使用nexus的paclair for clair分析docker图像的配置_Docker_Nexus_Clair

使用nexus的paclair for clair分析docker图像的配置

docker

使用nexus的paclair for clair分析docker图像的配置,docker,nexus,clair,Docker,Nexus,Clair,我正在寻找一个示例配置，以便我可以运行paclair来分析docker图像，这些图像存储在nexus中托管的私有docker注册表中。目前，我有以下配置 General: clair_url: 'http://localhost:6060' Plugins: Docker: class: paclair.plugins.docker_plugin.DockerPlugin registries: nexus.example.com:10009:

我正在寻找一个示例配置，以便我可以运行paclair来分析docker图像，这些图像存储在nexus中托管的私有docker注册表中。目前，我有以下配置

General:
  clair_url: 'http://localhost:6060'
Plugins:
  Docker:
    class: paclair.plugins.docker_plugin.DockerPlugin
    registries:
      nexus.example.com:10009:
        verify: "/etc/ssl/certs/ca-bundle.crt"
        token_url: "https://nexus.example.com:10009/{image.repository}/v2/token?service=nexus.example.com:10009"
        api_prefix: "api/docker/{image.repository}"
        auth:
          - "jdoe"
          - "*****************"

这适用于Docker.io上托管的Docker映像，没有任何问题，但是如果我尝试使用此配置对我的私有Docker注册表中的Docker映像运行paclair，即

paclair --debug Docker https://nexus.example.com:10009/myApp:1.0 push

paclair似乎跳过了对nexus.example.com的登录，我看不出以下输出的原因：

Reading section Plugins in file /etc/paclair.conf
Reading section General in file /etc/paclair.conf
Reading plugin Docker
Configuration {'class': 'paclair.plugins.docker_plugin.DockerPlugin', 'registries': {'nexus.example.com:10009': {'api_prefix': 'api/docker/{image.repository}', 'token_url': 'https://nexus.example.com:10009/{image.repository}/v2/token?service=nexus.example.com', 'verify': '/etc/ssl/certs/ca-bundle.crt', 'auth': ['', '*****************']}}}
INITCLASS:DOMAIN:nexus.example.com:10009
INITCLASS:API_PREFIX:api/docker/{image.repository}
INITCLASS:API_PROTOCOL:https
INITCLASS:API_VERIFY:/etc/ssl/certs/ca-bundle.crt
INITCLASS:TOKEN_URL:https://nexus.example.com:10009/{image.repository}/v2/token?service=nexus.example.com
INITCLASS:TOKEN:None
INITCLASS:TOKEN_TYPE:Bearer
INITCLASS:DOMAIN:registry.hub.docker.com
INITCLASS:API_PREFIX:
INITCLASS:API_PROTOCOL:https
INITCLASS:API_VERIFY:True
INITCLASS:TOKEN_URL:None
INITCLASS:TOKEN:None
INITCLASS:TOKEN_TYPE:Bearer
Push https://nexus.example.com:10009/fidelia:1.8.12-all with plugin Docker
INITCLASS:NAMEIMAGE:library/https
INITCLASS:TAG:latest
INITCLASS:REPOSITORY:
Creating  ancestry
REQUEST_BASE_API_URL_FOR_TOKEN_ENDPOINT:URL:https://registry.hub.docker.com/v2/
Starting new HTTPS connection (1): registry.hub.docker.com:443
https://registry.hub.docker.com:443 "GET /v2/ HTTP/1.1" 401 87
TOKEN_URL:https://auth.docker.io/token?client_id=paclair&service=registry.docker.io&scope=repository:{image.name}:pull
