我正在寻找paclair的示例配置,所以我可以运行paclair来分析我存储在nexus中托管的私有Docker注册表中的docker镜像。目前我有以下配置
General:
clair_url: 'http://localhost:6060'
Plugins:
Docker:
class: paclair.plugins.docker_plugin.DockerPlugin
registries:
nexus.example.com:10009:
verify: "/etc/ssl/certs/ca-bundle.crt"
token_url: "https://nexus.example.com:10009/{image.repository}/v2/token?service=nexus.example.com:10009"
api_prefix: "api/docker/{image.repository}"
auth:
- "jdoe"
- "*****************"
这适用于docker.io上托管的Docker Images,没有任何问题,但如果我尝试使用此配置运行paclair对来自我的私有docker注册表的docker镜像,即
paclair --debug Docker https://nexus.example.com:10009/myApp:1.0 push
似乎paclair跳过针对nexus.example.com的登录,我没有看到以下输出的原因:
Reading section Plugins in file /etc/paclair.conf
Reading section General in file /etc/paclair.conf
Reading plugin Docker
Configuration {'class': 'paclair.plugins.docker_plugin.DockerPlugin', 'registries': {'nexus.example.com:10009': {'api_prefix': 'api/docker/{image.repository}', 'token_url': 'https://nexus.example.com:10009/{image.repository}/v2/token?service=nexus.example.com', 'verify': '/etc/ssl/certs/ca-bundle.crt', 'auth': ['', '*****************']}}}
INITCLASS:DOMAIN:nexus.example.com:10009
INITCLASS:API_PREFIX:api/docker/{image.repository}
INITCLASS:API_PROTOCOL:https
INITCLASS:API_VERIFY:/etc/ssl/certs/ca-bundle.crt
INITCLASS:TOKEN_URL:https://nexus.example.com:10009/{image.repository}/v2/token?service=nexus.example.com
INITCLASS:TOKEN:None
INITCLASS:TOKEN_TYPE:Bearer
INITCLASS:DOMAIN:registry.hub.docker.com
INITCLASS:API_PREFIX:
INITCLASS:API_PROTOCOL:https
INITCLASS:API_VERIFY:True
INITCLASS:TOKEN_URL:None
INITCLASS:TOKEN:None
INITCLASS:TOKEN_TYPE:Bearer
Push https://nexus.example.com:10009/fidelia:1.8.12-all with plugin Docker
INITCLASS:NAMEIMAGE:library/https
INITCLASS:TAG:latest
INITCLASS:REPOSITORY:
Creating ancestry
REQUEST_BASE_API_URL_FOR_TOKEN_ENDPOINT:URL:https://registry.hub.docker.com/v2/
Starting new HTTPS connection (1): registry.hub.docker.com:443
https://registry.hub.docker.com:443 "GET /v2/ HTTP/1.1" 401 87
TOKEN_URL:https://auth.docker.io/token?client_id=paclair&service=registry.docker.io&scope=repository:{image.name}:pull
REQUEST_TOKEN:URL:https://auth.docker.io/token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull
Starting new HTTPS connection (1): auth.docker.io:443
https://auth.docker.io:443 "GET /token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull HTTP/1.1" 200 None
