From fahimehashrafy at gmail.com Sun Jan 10 06:14:33 2016 From: fahimehashrafy at gmail.com (Fahimeh Ashrafy) Date: Sun, 10 Jan 2016 16:44:33 +0330 Subject: [Containers] portus Message-ID: Hello all I am new in portus I set it up and it is working but just users who are admin can push to registry!!! please help me but every user and pull from it Thank you very much -------------- next part -------------- An HTML attachment was scrubbed... URL: From fahimehashrafy at gmail.com Sun Jan 10 22:07:14 2016 From: fahimehashrafy at gmail.com (Fahimeh Ashrafy) Date: Mon, 11 Jan 2016 08:37:14 +0330 Subject: [Containers] portus In-Reply-To: References: Message-ID: hello there is no one to help me? thanks On Sun, Jan 10, 2016 at 4:44 PM, Fahimeh Ashrafy wrote: > Hello all > I am new in portus > I set it up and it is working but just users who are admin can push to > registry!!! please help me > but every user and pull from it > Thank you very much > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fahimehashrafy at gmail.com Mon Jan 11 02:57:46 2016 From: fahimehashrafy at gmail.com (Fahimeh Ashrafy) Date: Mon, 11 Jan 2016 13:27:46 +0330 Subject: [Containers] portus In-Reply-To: <56937647.7020508@suse.com> References: <56937647.7020508@suse.com> Message-ID: Thank you very much, yes sound like users trying to push to global namespace, how define user push to team namespace? Thank you On Mon, Jan 11, 2016 at 1:00 PM, Miquel Sabat? wrote: > Hello Fahimeh, > > Am 01/10/2016 um 02:14 PM schrieb Fahimeh Ashrafy: > > Hello all > I am new in portus > I set it up and it is working but just users who are admin can push to > registry!!! please help me > but every user and pull from it > > > We would need more information to help you. Are you pushing to the global > namespace? If that's the case, then this behavior is expected, as > documented here [1]. Otherwise, you should provide more information on > which namespace are you pushing to, the team members, etc. > > If you have any doubts on namespaces and permissions, feel free to read > our extensive documentation about it here [2]. Moreover, also note that > this list should not be used for support. For that we recommend to use our > Github repository. You might want to read this section on how to report > issues in Portus [3]. This way we would be faster at solving your issues > you might be having. > > Greetings, > Miquel > > Thank you very much > > > _______________________________________________ > Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers > > > [1] > http://port.us.org/features/3_teams_namespaces_and_users.html#kinds-of-namespaces > [2] http://port.us.org/features/3_teams_namespaces_and_users.html > [3] > https://github.com/SUSE/Portus/blob/master/CONTRIBUTING.md#reporting-issues > > _______________________________________________ > Containers mailing list > Containers at lists.suse.com > http://lists.suse.com/mailman/listinfo/containers > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From benjo11111 at gmail.com Mon Jan 18 19:36:18 2016 From: benjo11111 at gmail.com (Benjamin Fernandis) Date: Tue, 19 Jan 2016 15:36:18 +1300 Subject: [Containers] integration with existing registry and ldap authentication Message-ID: Hi, I am new with portus. Currently we are using docker v1 registry and just came to portus to use with docker v2 as we are planning to move docker registry v2. I downloaded appliance and trying to configure ldap authentication but it is not working. Can you please suggest me that where i can see logs for ldap. I added ldap configuration into /srv/Portus/config/config.yml settings: gravatar: true ldap: enabled: true hostname: hostname port: 389 method: "plain" base: "xyz" uid: "uid" guess_email: enabled: true attr: "mail" authentication: enabled: true bind_dn: "xyz" password: "xyz" After this I rebooted appliance but no luck. can we use portus as front end with existing docker reigstry which is on v1? currently we have insecure registry setup. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From fahimehashrafy at gmail.com Sun Jan 10 06:12:42 2016 From: fahimehashrafy at gmail.com (Fahimeh Ashrafy) Date: Sun, 10 Jan 2016 16:42:42 +0330 Subject: [Containers] portus Message-ID: Hello all I am new in portus I set it up and it is working but just users who are admin can push to registry!!! please help me but every user and pull from it Thank you very much -------------- next part -------------- An HTML attachment was scrubbed... URL: From benjo11111 at gmail.com Wed Jan 20 17:53:13 2016 From: benjo11111 at gmail.com (Benjamin Fernandis) Date: Thu, 21 Jan 2016 13:53:13 +1300 Subject: [Containers] integration with existing registry and ldap authentication In-Reply-To: <569DFEFB.7090707@suse.de> References: <569DFEFB.7090707@suse.de> Message-ID: Hi Miquel, I deployed rpm version on opensuse and it is working fine. Can you please guide me what is require to enable login in docker command line. currently i tested portus integration with docker registry and ldap authentication to pourtus from web interface. trying to do command line docker login and getting below error. Error response from daemon: no successful auth challenge for http://192.168.1.20:5000/v2/ - errors: [] On Tue, Jan 19, 2016 at 10:16 PM, Miquel Sabat? Sol? wrote: > Hello, > > On 01/19/2016 03:36 AM, Benjamin Fernandis wrote: > > Hi, > > I am new with portus. Currently we are using docker v1 registry and just > came to portus to use with docker v2 as we are planning to move docker > registry v2. > > I downloaded appliance and trying to configure ldap authentication but it > is not working. Can you please suggest me that where i can see logs for > ldap. > > > First of all, the appliance holds a technical preview of Portus which is > quite old. We will correct that in the documentation. If you are using > SUSE, our recommendation is to use the RPM [1]. > > > I added ldap configuration into /srv/Portus/config/config.yml > > > As described here [2], if you want to change the configuration of Portus > it's better to either create a config-local.yml file, or use environment > variables. > > > settings: > gravatar: true > > ldap: > enabled: true > hostname: hostname > port: 389 > method: "plain" > base: "xyz" > uid: "uid" > > guess_email: > enabled: true > attr: "mail" > > authentication: > enabled: true > bind_dn: "xyz" > password: "xyz" > > > After this I rebooted appliance but no luck. > > can we use portus as front end with existing docker reigstry which is on > v1? > > > No. Portus only works for version 2 of the registry. It's not technically > possible to support both versions, so we are focusing on the latest (and > production ready) version. > > > currently we have insecure registry setup. > > > That shouldn't be a problem (but of course we recommend a secure registry > ;), it's quite easy to do it actually [3]). > > > Thanks > > > > _______________________________________________ > Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers > > > You can find logs in /srv/Portus/log/production.log. That being said, I > would *really* encourage you to upgrade to the RPM setup. The appliance is > known to have bugs that have been long fixed in the RPM. Another option, if > you are just playing with Portus, is to try our docker compose setup [4]. > > Cheers, > Miquel > > [1] http://port.us.org/docs/setups/1_rpm_packages.html > [2] > http://port.us.org/docs/Configuring-Portus.html#override-specific-configuration-options > [3] http://port.us.org/docs/How-to-setup-secure-registry.html > [4] https://github.com/SUSE/Portus/wiki/Docker-Compose-Environment > > _______________________________________________ > Containers mailing list > Containers at lists.suse.com > http://lists.suse.com/mailman/listinfo/containers > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From asarai at suse.de Wed Jan 