项,并且运行良好 他现在不为我工作