TOKEN:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDK2pDQ0FwK2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXpzeVYwNVpPbFZMUzFJNlJFMUVVanBTU1U5Rk9reEhOa0U2UTFWWVZEcE5SbFZNT2tZelNFVTZOVkF5VlRwTFNqTkdPa05CTmxrNlNrbEVVVEFlRncweE9EQXlNVFF5TXpBMk5EZGFGdzB4T1RBeU1UUXlNekEyTkRkYU1FWXhSREJDQmdOVkJBTVRPMVpCUTFZNk5VNWFNenBNTkZSWk9sQlFTbGc2VWsxQlZEcEdWalpQT2xZMU1sTTZRa2szV2pwU1REVk9PbGhXVDBJNlFsTmFSanBHVTFRMk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMGtyTmgyZWxESnVvYjVERWd5Wi9oZ3l1ZlpxNHo0OXdvNStGRnFRK3VPTGNCMDRyc3N4cnVNdm1aSzJZQ0RSRVRERU9xNW5keEVMMHNaTE51UXRMSlNRdFY1YUhlY2dQVFRkeVJHUTl2aURPWGlqNFBocE40R0N0eFV6YTNKWlNDZC9qbm1YbmtUeDViOElUWXBCZzg2TGNUdmMyRFVUV2tHNy91UThrVjVPNFFxNlZKY05TUWRId1B2Mmp4YWRZa3hBMnhaaWNvRFNFQlpjWGRneUFCRWI2YkRnUzV3QjdtYjRRVXBuM3FXRnRqdCttKzBsdDZOR3hvenNOSFJHd3EwakpqNWtZbWFnWHpEQm5NQ3l5eDFBWFpkMHBNaUlPSjhsaDhRQ09GMStsMkVuV1U1K0thaTZKYVNEOFZJc2VrRzB3YXd4T1dER3U0YzYreE1XYUx3SURBUUFCbzRHeU1JR3ZNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVBCZ05WSFNVRUNEQUdCZ1JWSFNVQU1FUUdBMVVkRGdROUJEdFdRVU5XT2pWT1dqTTZURFJVV1RwUVVFcFlPbEpOUVZRNlJsWTJUenBXTlRKVE9rSkpOMW82VWt3MVRqcFlWazlDT2tKVFdrWTZSbE5VTmpCR0JnTlZIU01FUHpBOWdEc3lWMDVaT2xWTFMxSTZSRTFFVWpwU1NVOUZPa3hITmtFNlExVllWRHBOUmxWTU9rWXpTRVU2TlZBeVZUcExTak5HT2tOQk5sazZTa2xFVVRBS0JnZ3Foa2pPUFFRREFnTkpBREJHQWlFQWdZTWF3Si9uMXM0dDlva0VhRjh2aGVkeURzbERObWNyTHNRNldmWTFmRTRDSVFEbzNWazJXcndiSjNmU1dwZEVjT3hNazZ1ZEFwK2c1Nkd6TjlRSGFNeVZ1QT09Il19.eyJhY2Nlc3MiOltdLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuaW8iLCJleHAiOjE1NDIwMzA2MDUsImlhdCI6MTU0MjAzMDMwNSwiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiJ6SkZ3RktUd1pqdXpSOVRqbEprbCIsIm5iZiI6MTU0MjAzMDAwNSwic3ViIjoiIn0.NG95HQofUfM8llZy7ucWAOPMUoCBE0yPtKufWZPLAQNIqRwHrG4howBEfXiVGFW0qZKMZUfj87rsTZoy0J7zb9gyLfDkbo8I_LZz8XocCSBDCNsaHux1GkwEYI0cnztUDJZuyXtYRzNou1MM3aNRyAFRrV7FHyJq0CX8NZG3eLs_GHOGwDVopjRY-xMv_i-Q7kdsYDwWA3znL7lpDBOtGhFMmAKgwmvg6vSzJGrfNB6RQqvT9YrMeF7xI0Fp5r_a67eFnDQCCstwldJ3CEZfyy13sOlbhZL6wwcqrBSstH-S2K2Pw5uf1Kbdri8VfdJCxktCXl_iu4X0KYDHSOTx9w
REQUESTMANIFESTS:https://registry.hub.docker.com/v2/library/https/manifests/latest
REQUEST_TOKEN:URL:https://auth.docker.io/token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull
Starting new HTTPS connection (1): auth.docker.io:443
https://auth.docker.io:443 "GET /token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull HTTP/1.1" 200 None