20 18:00:08 2016 From: asarai at suse.de (Aleksa Sarai) Date: Thu, 21 Jan 2016 12:00:08 +1100 Subject: [Containers] integration with existing registry and ldap authentication In-Reply-To: References: <569DFEFB.7090707@suse.de> Message-ID: <56A02D98.9030600@suse.de> On 01/21/2016 11:53 AM, Benjamin Fernandis wrote: > Hi Miquel, > > I deployed rpm version on opensuse and it is working fine. > > Can you please guide me what is require to enable login in docker > command line. > > currently i tested portus integration with docker registry and ldap > authentication to pourtus from web interface. > > trying to do command line docker login and getting below error. > > Error response from daemon: no successful auth challenge for > http://192.168.1.20:5000/v2/ - errors: [] Are you running Portus using docker-compose? If so, you need docker-compose version 1.5.2 or later. Otherwise, please make sure that your *daemon* can access the IP address of the docker registry given in in /etc/registry/config.yml in the "realm" field: auth: token: realm: http://172.17.0.1:3000/v2/token service: 172.17.0.1:5000 And that the "service" is the same as the one you registered when you first started Portus (this is more likely to be the cause). -- Aleksa Sarai Docker Core Specialist SUSE Australia https://www.cyphar.com/ From benjo11111 at gmail.com Wed Jan 20 18:04:05 2016 From: benjo11111 at gmail.com (Benjamin Fernandis) Date: Thu, 21 Jan 2016 14:04:05 +1300 Subject: [Containers] integration with existing registry and ldap authentication In-Reply-To: <56A02D98.9030600@suse.de> References: <569DFEFB.7090707@suse.de> <56A02D98.9030600@suse.de> Message-ID: I deployed portus on oepnsuse. I can not find /etc/registry/cofig.yml file in portus machine. do i require to add above lines in docker registry container or in portus vm? On Thu, Jan 21, 2016 at 2:00 PM, Aleksa Sarai wrote: > On 01/21/2016 11:53 AM, Benjamin Fernandis wrote: > >> Hi Miquel, >> >> I deployed rpm version on opensuse and it is working fine. >> >> Can you please guide me what is require to enable login in docker >> command line. >> >> currently i tested portus integration with docker registry and ldap >> authentication to pourtus from web interface. >> >> trying to do command line docker login and getting below error. >> >> Error response from daemon: no successful auth challenge for >> http://192.168.1.20:5000/v2/ - errors: [] >> > > Are you running Portus using docker-compose? If so, you need > docker-compose version 1.5.2 or later. > > Otherwise, please make sure that your *daemon* can access the IP address > of the docker registry given in in /etc/registry/config.yml > in the "realm" field: > > auth: > token: > realm: http://172.17.0.1:3000/v2/token > service: 172.17.0.1:5000 > > And that the "service" is the same as the one you registered when you > first started Portus (this is more likely to be the cause). > > -- > Aleksa Sarai > Docker Core Specialist > SUSE Australia > https://www.cyphar.com/ > > _______________________________________________ > Containers mailing list > Containers at lists.suse.com > http://lists.suse.com/mailman/listinfo/containers > -------------- next part -------------- An HTML attachment was scrubbed... URL: From benjo11111 at gmail.com Wed Jan 20 19:12:58 2016 From: benjo11111 at gmail.com (Benjamin Fernandis) Date: Thu, 21 Jan 2016 15:12:58 +1300 Subject: [Containers] integration with existing registry and ldap authentication In-Reply-To: References: <569DFEFB.7090707@suse.de> <56A02D98.9030600@suse.de> Message-ID: i pass below variable to docker registry container , docker run \ -d --restart=always --name registry \ -e REGISTRY_LOG_LEVEL=debug \ -p 5000:5000 \ -e SEARCH_BACKEND=sqlalchemy \ -e REGISTRY_AUTH_TOKEN_REALM="http://192.168.1.20:3000/v2/token" \ -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ -v /home/test/data:/var/lib/registry \ registry:2.1 where 192.168.1.20 is IP for docker registry. but still i can not do login by docker login command line. Do i require to add anything in portus ? On Thu, Jan 21, 2016 at 2:04 PM, Benjamin Fernandis wrote: > I deployed portus on oepnsuse. I can not find /etc/registry/cofig.yml file > in portus machine. > > do i require to add above lines in docker registry container or in portus > vm? > > > On Thu, Jan 21, 2016 at 2:00 PM, Aleksa Sarai wrote: > >> On 01/21/2016 11:53 AM, Benjamin Fernandis wrote: >> >>> Hi Miquel, >>> >>> I deployed rpm version on opensuse and it is working fine. >>> >>> Can you please guide me what is require to enable login in docker >>> command line. >>> >>> currently i tested portus integration with docker registry and ldap >>> authentication to pourtus from web interface. >>> >>> trying to do command line docker login and getting below error. >>> >>> Error response from daemon: no successful auth challenge for >>> http://192.168.1.20:5000/v2/ - errors: [] >>> >> >> Are you running Portus using docker-compose? If so, you need >> docker-compose version 1.5.2 or later. >> >> Otherwise, please make sure that your *daemon* can access the IP address >> of the docker registry given in in /etc/registry/config.yml >> in the "realm" field: >> >> auth: >> token: >> realm: http://172.17.0.1:3000/v2/token >> service: 172.17.0.1:5000 >> >> And that the "service" is the same as the one you registered when you >> first started Portus (this is more likely to be the cause). >> >> -- >> Aleksa Sarai >> Docker Core Specialist >> SUSE Australia >> https://www.cyphar.com/ >> >> _______________________________________________ >> Containers mailing list >> Containers at lists.suse.com >> http://lists.suse.com/mailman/listinfo/containers >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fcastelli at suse.com Thu Jan 21 04:15:01 2016 From: fcastelli at suse.com (Flavio Castelli) Date: Thu, 21 Jan 2016 12:15:01 +0100 Subject: [Containers] portus In-Reply-To: References: <56937647.7020508@suse.com> Message-ID: <56A0BDB5.5070506@suse.com> On 01/11/2016 10:57 AM, Fahimeh Ashrafy wrote: > Thank you very much, yes sound like users trying to push to global > namespace, > how define user push to team namespace? As explained here [1] only Portus' administrators have the right to push to the global namespace. So you have to promote the users to admin. This can be done from the user management page that is available only to admin users. Cheers Flavio [1] http://port.us.org/features/3_teams_namespaces_and_users.html#kinds-of-namespaces From benjo11111 at gmail.com Thu Jan 21 13:41:46 2016 From: benjo11111 at gmail.com (Benjamin Fernandis) Date: Fri, 22 Jan 2016 09:41:46 +1300 Subject: [Containers] integration with existing registry and ldap authentication In-Reply-To: <56A0B3B5.20206@suse.de> References: <569DFEFB.7090707@suse.de> <56A02D98.9030600@suse.de> <56A0B3B5.20206@suse.de> Message-ID: Hi, I have docker registry on another host and portus i opensuse vm. currently I can do ldap authentication to access portus web interface and i can see global name space and my own namespace, all working in that. but when i tried to do docker login not working. And i got Error response from daemon: no successful auth challenge for http://192.168.1.20:5000/v2/ - errors: [] portus (opensuse vm ) - 192.168.1.10 docker (registry container on different host but it is accessible from portus ) - 192.168.1.20:5000 Do i require to do any other configuration for this or ? On Thu, Jan 21, 2016 at 11:32 PM, Jordi Massaguer Pla wrote: > I guess you have not run portusctl command. > > After installing the rpm, you need to run > > "portusctl setup --local-registry" > > I am assuming you have a docker registry running on your box (install it > with zypper install docker-distribution-registry) > > Also, make sure you have mariadb installed and running. > > cheers > > On 01/21/2016 03:12 AM, Benjamin Fernandis wrote: > > i pass