我如何判断我是否';m从脚本登录到私有Docker注册表?
如何判断我是否从脚本登录到私有Docker注册表服务器?换句话说,我如何判断我是否';m从脚本登录到私有Docker注册表?,docker,Docker,如何判断我是否从脚本登录到私有Docker注册表服务器?换句话说,docker login some.registry.com是否已成功运行(并且仍然有效) 注意:我询问的是一个任意的私有注册表,而不是docker.io注册表。如果docker登录成功,您将在主目录(~/.docker/)上找到一个.docker文件夹,其中包含一个带有凭据的config.json文件 否则,您将在登录时出错 注意:docker通过查看注册表名来确定要使用的凭据: 如果你这样做 docker pull myreg
docker login some.registry.com注意:我询问的是一个任意的私有注册表,而不是
docker.io~/.docker/.dockerconfig.jsondocker pull myregistry.com/myimage:tagmyregistry.com如果没有,您将得到一个权限错误,这有点不正常,但它在大多数情况下对我有效:
if ! grep -q "my.private.registry.com" ~/.docker/config.json ; then
docker login "my.private.registry.com"
fi
~/.docker/config.jsonDocker login <private registry> -u <user> -p <password>
sudo docker login <registry> -u <uname> -p <password>
if [ $? -ne 0 ]; then
echo Login failed!
else
echo Login OK!
fi
sudo docker登录-u-p
如果[$?-ne 0];然后
echo登录失败!
其他的
回音登录好!
fi
您可以在bash脚本中尝试以x秒的超时时间登录,如果您未登录,该命令将尝试提示输入用户名,然后将以状态
1240#/bin/bash
超时-s SIGKILL 3s docker登录some.registry.com>/dev/null 2>&1
如果[$?-等式0]
然后
echo已登录!
其他的
echo未登录。。。
fi
# NO VALID LOGIN:
$ docker pull 999999999999.dkr.ecr.us-west-2.amazonaws.com/this/image:does_not_exist
Error response from daemon: pull access denied for 999999999999.dkr.ecr.us-west-2.amazonaws.com/this/image, repository does not exist or may require 'docker login'
# WITH VALID LOGIN:
$ docker pull 999999999999.dkr.ecr.us-west-2.amazonaws.com/this/image:does_not_exist
Error response from daemon: manifest for 999999999999.dkr.ecr.us-west-2.amazonaws.com/this/image:does_not_exist not found
拉入~/.docker/config.jsoncurlconfig.jsonjqbase64$ cat ~/.docker/config.json | jq -r '.auths["registry.example.com"].auth' | base64 -d
username:password
curlREGISTRY="registry.example.com"
CREDENTIALS="$(cat ~/.docker/config.json | jq -r ".auths[\"${REGISTRY}\"].auth" | base64 -d)"
curl -sSf --max-time 3 --user "${CREDENTIALS}" "https://${REGISTRY}/v2/_catalog"
{
"repositories": [
"jamesjj/test-image",
"jamesjj/other-image",
...
...
}
https://cat~/.docker/config.JSON | jq-r.auths[\“${registry}\”].auth“| base64-d)”cat~/.docker/config.json | jq-r.auths[\“https://${REGISTRY}\\”].auth“| base64-d)”.docker/config.jsonimport base64
import docker_registry_client
import json
import os.path
def get_authed_registries():
result = []
config_path = os.path.expanduser("~/.docker/config.json")
if not os.path.isfile(config_path):
print("No docker config")
return []
docker_config = json.load(open(config_path))
for registry, auth in docker_config.get("auths", {}).items():
username, password = base64.b64decode(auth["auth"]).decode("utf-8").split(":", 1)
if not registry:
registry = "https://index.docker.io/v1/"
if not registry.startswith("http"):
registry = "https://" + registry
try:
rc = docker_registry_client.DockerRegistryClient(registry, username=username, password=password)
result.append(registry)
except Exception, e:
print(registry, "failed:", e)
return result
get_authed_registries()
- 如果您使用的是一个
- 在Python2.7上测试。可能需要对Python3进行一些小的调整
- 此代码用于身份验证,但对注册表的任何进一步操作都会失败。您需要从主机名中删除API版本(
,/v1
,等等)/v2 - 代码假定所有注册表都是HTTPS(除非在
中另有规定)config.json - 更正确的版本可能会删除除主机名以外的任何内容,并尝试v1和v2
这就是说,我能够获得登录注册表的列表,它正确地忽略了过期的ECR登录。我相信错误消息会因注册表实现而异。但是,我自己的技术是提取一个不存在的图像并解析任何错误消息:
$!/bin/sh
repo="$1"
msg=$(docker pull ${repo}/missing:missing 2>&1)
case "$msg" in
*"requested access to the resource is denied"*|*"pull access denied"*)
echo "Logged out";;
*"manifest unknown"*|*"not found"*)
echo "Logged in, or read access for anonymous allowed";;
*"Pulling from"*)
echo "Missing image was not so missing after all?";;
*)
echo "Unknown message: $msg";;
esac
#!/bin/sh
repo=$1
# note, I do not like the "." here, better to change it to an empty directory
# see "mktemp" for an option if you cannot make your own empty directory somewhere
docker build -t "${repo}/empty:test" -f - . <<EODF
FROM scratch
EODF
msg=$(docker push "${repo}/empty:test" 2>&1)
rc=$?
if [ "$rc" = "0" ]; then
echo "Access granted to push"
else
case "$msg" in
*"requested access to the resource is denied"*)
echo "Access denied";;
*)
echo "Unknown error message: $msg";;
esac
fi
#/垃圾箱/垃圾箱
回购=1美元
#注意,我不喜欢这里的“.”,最好把它改成一个空目录
#如果您不能在某个地方创建自己的空目录,请参阅“mktemp”以获取选项
docker构建-t“${repo}/empty:test”-f-。可能重复的“否”,仅适用于docker.io注册表。您是绝对的
$!/bin/sh
repo="$1"
msg=$(docker pull ${repo}/missing:missing 2>&1)
case "$msg" in
*"requested access to the resource is denied"*|*"pull access denied"*)
echo "Logged out";;
*"manifest unknown"*|*"not found"*)
echo "Logged in, or read access for anonymous allowed";;
*"Pulling from"*)
echo "Missing image was not so missing after all?";;
*)
echo "Unknown message: $msg";;
esac
#!/bin/sh
repo=$1
# note, I do not like the "." here, better to change it to an empty directory
# see "mktemp" for an option if you cannot make your own empty directory somewhere
docker build -t "${repo}/empty:test" -f - . <<EODF
FROM scratch
EODF
msg=$(docker push "${repo}/empty:test" 2>&1)
rc=$?
if [ "$rc" = "0" ]; then
echo "Access granted to push"
else
case "$msg" in
*"requested access to the resource is denied"*)
echo "Access denied";;
*)
echo "Unknown error message: $msg";;
esac
fi