TOKEN:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDK2pDQ0FwK2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXpzeVYwNVpPbFZMUzFJNlJFMUVVanBTU1U5Rk9reEhOa0U2UTFWWVZEcE5SbFZNT2tZelNFVTZOVkF5VlRwTFNqTkdPa05CTmxrNlNrbEVVVEFlRncweE9EQXlNVFF5TXpBMk5EZGFGdzB4T1RBeU1UUXlNekEyTkRkYU1FWXhSREJDQmdOVkJBTVRPMVpCUTFZNk5VNWFNenBNTkZSWk9sQlFTbGc2VWsxQlZEcEdWalpQT2xZMU1sTTZRa2szV2pwU1REVk9PbGhXVDBJNlFsTmFSanBHVTFRMk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMGtyTmgyZWxESnVvYjVERWd5Wi9oZ3l1ZlpxNHo0OXdvNStGRnFRK3VPTGNCMDRyc3N4cnVNdm1aSzJZQ0RSRVRERU9xNW5keEVMMHNaTE51UXRMSlNRdFY1YUhlY2dQVFRkeVJHUTl2aURPWGlqNFBocE40R0N0eFV6YTNKWlNDZC9qbm1YbmtUeDViOElUWXBCZzg2TGNUdmMyRFVUV2tHNy91UThrVjVPNFFxNlZKY05TUWRId1B2Mmp4YWRZa3hBMnhaaWNvRFNFQlpjWGRneUFCRWI2YkRnUzV3QjdtYjRRVXBuM3FXRnRqdCttKzBsdDZOR3hvenNOSFJHd3EwakpqNWtZbWFnWHpEQm5NQ3l5eDFBWFpkMHBNaUlPSjhsaDhRQ09GMStsMkVuV1U1K0thaTZKYVNEOFZJc2VrRzB3YXd4T1dER3U0YzYreE1XYUx3SURBUUFCbzRHeU1JR3ZNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVBCZ05WSFNVRUNEQUdCZ1JWSFNVQU1FUUdBMVVkRGdROUJEdFdRVU5XT2pWT1dqTTZURFJVV1RwUVVFcFlPbEpOUVZRNlJsWTJUenBXTlRKVE9rSkpOMW82VWt3MVRqcFlWazlDT2tKVFdrWTZSbE5VTmpCR0JnTlZIU01FUHpBOWdEc3lWMDVaT2xWTFMxSTZSRTFFVWpwU1NVOUZPa3hITmtFNlExVllWRHBOUmxWTU9rWXpTRVU2TlZBeVZUcExTak5HT2tOQk5sazZTa2xFVVRBS0JnZ3Foa2pPUFFRREFnTkpBREJHQWlFQWdZTWF3Si9uMXM0dDlva0VhRjh2aGVkeURzbERObWNyTHNRNldmWTFmRTRDSVFEbzNWazJXcndiSjNmU1dwZEVjT3hNazZ1ZEFwK2c1Nkd6TjlRSGFNeVZ1QT09Il19.eyJhY2Nlc3MiOltdLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuaW8iLCJleHAiOjE1NDIwMzA2MDYsImlhdCI6MTU0MjAzMDMwNiwiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiJtTDJPTkxuRkN5ZmFUdmNkZlNWYSIsIm5iZiI6MTU0MjAzMDAwNiwic3ViIjoiIn0.LmDr8aGuoyrn1gWTmGpmsaw9odSaSFCjstKHRj5RcL97AC2ixx0I3UIpJJzqb0blhLbxZFxdXmEBmI-c6WY9tTCrvXfrZwrJqDQFa1_K1gWMMKoaTj3oPyB9FKB9z0FeSfttXmHOhd6E7q4v67Ba7bcMqGyu6pfWJu66POtgVrbUjnqM7GFqkBrwtu9HQnzN1bJI15r-lWW-e11nc4FCzMqYLSiKa0srE59D3jZpt01RZhlu9oVdu2fMTmlHOWJBjQR-HSPEKh7yMy2-9FpSzIVQdQWM1_HI8CZPE6HAOp06QMRCQW-IYmHcl_Fqw8HAplwGYsImikLIqn39B2uBgA
Starting new HTTPS connection (1): registry.hub.docker.com:443
https://registry.hub.docker.com:443 "GET /v2/library/https/manifests/latest HTTP/1.1" 401 156
MANIFESTS:HTTPCODEERROR:401
Error treating https://nexus.example.com:10009/fidelia:1.8.12-all
Error access to : https://registry.hub.docker.com/v2/library/https/manifests/latest
Code Error : 401
也许有人在这里可以给我一个暗示我如何配置paclair反对私人nexus-docker-registry最好的问候Dan
您的问题应该通过paclair的3.1.1版解决。您在注册表中使用自定义端口,旧版本不支持它。这就是为什么应用程序试图访问docker.com而不是您的自定义注册表。