below variable to docker registry container , > > docker run \ > -d --restart=always --name registry \ > -e REGISTRY_LOG_LEVEL=debug \ > -p 5000:5000 \ > -e SEARCH_BACKEND=sqlalchemy \ > -e REGISTRY_AUTH_TOKEN_REALM="http://192.168.1.20:3000/v2/token" \ > -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ > -v /home/test/data:/var/lib/registry \ > registry:2.1 > > where 192.168.1.20 is IP for docker registry. > > but still i can not do login by docker login command line. Do i require to > add anything in portus ? > > On Thu, Jan 21, 2016 at 2:04 PM, Benjamin Fernandis < > benjo11111 at gmail.com> wrote: > >> I deployed portus on oepnsuse. I can not find /etc/registry/cofig.yml >> file in portus machine. >> >> do i require to add above lines in docker registry container or in portus >> vm? >> >> >> On Thu, Jan 21, 2016 at 2:00 PM, Aleksa Sarai < >> asarai at suse.de> wrote: >> >>> On 01/21/2016 11:53 AM, Benjamin Fernandis wrote: >>> >>>> Hi Miquel, >>>> >>>> I deployed rpm version on opensuse and it is working fine. >>>> >>>> Can you please guide me what is require to enable login in docker >>>> command line. >>>> >>>> currently i tested portus integration with docker registry and ldap >>>> authentication to pourtus from web interface. >>>> >>>> trying to do command line docker login and getting below error. >>>> >>>> Error response from daemon: no successful auth challenge for >>>> http://192.168.1.20:5000/v2/ - errors: [] >>>> >>> >>> Are you running Portus using docker-compose? If so, you need >>> docker-compose version 1.5.2 or later. >>> >>> Otherwise, please make sure that your *daemon* can access the IP address >>> of the docker registry given in in /etc/registry/config.yml >>> in the "realm" field: >>> >>> auth: >>> token: >>> realm: http://172.17.0.1:3000/v2/token >>> service: 172.17.0.1:5000 >>> >>> And that the "service" is the same as the one you registered when you >>> first started Portus (this is more likely to be the cause). >>> >>> -- >>> Aleksa Sarai >>> Docker Core Specialist >>> SUSE Australia >>> https://www.cyphar.com/ >>> >>> _______________________________________________ >>> Containers mailing list >>> Containers at lists.suse.com >>> http://lists.suse.com/mailman/listinfo/containers >>> >> >> > > > _______________________________________________ > Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers > > > > _______________________________________________ > Containers mailing list > Containers at lists.suse.com > http://lists.suse.com/mailman/listinfo/containers > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fcastelli at suse.com Fri Jan 22 01:35:11 2016 From: fcastelli at suse.com (Flavio Castelli) Date: Fri, 22 Jan 2016 09:35:11 +0100 Subject: [Containers] integration with existing registry and ldap authentication In-Reply-To: References: <569DFEFB.7090707@suse.de> <56A02D98.9030600@suse.de> Message-ID: <56A1E9BF.3030409@suse.com> On 01/21/2016 03:12 AM, Benjamin Fernandis wrote: > i pass below variable to docker registry container , > > docker run \ > -d --restart=always --name registry \ > -e REGISTRY_LOG_LEVEL=debug \ > -p 5000:5000 \ > -e SEARCH_BACKEND=sqlalchemy \ > -e REGISTRY_AUTH_TOKEN_REALM="http://192.168.1.20:3000/v2/token" \ > -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ > -v /home/test/data:/var/lib/registry \ > registry:2.1 You are not specifying REGISTRY_AUTH_TOKEN_ISSUER which is mandatory [1]. Cheers Flavio https://github.com/docker/distribution/blob/master/docs/configuration.md#token From benjo11111 at gmail.com Sun Jan 24 14:59:53 2016 From: benjo11111 at gmail.com (Benjamin Fernandis) Date: Mon, 25 Jan 2016 10:59:53 +1300 Subject: [Containers] integration with existing registry and ldap authentication In-Reply-To: <56A1F0A9.8010909@suse.de> References: <569DFEFB.7090707@suse.de> <56A02D98.9030600@suse.de> <56A0B3B5.20206@suse.de> <56A1F0A9.8010909@suse.de> Message-ID: Hi, I added -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" as suggested above. And enabled debug mode with stout log massages as suggested. Now i can see below logs, time="2016-01-25T09:50:15.967721182+13:00" level=debug msg="filesystem.List(\"/\")" instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 service=registry trace.duration=125.467?s trace.file="/go/src/ github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func=" github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=474f03d6-233f-4a6a-97d8-307fc389b594 trace.line=123 version=v2.1.1 time="2016-01-25T09:50:25.806341211+13:00" level=debug msg="authorizing request" http.request.host="192.168.1.20:5000" http.request.id=6b96abae-ecca-4891-ab53-18f9d5babe4a http.request.method=GET http.request.remoteaddr="192.168.1.30:21734" http.request.uri="/v2/" http.request.useragent="docker/1.9.1-fc23 go/go1.5.1 git-commit/110aed2-dirty kernel/4.3.3-300.fc23.x86_64 os/linux arch/amd64" instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 service=registry version=v2.1.1 time="2016-01-25T09:50:25.806495043+13:00" level=info msg="response completed" http.request.host="192.168.1.20:5000" http.request.id=6b96abae-ecca-4891-ab53-18f9d5babe4a http.request.method=GET http.request.remoteaddr="192.168.1.30:21734" http.request.uri="/v2/" http.request.useragent="docker/1.9.1-fc23 go/go1.5.1 git-commit/110aed2-dirty kernel/4.3.3-300.fc23.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=4.930233ms http.response.status=200 http.response.written=2 instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 service=registry version=v2.1.1 192.168.1.30 -- [25/Jan/2016:09:50:25 +1300] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.9.1-fc23 go/go1.5.1 git-commit/110aed2-dirty kernel/4.3.3-300.fc23.x86_64 os/linux arch/amd64" time="2016-01-25T09:50:25.967676129+13:00" level=debug msg="filesystem.List(\"/\")" instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 service=registry trace.duration=110.255?s trace.file="/go/src/ github.com/docker/distribution/registry/storage/driver/base/base.go" trace.func=" github.com/docker/distribution/registry/storage/driver/base.(*Base).List" trace.id=9e90391a-ff1d-4122-a73e-188388ebd28b trace.line=123 version=v2.1.1 we have proxy in network and its IP 192.168.1.30. I am not using ssl certificate here and i set insecure-registry in configuration. I enabled ldap in portus and i can do ldap authentication for portus interface access. Here, my confusion is that, when i do docker login 192.168.1.20:5000 , is it goes to portus for ldap authentication check for entering username /passwd and email id in docker login command ? or Here i haven't configure any nginx or any other setup. Please let me know if i m missing anything here. my docker registry command, docker run \ -d --restart=always --name registry \ -e REGISTRY_LOG_LEVEL=debug \ -p 5000:5000 \ -e SEARCH_BACKEND=sqlalchemy \ -e REGISTRY_AUTH_TOKEN_REALM="http://192.168.1.20:3000/v2/token" \ -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ -v /home/test/data:/var/lib/registry \ registry:2.1 On Fri, Jan 22, 2016 at 10:04 PM, Jordi Massaguer Pla wrote: > > > On 01/21/2016 09:41 PM, Benjamin Fernandis wrote: > > Hi, > > I have docker registry on another host and portus i opensuse vm. > > currently I can do ldap authentication to access portus web interface and > i can see global name space and my own namespace, all working in that. > > but when i tried to do docker login not working. > And i got Error response from daemon: no successful auth challenge for > http://192.168.1.20:5000/v2/ - errors: [] > > portus (opensuse vm ) - 192.168.1.10 > docker (registry container on different host but it is accessible from > portus ) - 192.168.1.20:5000 > > Do i require to do any other configuration for this or ? > > > Please try the following. On 192.168.1.20, stop registry as a daemon and > start it manually. If it is SUSE, you can do that with > > sudo registry /etc/config.yml > > This will show you the log in the stdout. > > Then try again and look for a better explanation of the error. > > You may want also to enable debug in config.yml file. > > My guess is that you may have some ssl certs issues. Communication between > portus and the registry is done using ssl certificates. You can try running > registry with and insecure flag (see registry --help) to test if that is > the case. If so, you need to add portus certificate in your system. > > In order to do that, you need to add your certificate authority (*ca.crt) > into /etc/pki/trust/anchors/ and then run sudo update-ca-certificates > (assuming you are running suse). > > I hope this helps. > > Otherwise, send us the output of the registry command which may give us a > clue. > > > > > On Thu, Jan 21, 2016 at 11:32 PM, Jordi Massaguer Pla < > jmassaguerpla at suse.de> wrote: > >> I guess you have not run portusctl command. >> >> After installing the rpm, you need to run >> >> "portusctl setup --local-registry" >> >> I am assuming you have a docker registry running on your box (install it >> with zypper install docker-distribution-registry) >> >> Also, make sure you have mariadb installed and running. >> >> cheers >> >> On 01/21/2016 03:12 AM, Benjamin Fernandis wrote: >> >> i pass below variable to docker registry container , >> >> docker run \ >> -d --restart=always --name registry \ >> -e REGISTRY_LOG_LEVEL=debug \ >> -p 5000:5000 \ >> -e SEARCH_BACKEND=sqlalchemy \ >> -e REGISTRY_AUTH_TOKEN_REALM=" >> http://192.168.1.20:3000/v2/token" \ >> -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ >> -v /home/test/data:/var/lib/registry \ >> registry:2.1 >> >> where 192.168.1.20 is IP for docker registry. >> >> but still i can not do login by docker login command line. Do i require >> to add anything in portus ? >> >> On Thu, Jan 21, 2016 at 2:04 PM, Benjamin Fernandis < >> benjo11111 at gmail.com> wrote: >> >>> I deployed portus on oepnsuse. I can not find /etc/registry/cofig.yml >>> file in portus machine. >>> >>> do i require to add above lines in docker registry container or in >>> portus vm? >>> >>> >>> On Thu, Jan 21, 2016 at 2:00 PM, Aleksa Sarai < >>> asarai at suse.de> wrote: >>> >>>> On 01/21/2016 11:53 AM, Benjamin Fernandis wrote: >>>> >>>>> Hi Miquel, >>>>> >>>>> I deployed rpm version on opensuse and it is working fine. >>>>> >>>>> Can you please guide me what is require to enable login in docker >>>>> command line. >>>>> >>>>> currently i tested portus integration with docker registry and ldap >>>>> authentication to pourtus from web interface. >>>>> >>>>> trying to do command line docker login and getting below error. >>>>> >>>>> Error response from daemon: no successful auth challenge for >>>>> http://192.168.1.20:5000/v2/ - errors: [] >>>>> >>>> >>>> Are you running Portus using docker-compose? If so, you need >>>> docker-compose version 1.5.2 or later. >>>> >>>> Otherwise, please make sure that your *daemon* can access the IP >>>> address of the docker registry given in in /etc/registry/config.yml >>>> in the "realm" field: >>>> >>>> auth: >>>> token: >>>> realm: >>>> http://172.17.0.1:3000/v2/token >>>> service: 172.17.0.1:5000 >>>> >>>> And that the "service" is the same as the one you registered when you >>>> first started Portus (this is more likely to be the cause). >>>> >>>> -- >>>> Aleksa Sarai >>>> Docker Core Specialist >>>> SUSE Australia >>>> https://www.cyphar.com/ >>>> >>>> _______________________________________________ >>>> Containers mailing list >>>> Containers at lists.suse.com >>>> http://lists.suse.com/mailman/listinfo/containers >>>> >>> >>> >> >> >> _______________________________________________ >> Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers >> >> >> >> _______________________________________________ >> Containers mailing list >> Containers at lists.suse.com >> http://lists.suse.com/mailman/listinfo/containers >> >> > > > _______________________________________________ > Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers > > > > _______________________________________________ > Containers mailing list > Containers at lists.suse.com > http://lists.suse.com/mailman/listinfo/containers > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From benjo11111 at gmail.com Tue Jan 26 14:26:59 2016 From: benjo11111 at gmail.com (Benjamin Fernandis) Date: Wed, 27 Jan 2016 10:26:59 +1300 Subject: [Containers] integration with existing registry and ldap authentication In-Reply-To: <56A5EE62.3050909@suse.de> References: <569DFEFB.7090707@suse.de> <56A02D98.9030600@suse.de> <56A0B3B5.20206@suse.de> <56A1F0A9.8010909@suse.de> <56A5EE62.3050909@suse.de> Message-ID: Hi, To test it out of proxy, I setup portus, registry as container on single physical machine which is out of proxy configuration. my docker file for registry : docker run \ --name registry \ -e REGISTRY_LOG_LEVEL=debug \ --net=host \ -e SEARCH_BACKEND=sqlalchemy \ -e REGISTRY_AUTH_TOKEN_ISSUER="10.17.1.22" \ -e REGISTRY_AUTH_TOKEN_REALM="http://10.17.1.22:3000/v2/token" \ -e REGISTRY_AUTH_TOKEN_SERVICE="10.17.1.22:5000" \ -v /etc/localtime:/etc/localtime:ro \ -v `pwd`/data:/var/lib/registry \ registry:2.1 docker file portus : docker run \ -d --restart=always --name portus \ --net=host \ -e PORTUS_MACHINE_FQDN="hostname" \ -e PORTUS_KEY_PATH="key.pem" \ -e PORTUS_LDAP_ENABLED=true \ -e PORTUS_LDAP_HOSTNAME=ldap.example.com \ -e PORTUS_LDAP_PORT=389 \ -e PORTUS_LDAP_METHOD=plain \ -e PORTUS_LDAP_BASE="xyz" \ -e PORTUS_LDAP_UID="xyz" \ -e PORTUS_LDAP_AUTHENTICATION_ENABLED=true \ -e PORTUS_LDAP_AUTHENTICATION_BIND_DN="xyz" \ -e PORTUS_LDAP_AUTHENTICATION_PASSWORD="xyz" \ -e PORTUS_PRODUCTION_HOST=10.17.1.22 \ -e PORTUS_PRODUCTION_DATABASE=portus \ -e PORTUS_PRODUCTION_USERNAME=portus \ -e PORTUS_PRODUCTION_PASSWORD=portuspassword \ -e PORTUS_GRAVATAR_ENABLED=true \ -e PORTUS_PASSWORD="portuspassword" \ -e PORTUS_SECRET_KEY_BASE="xyz" \ -e REGISTRY_USE_SSL=true \ -e PORTUS_CHECK_SSL_USAGE_ENABLED=false \ -e CATALOG_CRON="2.minutes" \ sshipway/portus:2.0.0 After running both reigstry and portus, I can do ldap login by web page of portus and add registry. # curl -ik --user $user:$password http://10.17.1.22:3000/v2/token?account=$user\&service=10.17.1.22:5000 HTTP/1.1 200 OK X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Content-Type: application/json; charset=utf-8 ETag: W/"948072053b84e6aa8ca2d7e830bba73c" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _portus_session=M2dxWkNmWFBzMmo1NGhzYTlpOEIzNWtLTVBPazl0RnRMVHdzMzhjWnZqVDZWZXdWMnVIWjlrYVFrQk5rZGFYMEVvRWRDR2hOMVFUaGltZHZOL05NY1E9PS0tekE4RDRZUTVPdnhZakhjbkZZS0I2UT09--8a3bd444275d60c9dd9a71ff5ef4310ad2fd2422; path=/; HttpOnly X-Request-Id: 3d602c82-5445-46f3-b8ba-6d187e060dd7 X-Runtime: 5.052285 Transfer-Encoding: chunked {"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IllGVEM6MjNSUjpCRUJBOktSTDc6SkFKUjpTSFg0OkEzNks6TU5LSzpBWTVTOlpMWlg6UVBQVzpSMk02In0.eyJpc3MiOiJvcGVuc3RhY2sucGZyLmNvLm56Iiwic3ViIjoiIiwiYXVkIjoiMTAuMTcuMS4yMjo1MDAwIiwiaWF0IjoxNDUzODQzMzMzLCJuYmYiOjE0NTM4NDMzMjgsImV4cCI6MTQ1Mzg0MzYzMywianRpIjoiNlQ4Wk1vajQzeEh5aGlQcnNhWlNmdmVmYjNZQ285NFhzU3FGVXFxNTgxIn0.iG6iKw8BFogtXF50b0Zhy7LVFv1hetvQu1UCKPSLmAIbnkH3_F_-oHjJ7l6OeHvTyIxc_aa5EQ9CPIbDfW9xFmHS436FsLYlq64c8PqC6sgTAGVmDSzsUHReLG0H9cRHv7kVtbGJkR_4Bim4tjR3DWho2QyuaEQ8GzA6XnhRGfqe25SPMT48YAijDRs6R_X0jVMiJQBecLZ620tapGdmC9gm1qKAeinQbY2SmcYCyi6MV-VFbApWuY9Nzc71HRYW4I4AH1Gle9sG3p9ua82-7Bj6T0zykqbx8iJ5KvBhMnxz9lqtdO40m_sZiSpvepuxRO-VUy5M-Yi_8qb8rCKhhA"} And when i tried , docker login 10.17.1.22:5000 Username: user Password: Email: email-id Error response from daemon: no successful auth challenge for http://10.17.1.22:5000/v2/ - errors: [] registry logs : time="2016-01-27T10:20:03.057481195+13:00" level=debug msg="authorizing request" http.request.host="10.17.1.22:5000" http.request.id=ce2dd545-d0bf-42da-a3b8-a5f143a842d0 http.request.method=GET http.request.remoteaddr="10.17.1.22:45211" http.request.uri="/v2/" http.request.useragent="docker/1.8.2-el7.centos go/go1.4.2 kernel/3.10.0-229.14.1.el7.x86_64 os/linux arch/amd64" instance.id=4bce4b2e-9bb0-4a36-911e-18f7729ee1a2 service=registry version=v2.1.1 time="2016-01-27T10:20:03.057594847+13:00" level=info msg="response completed" http.request.host="10.17.1.22:5000" http.request.id=ce2dd545-d0bf-42da-a3b8-a5f143a842d0 http.request.method=GET http.request.remoteaddr="10.17.1.22:45211" http.request.uri="/v2/" http.request.useragent="docker/1.8.2-el7.centos go/go1.4.2 kernel/3.10.0-229.14.1.