REQUEST_TOKEN:URL:https://auth.docker.io/token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull
Starting new HTTPS connection (1): auth.docker.io:443
https://auth.docker.io:443 "GET /token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull HTTP/1.1" 200 None
TOKEN:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDK2pDQ0FwK2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXpzeVYwNVpPbFZMUzFJNlJFMUVVanBTU1U5Rk9reEhOa0U2UTFWWVZEcE5SbFZNT2tZelNFVTZOVkF5VlRwTFNqTkdPa05CTmxrNlNrbEVVVEFlRncweE9EQXlNVFF5TXpBMk5EZGFGdzB4T1RBeU1UUXlNekEyTkRkYU1FWXhSREJDQmdOVkJBTVRPMVpCUTFZNk5VNWFNenBNTkZSWk9sQlFTbGc2VWsxQlZEcEdWalpQT2xZMU1sTTZRa2szV2pwU1REVk9PbGhXVDBJNlFsTmFSanBHVTFRMk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMGtyTmgyZWxESnVvYjVERWd5Wi9oZ3l1ZlpxNHo0OXdvNStGRnFRK3VPTGNCMDRyc3N4cnVNdm1aSzJZQ0RSRVRERU9xNW5keEVMMHNaTE51UXRMSlNRdFY1YUhlY2dQVFRkeVJHUTl2aURPWGlqNFBocE40R0N0eFV6YTNKWlNDZC9qbm1YbmtUeDViOElUWXBCZzg2TGNUdmMyRFVUV2tHNy91UThrVjVPNFFxNlZKY05TUWRId1B2Mmp4YWRZa3hBMnhaaWNvRFNFQlpjWGRneUFCRWI2YkRnUzV3QjdtYjRRVXBuM3FXRnRqdCttKzBsdDZOR3hvenNOSFJHd3EwakpqNWtZbWFnWHpEQm5NQ3l5eDFBWFpkMHBNaUlPSjhsaDhRQ09GMStsMkVuV1U1K0thaTZKYVNEOFZJc2VrRzB3YXd4T1dER3U0YzYreE1XYUx3SURBUUFCbzRHeU1JR3ZNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVBCZ05WSFNVRUNEQUdCZ1JWSFNVQU1FUUdBMVVkRGdROUJEdFdRVU5XT2pWT1dqTTZURFJVV1RwUVVFcFlPbEpOUVZRNlJsWTJUenBXTlRKVE9rSkpOMW82VWt3MVRqcFlWazlDT2tKVFdrWTZSbE5VTmpCR0JnTlZIU01FUHpBOWdEc3lWMDVaT2xWTFMxSTZSRTFFVWpwU1NVOUZPa3hITmtFNlExVllWRHBOUmxWTU9rWXpTRVU2TlZBeVZUcExTak5HT2tOQk5sazZTa2xFVVRBS0JnZ3Foa2pPUFFRREFnTkpBREJHQWlFQWdZTWF3Si9uMXM0dDlva0VhRjh2aGVkeURzbERObWNyTHNRNldmWTFmRTRDSVFEbzNWazJXcndiSjNmU1dwZEVjT3hNazZ1ZEFwK2c1Nkd6TjlRSGFNeVZ1QT09Il19.eyJhY2Nlc3MiOltdLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuaW8iLCJleHAiOjE1NDIwMzA2MDUsImlhdCI6MTU0MjAzMDMwNSwiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiJ6SkZ3RktUd1pqdXpSOVRqbEprbCIsIm5iZiI6MTU0MjAzMDAwNSwic3ViIjoiIn0.NG95HQofUfM8llZy7ucWAOPMUoCBE0yPtKufWZPLAQNIqRwHrG4howBEfXiVGFW0qZKMZUfj87rsTZoy0J7zb9gyLfDkbo8I_LZz8XocCSBDCNsaHux1GkwEYI0cnztUDJZuyXtYRzNou1MM3aNRyAFRrV7FHyJq0CX8NZG3eLs_GHOGwDVopjRY-xMv_i-Q7kdsYDwWA3znL7lpDBOtGhFMmAKgwmvg6vSzJGrfNB6RQqvT9YrMeF7xI0Fp5r_a67eFnDQCCstwldJ3CEZfyy13sOlbhZL6wwcqrBSstH-S2K2Pw5uf1Kbdri8VfdJCxktCXl_iu4X0KYDHSOTx9w
REQUESTMANIFESTS:https://registry.hub.docker.com/v2/library/https/manifests/latest
REQUEST_TOKEN:URL:https://auth.docker.io/token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull
Starting new HTTPS connection (1): auth.docker.io:443
https://auth.docker.io:443 "GET /token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull HTTP/1.1" 200 None