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=3.085575ms http.response.status=200 http.response.written=2 instance.id=4bce4b2e-9bb0-4a36-911e-18f7729ee1a2 service=registry version=v2.1.1 10.17.1.22 - - [27/Jan/2016:10:20:03 +1300] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.8.2-el7.centos go/go1.4.2 kernel/3.10.0-229.14.1.el7.x86_64 os/linux arch/amd64" please correct me if I am doing any configuration mistake. Suggest me pls to resolve this. I am not using docker registry with ssl. I configured --insecure-registry in docker config. 10.17.1.22 is IP of physical machine which is on centos 7 where I deployed portus and registry container. Regards Ben On Mon, Jan 25, 2016 at 10:44 PM, Jordi Massaguer Pla wrote: > I am bit confused... the log you are sending us states > > http.response.status=200 > > I don't see any error on the authentication nor in the certificates ... > > May it be a problem because of the proxy you have? Can you try without the > proxy? Like running docker where you have the registry or Portus installed? > If that were the problem, we can narrow it and try to reproduce it. > > This is how it works: docker tries to login to the registry and this > forwards/delegates the authentication to Portus, which in its turn, uses > ldap for that. > > thanks > > > > On 01/24/2016 10:59 PM, Benjamin Fernandis wrote: > > Hi, > > I added -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" as suggested > above. And enabled debug mode with stout log massages as suggested. > > Now i can see below logs, > > time="2016-01-25T09:50:15.967721182+13:00" level=debug > msg="filesystem.List(\"/\")" instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 > service=registry trace.duration=125.467?s trace.file="/go/src/ > github.com/docker/distribution/registry/storage/driver/base/base.go" > trace.func=" > github.com/docker/distribution/registry/storage/driver/base.(*Base).List > " > trace.id=474f03d6-233f-4a6a-97d8-307fc389b594 trace.line=123 > version=v2.1.1 > > time="2016-01-25T09:50:25.806341211+13:00" level=debug msg="authorizing > request" http.request.host="192.168.1.20:5000" http.request.id=6b96abae-ecca-4891-ab53-18f9d5babe4a > http.request.method=GET http.request.remoteaddr="192.168.1.30:21734" > http.request.uri="/v2/" http.request.useragent="docker/1.9.1-fc23 > go/go1.5.1 git-commit/110aed2-dirty kernel/4.3.3-300.fc23.x86_64 os/linux > arch/amd64" instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 > service=registry version=v2.1.1 > > time="2016-01-25T09:50:25.806495043+13:00" level=info msg="response > completed" http.request.host="192.168.1.20:5000" http.request.id=6b96abae-ecca-4891-ab53-18f9d5babe4a > http.request.method=GET http.request.remoteaddr="192.168.1.30:21734" > http.request.uri="/v2/" http.request.useragent="docker/1.9.1-fc23 > go/go1.5.1 git-commit/110aed2-dirty kernel/4.3.3-300.fc23.x86_64 os/linux > arch/amd64" http.response.contenttype="application/json; charset=utf-8" > http.response.duration=4.930233ms http.response.status=200 > http.response.written=2 instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 > service=registry version=v2.1.1 > > 192.168.1.30 -- [25/Jan/2016:09:50:25 +1300] "GET /v2/ HTTP/1.1" 200 2 "" > "docker/1.9.1-fc23 go/go1.5.1 git-commit/110aed2-dirty > kernel/4.3.3-300.fc23.x86_64 os/linux arch/amd64" > > time="2016-01-25T09:50:25.967676129+13:00" level=debug > msg="filesystem.List(\"/\")" instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 > service=registry trace.duration=110.255?s trace.file="/go/src/ > github.com/docker/distribution/registry/storage/driver/base/base.go" > trace.func=" > github.com/docker/distribution/registry/storage/driver/base.(*Base).List > " > trace.id=9e90391a-ff1d-4122-a73e-188388ebd28b trace.line=123 > version=v2.1.1 > > > we have proxy in network and its IP 192.168.1.30. > > I am not using ssl certificate here and i set insecure-registry in > configuration. > > I enabled ldap in portus and i can do ldap authentication for portus > interface access. > > Here, my confusion is that, when i do docker login 192.168.1.20:5000 , is > it goes to portus for ldap authentication check for entering username > /passwd and email id in docker login command ? or > > Here i haven't configure any nginx or any other setup. > > Please let me know if i m missing anything here. > > my docker registry command, > > docker run \ > -d --restart=always --name registry \ > -e REGISTRY_LOG_LEVEL=debug \ > -p 5000:5000 \ > -e SEARCH_BACKEND=sqlalchemy \ > -e REGISTRY_AUTH_TOKEN_REALM="http://192.168.1.20:3000/v2/token" \ > -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ > -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ > -v /home/test/data:/var/lib/registry \ > registry:2.1 > > On Fri, Jan 22, 2016 at 10:04 PM, Jordi Massaguer Pla < > jmassaguerpla at suse.de> wrote: > >> >> >> On 01/21/2016 09:41 PM, Benjamin Fernandis wrote: >> >> Hi, >> >> I have docker registry on another host and portus i opensuse vm. >> >> currently I can do ldap authentication to access portus web interface and >> i can see global name space and my own namespace, all working in that. >> >> but when i tried to do docker login not working. >> And i got Error response from daemon: no successful auth challenge for >> http://192.168.1.20:5000/v2/ - errors: [] >> >> portus (opensuse vm ) - 192.168.1.10 >> docker (registry container on different host but it is accessible from >> portus ) - 192.168.1.20:5000 >> >> Do i require to do any other configuration for this or ? >> >> >> Please try the following. On 192.168.1.20, stop registry as a daemon and >> start it manually. If it is SUSE, you can do that with >> >> sudo registry /etc/config.yml >> >> This will show you the log in the stdout. >> >> Then try again and look for a better explanation of the error. >> >> You may want also to enable debug in config.yml file. >> >> My guess is that you may have some ssl certs issues. Communication >> between portus and the registry is done using ssl certificates. You can try >> running registry with and insecure flag (see registry --help) to test if >> that is the case. If so, you need to add portus certificate in your system. >> >> In order to do that, you need to add your certificate authority (*ca.crt) >> into /etc/pki/trust/anchors/ and then run sudo update-ca-certificates >> (assuming you are running suse). >> >> I hope this helps. >> >> Otherwise, send us the output of the registry command which may give us a >> clue. >> >> >> >> >> On Thu, Jan 21, 2016 at 11:32 PM, Jordi Massaguer Pla < >> jmassaguerpla at suse.de> wrote: >> >>> I guess you have not run portusctl command. >>> >>> After installing the rpm, you need to run >>> >>> "portusctl setup --local-registry" >>> >>> I am assuming you have a docker registry running on your box (install it >>> with zypper install docker-distribution-registry) >>> >>> Also, make sure you have mariadb installed and running. >>> >>> cheers >>> >>> On 01/21/2016 03:12 AM, Benjamin Fernandis wrote: >>> >>> i pass below variable to docker registry container , >>> >>> docker run \ >>> -d --restart=always --name registry \ >>> -e REGISTRY_LOG_LEVEL=debug \ >>> -p 5000:5000 \ >>> -e SEARCH_BACKEND=sqlalchemy \ >>> -e REGISTRY_AUTH_TOKEN_REALM=" >>> http://192.168.1.20:3000/v2/token" \ >>> -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ >>> -v /home/test/data:/var/lib/registry \ >>> registry:2.1 >>> >>> where 192.168.1.20 is IP for docker registry. >>> >>> but still i can not do login by docker login command line. Do i require >>> to add anything in portus ? >>> >>> On Thu, Jan 21, 2016 at 2:04 PM, Benjamin Fernandis < >>> benjo11111 at gmail.com> wrote: >>> >>>> I deployed portus on oepnsuse. I can not find /etc/registry/cofig.yml >>>> file in portus machine. >>>> >>>> do i require to add above lines in docker registry container or in >>>> portus vm? >>>> >>>> >>>> On Thu, Jan 21, 2016 at 2:00 PM, Aleksa Sarai < >>>> asarai at suse.de> wrote: >>>> >>>>> On 01/21/2016 11:53 AM, Benjamin Fernandis wrote: >>>>> >>>>>> Hi Miquel, >>>>>> >>>>>> I deployed rpm version on opensuse and it is working fine. >>>>>> >>>>>> Can you please guide me what is require to enable login in docker >>>>>> command line. >>>>>> >>>>>> currently i tested portus integration with docker registry and ldap >>>>>> authentication to pourtus from web interface. >>>>>> >>>>>> trying to do command line docker login and getting below error. >>>>>> >>>>>> Error response from daemon: no successful auth challenge for >>>>>> http://192.168.1.20:5000/v2/ - errors: >>>>>> [] >>>>>> >>>>> >>>>> Are you running Portus using docker-compose? If so, you need >>>>> docker-compose version 1.5.2 or later. >>>>> >>>>> Otherwise, please make sure that your *daemon* can access the IP >>>>> address of the docker registry given in in /etc/registry/config.yml >>>>> in the "realm" field: >>>>> >>>>> auth: >>>>> token: >>>>> realm: >>>>> http://172.17.0.1:3000/v2/token >>>>> service: 172.17.0.1:5000 >>>>> >>>>> And that the "service" is the same as the one you registered when you >>>>> first started Portus (this is more likely to be the cause). >>>>> >>>>> -- >>>>> Aleksa Sarai >>>>> Docker Core Specialist >>>>> SUSE Australia >>>>> https://www.cyphar.com/ >>>>> >>>>> _______________________________________________ >>>>> Containers mailing list >>>>> Containers at lists.suse.com >>>>> >>>>> http://lists.suse.com/mailman/listinfo/containers >>>>> >>>> >>>> >>> >>> >>> _______________________________________________ >>> Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers >>> >>> >>> >>> _______________________________________________ >>> Containers mailing list >>> Containers at lists.suse.com >>> http://lists.suse.com/mailman/listinfo/containers >>> >>> >> >> >> _______________________________________________ >> Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers >> >> >> >> _______________________________________________ >> Containers mailing list >> Containers at lists.suse.com >> http://lists.suse.com/mailman/listinfo/containers >> >> > > > _______________________________________________ > Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers > > > > _______________________________________________ > Containers mailing list > Containers at lists.suse.com > http://lists.suse.com/mailman/listinfo/containers > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From benjo11111 at gmail.com Thu Jan 28 14:22:49 2016 From: benjo11111 at gmail.com (Benjamin Fernandis) Date: Fri, 29 Jan 2016 10:22:49 +1300 Subject: [Containers] integration with existing registry and ldap authentication In-Reply-To: <56A9E75B.6050302@suse.de> References: <569DFEFB.7090707@suse.de> <56A02D98.9030600@suse.de> <56A0B3B5.20206@suse.de> <56A1F0A9.8010909@suse.de> <56A5EE62.3050909@suse.de> <56A9E75B.6050302@suse.de> Message-ID: Hi Jordi, Thanks for your reply, Yes in my before mails, I setup opensuse vm in which i configure portus by rpm and it was working fine but I was facing same problem with docker login cli and in logs I found proxy as we have proxy in network and trouble shoot this problem , currently I deploy portus and other components in container on one physical machine as mentioned above. Can you please once again look on my above docker container configuration and suggest me if is there any configuration problem ? I am thinking that I am doing little mistake here which doesn't come in notice, we define below environment variables in registry container, is it correct ? -e REGISTRY_AUTH_TOKEN_ISSUER= \ -e REGISTRY_AUTH_TOKEN_REALM="http://" \ -e REGISTRY_AUTH_TOKEN_SERVICE=">CONTAINER_IP:5000 >" \ Thanks On Thu, Jan 28, 2016 at 11:03 PM, Jordi Massaguer Pla wrote: > Hi Benjamin, > > for some reason I misunderstood you and I thought you were using the RPMs. > We'll try to reproduce your setup and tell you what is missing. > > regards > > jordi > > > On 01/26/2016 10:26 PM, Benjamin Fernandis wrote: > > Hi, > > To test it out of proxy, I setup portus, registry as container on single > physical machine which is out of proxy configuration. > > my docker file for registry : > > docker run \ > --name registry \ > -e REGISTRY_LOG_LEVEL=debug \ > --net=host \ > -e SEARCH_BACKEND=sqlalchemy \ > -e REGISTRY_AUTH_TOKEN_ISSUER="10.17.1.22" \ > -e REGISTRY_AUTH_TOKEN_REALM="http://10.17.1.22:3000/v2/token" \ > -e REGISTRY_AUTH_TOKEN_SERVICE="10.17.1.22:5000" \ > -v /etc/localtime:/etc/localtime:ro \ > -v `pwd`/data:/var/lib/registry \ > registry:2.1 > > > docker file portus : > > docker run \ > -d --restart=always --name portus \ > --net=host \ > -e PORTUS_MACHINE_FQDN="hostname" \ > -e PORTUS_KEY_PATH="key.pem" \ > -e PORTUS_LDAP_ENABLED=true \ > -e PORTUS_LDAP_HOSTNAME=ldap.example.com \ > -e PORTUS_LDAP_PORT=389 \ > -e PORTUS_LDAP_METHOD=plain \ > -e PORTUS_LDAP_BASE="xyz" \ > -e PORTUS_LDAP_UID="xyz" \ > -e PORTUS_LDAP_AUTHENTICATION_ENABLED=true \ > -e PORTUS_LDAP_AUTHENTICATION_BIND_DN="xyz" \ > -e PORTUS_LDAP_AUTHENTICATION_PASSWORD="xyz" \ > -e PORTUS_PRODUCTION_HOST=10.17.1.22 \ > -e PORTUS_PRODUCTION_DATABASE=portus \ > -e PORTUS_PRODUCTION_USERNAME=portus \ > -e PORTUS_PRODUCTION_PASSWORD=portuspassword \ > -e PORTUS_GRAVATAR_ENABLED=true \ > -e PORTUS_PASSWORD="portuspassword" \ > -e PORTUS_SECRET_KEY_BASE="xyz" \ > -e REGISTRY_USE_SSL=true \ > -e PORTUS_CHECK_SSL_USAGE_ENABLED=false \ > -e CATALOG_CRON="2.minutes" \ > sshipway/portus:2.0.0 > > > > After running both reigstry and portus, I can do ldap login by web page of > portus and add registry. > > # curl -ik --user $user:$password > > http://10.17.1.22:3000/v2/token?account=$user\&service=10.17.1.22:5000 > HTTP/1.1 200 OK > X-Frame-Options: SAMEORIGIN > X-XSS-Protection: 1; mode=block > X-Content-Type-Options: nosniff > Content-Type: application/json; charset=utf-8 > ETag: W/"948072053b84e6aa8ca2d7e830bba73c" > Cache-Control: max-age=0, private, must-revalidate > Set-Cookie: > _portus_session=M2dxWkNmWFBzMmo1NGhzYTlpOEIzNWtLTVBPazl0RnRMVHdzMzhjWnZqVDZWZXdWMnVIWjlrYVFrQk5rZGFYMEVvRWRDR2hOMVFUaGltZHZOL05NY1E9PS0tekE4RDRZUTVPdnhZakhjbkZZS0I2UT09--8a3bd444275d60c9dd9a71ff5ef4310ad2fd2422; > path=/; HttpOnly > X-Request-Id: 3d602c82-5445-46f3-b8ba-6d187e060dd7 > X-Runtime: 5.052285 > Transfer-Encoding: chunked > > > {"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IllGVEM6MjNSUjpCRUJBOktSTDc6SkFKUjpTSFg0OkEzNks6TU5LSzpBWTVTOlpMWlg6UVBQVzpSMk02In0.eyJpc3MiOiJvcGVuc3RhY2sucGZyLmNvLm56Iiwic3ViIjoiIiwiYXVkIjoiMTAuMTcuMS4yMjo1MDAwIiwiaWF0IjoxNDUzODQzMzMzLCJuYmYiOjE0NTM4NDMzMjgsImV4cCI6MTQ1Mzg0MzYzMywianRpIjoiNlQ4Wk1vajQzeEh5aGlQcnNhWlNmdmVmYjNZQ285NFhzU3FGVXFxNTgxIn0.iG6iKw8BFogtXF50b0Zhy7LVFv1hetvQu1UCKPSLmAIbnkH3_F_-oHjJ7l6OeHvTyIxc_aa5EQ9CPIbDfW9xFmHS436FsLYlq64c8PqC6sgTAGVmDSzsUHReLG0H9cRHv7kVtbGJkR_4Bim4tjR3DWho2QyuaEQ8GzA6XnhRGfqe25SPMT48YAijDRs6R_X0jVMiJQBecLZ620tapGdmC9gm1qKAeinQbY2SmcYCyi6MV-VFbApWuY9Nzc71HRYW4I4AH1Gle9sG3p9ua82-7Bj6T0zykqbx8iJ5KvBhMnxz9lqtdO40m_sZiSpvepuxRO-VUy5M-Yi_8qb8rCKhhA"} > > > And when i tried , docker login 10.17.1.22:5000 > Username: user > Password: > Email: email-id > Error response from daemon: no successful auth challenge for > http://10.17.1.22:5000/v2/ - errors: [] > > > registry logs : > > > > > time="2016-01-27T10:20:03.057481195+13:00" level=debug msg="authorizing > request" http.request.host="10.17.1.22:5000" http.request.id=ce2dd545-d0bf-42da-a3b8-a5f143a842d0 > http.request.method=GET http.request.remoteaddr="10.17.1.22:45211" > http.request.uri="/v2/" http.request.useragent="docker/1.8.2-el7.centos > go/go1.4.2 kernel/3.10.0-229.14.1.el7.x86_64 os/linux arch/amd64" > instance.id=4bce4b2e-9bb0-4a36-911e-18f7729ee1a2 service=registry > version=v2.1.1 > > time="2016-01-27T10:20:03.057594847+13:00" level=info msg="response > completed" http.request.host="10.17.1.22:5000" http.request.id=ce2dd545-d0bf-42da-a3b8-a5f143a842d0 > http.request.method=GET http.request.remoteaddr="10.17.1.22:45211" > http.request.uri="/v2/" http.request.useragent="docker/1.8.2-el7.centos > go/go1.4.2 kernel/3.10.0-229.14.1.el7.x86_64 os/linux arch/amd64" > http.response.contenttype="application/json; charset=utf-8" > http.response.duration=3.085575ms http.response.status=200 > http.response.written=2 instance.id=4bce4b2e-9bb0-4a36-911e-18f7729ee1a2 > service=registry version=v2.1.1 > > 10.17.1.22 - - [27/Jan/2016:10:20:03 +1300] "GET /v2/ HTTP/1.1" 200 2 "" > "docker/1.8.2-el7.centos go/go1.4.2 kernel/3.10.0-229.14.1.el7.x86_64 > os/linux arch/amd64" > > > please correct me if I am doing any configuration mistake. Suggest me pls > to resolve this. > > I am not using docker registry with ssl. I configured --insecure-registry > in docker config. > > 10.17.1.22 is IP of physical machine which is on centos 7 where I deployed > portus and registry container. > > Regards > Ben > > On Mon, Jan 25, 2016 at 10:44 PM, Jordi Massaguer Pla < > jmassaguerpla at suse.de> wrote: > >> I am bit confused... the log you are sending us states >> >> http.response.status=200 >> >> I don't see any error on the authentication nor in the certificates ... >> >> May it be a problem because of the proxy you have? Can you try without >> the proxy? Like running docker where you have the registry or Portus >> installed? If that were the problem, we can narrow it and try to reproduce >> it. >> >> This is how it works: docker tries to login to the registry and this >> forwards/delegates the authentication to Portus, which in its turn, uses >> ldap for that. >> >> thanks >> >> >> >> On 01/24/2016 10:59 PM, Benjamin Fernandis wrote: >> >> Hi, >> >> I added -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" as >> suggested above. And enabled debug mode with stout log massages as >> suggested. >> >> Now i can see below logs, >> >> time="2016-01-25T09:50:15.967721182+13:00" level=debug >> msg="filesystem.List(\"/\")" instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 >> service=registry trace.duration=125.467?s trace.file="/go/src/ >> github.com/docker/distribution/registry/storage/driver/base/base.go" >> trace.func=" >> github.com/docker/distribution/registry/storage/driver/base.(*Base).List >> " >> trace.id=474f03d6-233f-4a6a-97d8-307fc389b594 trace.line=123 >> version=v2.1.1 >> >> time="2016-01-25T09:50:25.806341211+13:00" level=debug msg="authorizing >> request" http.request.host="192.168.1.20:5000" http.request.id=6b96abae-ecca-4891-ab53-18f9d5babe4a >> http.request.method=GET http.request.remoteaddr="192.168.1.30:21734" >> http.request.uri="/v2/" http.request.useragent="docker/1.9.1-fc23 >> go/go1.5.1 git-commit/110aed2-dirty kernel/4.3.3-300.fc23.x86_64 os/linux >> arch/amd64" instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 >> service=registry version=v2.1.1 >> >> time="2016-01-25T09:50:25.806495043+13:00" level=info msg="response >> completed" http.request.host="192.168.1.20:5000" http.request.id=6b96abae-ecca-4891-ab53-18f9d5babe4a >> http.request.method=GET http.request.remoteaddr="192.168.1.30:21734" >> http.request.uri="/v2/" http.request.useragent="docker/1.9.1-fc23 >> go/go1.5.1 git-commit/110aed2-dirty kernel/4.3.3-300.fc23.x86_64 os/linux >> arch/amd64" http.response.contenttype="application/json; charset=utf-8" >> http.response.duration=4.930233ms http.response.status=200 >> http.response.written=2 instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 >> service=registry version=v2.1.1 >> >> 192.168.1.30 -- [25/Jan/2016:09:50:25 +1300] "GET /v2/ HTTP/1.1" 200 2 "" >> "docker/1.9.1-fc23 go/go1.5.1 git-commit/110aed2-dirty >> kernel/4.3.3-300.fc23.x86_64 os/linux arch/amd64" >> >> time="2016-01-25T09:50:25.967676129+13:00" level=debug >> msg="filesystem.List(\"/\")" instance.id=92f79a6e-4330-422b-9833-03bd9201b3a6 >> service=registry trace.duration=110.255?s trace.file="/go/src/ >> github.com/docker/distribution/registry/storage/driver/base/base.go" >> trace.func=" >> github.com/docker/distribution/registry/storage/driver/base.(*Base).List >> " >> trace.id=9e90391a-ff1d-4122-a73e-188388ebd28b trace.line=123 >> version=v2.1.1 >> >> >> we have proxy in network and its IP 192.168.1.30. >> >> I am not using ssl certificate here and i set insecure-registry in >> configuration. >> >> I enabled ldap in portus and i can do ldap authentication for portus >> interface access. >> >> Here, my confusion is that, when i do docker login 192.168.1.20:5000 , >> is it goes to portus for ldap authentication check for entering username >> /passwd and email id in docker login command ? or >> >> Here i haven't configure any nginx or any other setup. >> >> Please let me know if i m missing anything here. >> >> my docker registry command, >> >> docker run \ >> -d --restart=always --name registry \ >> -e REGISTRY_LOG_LEVEL=debug \ >> -p 5000:5000 \ >> -e SEARCH_BACKEND=sqlalchemy \ >> -e REGISTRY_AUTH_TOKEN_REALM=" >> http://192.168.1.20:3000/v2/token" \ >> -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ >> -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ >> -v /home/test/data:/var/lib/registry \ >> registry:2.1 >> >> On Fri, Jan 22, 2016 at 10:04 PM, Jordi Massaguer Pla < >> jmassaguerpla at suse.de> wrote: >> >>> >>> >>> On 01/21/2016 09:41 PM, Benjamin Fernandis wrote: >>> >>> Hi, >>> >>> I have docker registry on another host and portus i opensuse vm. >>> >>> currently I can do ldap authentication to access portus web interface >>> and i can see global name space and my own namespace, all working in that. >>> >>> but when i tried to do docker login not working. >>> And i got Error response from daemon: no successful auth challenge for >>> http://192.168.1.20:5000/v2/ - errors: [] >>> >>> portus (opensuse vm ) - 192.168.1.10 >>> docker (registry container on different host but it is accessible from >>> portus ) - 192.168.1.20:5000 >>> >>> Do i require to do any other configuration for this or ? >>> >>> >>> Please try the following. On 192.168.1.20, stop registry as a daemon and >>> start it manually. If it is SUSE, you can do that with >>> >>> sudo registry /etc/config.yml >>> >>> This will show you the log in the stdout. >>> >>> Then try again and look for a better explanation of the error. >>> >>> You may want also to enable debug in config.yml file. >>> >>> My guess is that you may have some ssl certs issues. Communication >>> between portus and the registry is done using ssl certificates. You can try >>> running registry with and insecure flag (see registry --help) to test if >>> that is the case. If so, you need to add portus certificate in your system. >>> >>> In order to do that, you need to add your certificate authority >>> (*ca.crt) into /etc/pki/trust/anchors/ and then run sudo >>> update-ca-certificates (assuming you are running suse). >>> >>> I hope this helps. >>> >>> Otherwise, send us the output of the registry command which may give us >>> a clue. >>> >>> >>> >>> >>> On Thu, Jan 21, 2016 at 11:32 PM, Jordi Massaguer Pla < >>> jmassaguerpla at suse.de> wrote: >>> >>>> I guess you have