TOKEN:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDK2pDQ0FwK2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXpzeVYwNVpPbFZMUzFJNlJFMUVVanBTU1U5Rk9reEhOa0U2UTFWWVZEcE5SbFZNT2tZelNFVTZOVkF5VlRwTFNqTkdPa05CTmxrNlNrbEVVVEFlRncweE9EQXlNVFF5TXpBMk5EZGFGdzB4T1RBeU1UUXlNekEyTkRkYU1FWXhSREJDQmdOVkJBTVRPMVpCUTFZNk5VNWFNenBNTkZSWk9sQlFTbGc2VWsxQlZEcEdWalpQT2xZMU1sTTZRa2szV2pwU1REVk9PbGhXVDBJNlFsTmFSanBHVTFRMk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMGtyTmgyZWxESnVvYjVERWd5Wi9oZ3l1ZlpxNHo0OXdvNStGRnFRK3VPTGNCMDRyc3N4cnVNdm1aSzJZQ0RSRVRERU9xNW5keEVMMHNaTE51UXRMSlNRdFY1YUhlY2dQVFRkeVJHUTl2aURPWGlqNFBocE40R0N0eFV6YTNKWlNDZC9qbm1YbmtUeDViOElUWXBCZzg2TGNUdmMyRFVUV2tHNy91UThrVjVPNFFxNlZKY05TUWRId1B2Mmp4YWRZa3hBMnhaaWNvRFNFQlpjWGRneUFCRWI2YkRnUzV3QjdtYjRRVXBuM3FXRnRqdCttKzBsdDZOR3hvenNOSFJHd3EwakpqNWtZbWFnWHpEQm5NQ3l5eDFBWFpkMHBNaUlPSjhsaDhRQ09GMStsMkVuV1U1K0thaTZKYVNEOFZJc2VrRzB3YXd4T1dER3U0YzYreE1XYUx3SURBUUFCbzRHeU1JR3ZNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVBCZ05WSFNVRUNEQUdCZ1JWSFNVQU1FUUdBMVVkRGdROUJEdFdRVU5XT2pWT1dqTTZURFJVV1RwUVVFcFlPbEpOUVZRNlJsWTJUenBXTlRKVE9rSkpOMW82VWt3MVRqcFlWazlDT2tKVFdrWTZSbE5VTmpCR0JnTlZIU01FUHpBOWdEc3lWMDVaT2xWTFMxSTZSRTFFVWpwU1NVOUZPa3hITmtFNlExVllWRHBOUmxWTU9rWXpTRVU2TlZBeVZUcExTak5HT2tOQk5sazZTa2xFVVRBS0JnZ3Foa2pPUFFRREFnTkpBREJHQWlFQWdZTWF3Si9uMXM0dDlva0VhRjh2aGVkeURzbERObWNyTHNRNldmWTFmRTRDSVFEbzNWazJXcndiSjNmU1dwZEVjT3hNazZ1ZEFwK2c1Nkd6TjlRSGFNeVZ1QT09Il19.eyJhY2Nlc3MiOltdLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuaW8iLCJleHAiOjE1NDIwMzA2MDYsImlhdCI6MTU0MjAzMDMwNiwiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiJtTDJPTkxuRkN5ZmFUdmNkZlNWYSIsIm5iZiI6MTU0MjAzMDAwNiwic3ViIjoiIn0.LmDr8aGuoyrn1gWTmGpmsaw9odSaSFCjstKHRj5RcL97AC2ixx0I3UIpJJzqb0blhLbxZFxdXmEBmI-c6WY9tTCrvXfrZwrJqDQFa1_K1gWMMKoaTj3oPyB9FKB9z0FeSfttXmHOhd6E7q4v67Ba7bcMqGyu6pfWJu66POtgVrbUjnqM7GFqkBrwtu9HQnzN1bJI15r-lWW-e11nc4FCzMqYLSiKa0srE59D3jZpt01RZhlu9oVdu2fMTmlHOWJBjQR-HSPEKh7yMy2-9FpSzIVQdQWM1_HI8CZPE6HAOp06QMRCQW-IYmHcl_Fqw8HAplwGYsImikLIqn39B2uBgA
Starting new HTTPS connection (1): registry.hub.docker.com:443
https://registry.hub.docker.com:443 "GET /v2/library/https/manifests/latest HTTP/1.1" 401 156
MANIFESTS:HTTPCODEERROR:401
Error treating https://nexus.example.com:10009/fidelia:1.8.12-all
Error access to : https://registry.hub.docker.com/v2/library/https/manifests/latest
Code Error : 401

也许这里有人可以给我一个提示，我可以如何针对私有nexus docker注册表配置paclair 顺致敬意，

Dan

您的问题应该通过paclair的3.1.1版解决

您正在注册表上使用自定义端口，旧版本不支持该端口。这就是为什么应用程序试图访问docker.com而不是您的自定义注册表。

有人能确认它工作正常吗？我仍然得到了相同的错误，现在我得到了paclair==3.1.1