not run portusctl command. >>>> >>>> After installing the rpm, you need to run >>>> >>>> "portusctl setup --local-registry" >>>> >>>> I am assuming you have a docker registry running on your box (install >>>> it with zypper install docker-distribution-registry) >>>> >>>> Also, make sure you have mariadb installed and running. >>>> >>>> cheers >>>> >>>> On 01/21/2016 03:12 AM, Benjamin Fernandis wrote: >>>> >>>> i pass below variable to docker registry container , >>>> >>>> docker run \ >>>> -d --restart=always --name registry \ >>>> -e REGISTRY_LOG_LEVEL=debug \ >>>> -p 5000:5000 \ >>>> -e SEARCH_BACKEND=sqlalchemy \ >>>> -e REGISTRY_AUTH_TOKEN_REALM="http://192.168.1.20:3000/v2/token" \ >>>> -e REGISTRY_AUTH_TOKEN_SERVICE="192.168.1.20:5000" \ >>>> -v /home/test/data:/var/lib/registry \ >>>> registry:2.1 >>>> >>>> where 192.168.1.20 is IP for docker registry. >>>> >>>> but still i can not do login by docker login command line. Do i require >>>> to add anything in portus ? >>>> >>>> On Thu, Jan 21, 2016 at 2:04 PM, Benjamin Fernandis < >>>> benjo11111 at gmail.com> wrote: >>>> >>>>> I deployed portus on oepnsuse. I can not find /etc/registry/cofig.yml >>>>> file in portus machine. >>>>> >>>>> do i require to add above lines in docker registry container or in >>>>> portus vm? >>>>> >>>>> >>>>> On Thu, Jan 21, 2016 at 2:00 PM, Aleksa Sarai < >>>>> asarai at suse.de> wrote: >>>>> >>>>>> On 01/21/2016 11:53 AM, Benjamin Fernandis wrote: >>>>>> >>>>>>> Hi Miquel, >>>>>>> >>>>>>> I deployed rpm version on opensuse and it is working fine. >>>>>>> >>>>>>> Can you please guide me what is require to enable login in docker >>>>>>> command line. >>>>>>> >>>>>>> currently i tested portus integration with docker registry and ldap >>>>>>> authentication to pourtus from web interface. >>>>>>> >>>>>>> trying to do command line docker login and getting below error. >>>>>>> >>>>>>> Error response from daemon: no successful auth challenge for >>>>>>> http://192.168.1.20:5000/v2/ - >>>>>>> errors: [] >>>>>>> >>>>>> >>>>>> Are you running Portus using docker-compose? If so, you need >>>>>> docker-compose version 1.5.2 or later. >>>>>> >>>>>> Otherwise, please make sure that your *daemon* can access the IP >>>>>> address of the docker registry given in in /etc/registry/config.yml >>>>>> in the "realm" field: >>>>>> >>>>>> auth: >>>>>> token: >>>>>> realm: >>>>>> http://172.17.0.1:3000/v2/token >>>>>> service: 172.17.0.1:5000 >>>>>> >>>>>> And that the "service" is the same as the one you registered when you >>>>>> first started Portus (this is more likely to be the cause). >>>>>> >>>>>> -- >>>>>> Aleksa Sarai >>>>>> Docker Core Specialist >>>>>> SUSE Australia >>>>>> https://www.cyphar.com/ >>>>>> >>>>>> _______________________________________________ >>>>>> Containers mailing list >>>>>> Containers at lists.suse.com >>>>>> >>>>>> http://lists.suse.com/mailman/listinfo/containers >>>>>> >>>>> >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers >>>> >>>> >>>> >>>> _______________________________________________ >>>> Containers mailing list >>>> Containers at lists.suse.com >>>> http://lists.suse.com/mailman/listinfo/containers >>>> >>>> >>> >>> >>> _______________________________________________ >>> Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers >>> >>> >>> >>> _______________________________________________ >>> Containers mailing list >>> Containers at lists.suse.com >>> http://lists.suse.com/mailman/listinfo/containers >>> >>> >> >> >> _______________________________________________ >> Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers >> >> >> >> _______________________________________________ >> Containers mailing list >> Containers at lists.suse.com >> http://lists.suse.com/mailman/listinfo/containers >> >> > > > _______________________________________________ > Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers > > > > _______________________________________________ > Containers mailing list > Containers at lists.suse.com > http://lists.suse.com/mailman/listinfo/containers > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aliok at apache.org Thu Jan 28 16:09:38 2016 From: aliok at apache.org (Ali Ok) Date: Fri, 29 Jan 2016 00:09:38 +0100 Subject: [Containers] Using local Portus as a registry explorer/manager Message-ID: Hi all, We have a private Docker registry in a remote machine used by multiple developers. Say, for some political reason, we cannot install Portus anywhere except I was wondering if installing Portus on developers' local machines and using it to manage that remote registry makes sense or not. Pretty much like this primitive tool: docker-registry-ui What do you think about this idea? Anyway, I was hoping to have this in 3 easy steps: 1. docker run portus/some-portus-image-with-no-bundled-registry -d -p 1234:5678 /some/host/dir:/portus/data/folder 2. Open localhost:xxxx 3. Enter details of the registry --> There you go. Of course I made up all of steps above. But you get the idea I hope. Is something like this already possible? Cheers, Ali -------------- next part -------------- An HTML attachment was scrubbed... URL: From aliok at apache.org Fri Jan 29 07:46:48 2016 From: aliok at apache.org (Ali Ok) Date: Fri, 29 Jan 2016 15:46:48 +0100 Subject: [Containers] Using local Portus as a registry explorer/manager In-Reply-To: <56AB7934.40507@suse.com> References: <56AB7934.40507@suse.com> Message-ID: Hi Miquel, Thanks for the information. Well, I am gonna try pushing Portus on the same machine with the registry. ...as in best practice. Cheers, Ali On Fri, Jan 29, 2016 at 3:37 PM, Miquel Sabat? Sol? wrote: > Hello, > > > On 01/29/2016 12:09 AM, Ali Ok wrote: > > Hi all, > > We have a private Docker registry in a remote machine used by multiple > developers. > Say, for some political reason, we cannot install Portus anywhere except > > I was wondering if installing Portus on developers' local machines and > using it to manage that remote registry makes sense or not. Pretty much > like this primitive tool: docker-registry-ui > > > What do you think about this idea? > > Anyway, I was hoping to have this in 3 easy steps: > > 1. docker run portus/some-portus-image-with-no-bundled-registry -d -p > 1234:5678 /some/host/dir:/portus/data/folder > 2. Open localhost:xxxx > 3. Enter details of the registry > --> There you go. > > Of course I made up all of steps above. But you get the idea I hope. > Is something like this already possible? > > Cheers, > Ali > > > _______________________________________________ > Containers mailing listContainers at lists.suse.comhttp://lists.suse.com/mailman/listinfo/containers > > > In principle it might look like it's possible, but it's not as far as I > know. > > First of all, you have to change the configuration of the registry to > point to your authorization service (Portus). I don't know if you are > allowed to do that in your case :) Anyways, let's say that you are allowed > to do that. The registry's configuration has to point to a single hostname > in the "auth" section of the configuration. Therefore, you can only point > to a specific Portus instance. This means that you cannot just install > Portus into multiple machines, since the registry can only point to one of > them. Therefore, the only way in which this is possible would be to install > it in a host where all the developers have access to. > > Moreover, you'd have the same issue with the docker-registry-ui you're > mentioning. It's just not possible as far as I know. > > Greetings, > Miquel > > _______________________________________________ > Containers mailing list > Containers at lists.suse.com > http://lists.suse.com/mailman/listinfo/containers > > -- My Blog: http://blog.aliok.com.tr Twitter: http://twitter.com/aliok_tr -------------- next part -------------- An HTML attachment was scrubbed... URL: