stackoom
  简体   繁体   中英

Configuration to analyse docker-images with paclair for clair from nexus

 原文  2018-11-12 13:57:21       docker/ nexus/ clair

Question

I am looking for an example-configuration for paclair so I can run paclair to analyse docker images which I stored in a private Docker registry which is hosted in nexus. At the moment I have the following configuration 

General:
  clair_url: 'http://localhost:6060'
Plugins:
  Docker:
    class: paclair.plugins.docker_plugin.DockerPlugin
    registries:
      nexus.example.com:10009:
        verify: "/etc/ssl/certs/ca-bundle.crt"
        token_url: "https://nexus.example.com:10009/{image.repository}/v2/token?service=nexus.example.com:10009"
        api_prefix: "api/docker/{image.repository}"
        auth:
          - "jdoe"
          - "*****************"

and this works for Docker Images which are hosted on docker.io without any problems but if I try to run paclair with this configuration against a docker image from my private docker registry ie 

paclair --debug Docker https://nexus.example.com:10009/myApp:1.0 push

it seems paclair skips the login against nexus.example.com and I don't see the reason with the following output: 

Reading section Plugins in file /etc/paclair.conf
Reading section General in file /etc/paclair.conf
Reading plugin Docker
Configuration {'class': 'paclair.plugins.docker_plugin.DockerPlugin', 'registries': {'nexus.example.com:10009': {'api_prefix': 'api/docker/{image.repository}', 'token_url': 'https://nexus.example.com:10009/{image.repository}/v2/token?service=nexus.example.com', 'verify': '/etc/ssl/certs/ca-bundle.crt', 'auth': ['', '*****************']}}}
INITCLASS:DOMAIN:nexus.example.com:10009
INITCLASS:API_PREFIX:api/docker/{image.repository}
INITCLASS:API_PROTOCOL:https
INITCLASS:API_VERIFY:/etc/ssl/certs/ca-bundle.crt
INITCLASS:TOKEN_URL:https://nexus.example.com:10009/{image.repository}/v2/token?service=nexus.example.com
INITCLASS:TOKEN:None
INITCLASS:TOKEN_TYPE:Bearer
INITCLASS:DOMAIN:registry.hub.docker.com
INITCLASS:API_PREFIX:
INITCLASS:API_PROTOCOL:https
INITCLASS:API_VERIFY:True
INITCLASS:TOKEN_URL:None
INITCLASS:TOKEN:None
INITCLASS:TOKEN_TYPE:Bearer
Push https://nexus.example.com:10009/fidelia:1.8.12-all with plugin Docker
INITCLASS:NAMEIMAGE:library/https
INITCLASS:TAG:latest
INITCLASS:REPOSITORY:
Creating  ancestry
REQUEST_BASE_API_URL_FOR_TOKEN_ENDPOINT:URL:https://registry.hub.docker.com/v2/
Starting new HTTPS connection (1): registry.hub.docker.com:443
https://registry.hub.docker.com:443 "GET /v2/ HTTP/1.1" 401 87
TOKEN_URL:https://auth.docker.io/token?client_id=paclair&service=registry.docker.io&scope=repository:{image.name}:pull
REQUEST_TOKEN:URL:https://auth.docker.io/token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull
Starting new HTTPS connection (1): auth.docker.io:443
https://auth.docker.io:443 "GET /token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull HTTP/1.1" 200 None
TOKEN:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDK2pDQ0FwK2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXpzeVYwNVpPbFZMUzFJNlJFMUVVanBTU1U5Rk9reEhOa0U2UTFWWVZEcE5SbFZNT2tZelNFVTZOVkF5VlRwTFNqTkdPa05CTmxrNlNrbEVVVEFlRncweE9EQXlNVFF5TXpBMk5EZGFGdzB4T1RBeU1UUXlNekEyTkRkYU1FWXhSREJDQmdOVkJBTVRPMVpCUTFZNk5VNWFNenBNTkZSWk9sQlFTbGc2VWsxQlZEcEdWalpQT2xZMU1sTTZRa2szV2pwU1REVk9PbGhXVDBJNlFsTmFSanBHVTFRMk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMGtyTmgyZWxESnVvYjVERWd5Wi9oZ3l1ZlpxNHo0OXdvNStGRnFRK3VPTGNCMDRyc3N4cnVNdm1aSzJZQ0RSRVRERU9xNW5keEVMMHNaTE51UXRMSlNRdFY1YUhlY2dQVFRkeVJHUTl2aURPWGlqNFBocE40R0N0eFV6YTNKWlNDZC9qbm1YbmtUeDViOElUWXBCZzg2TGNUdmMyRFVUV2tHNy91UThrVjVPNFFxNlZKY05TUWRId1B2Mmp4YWRZa3hBMnhaaWNvRFNFQlpjWGRneUFCRWI2YkRnUzV3QjdtYjRRVXBuM3FXRnRqdCttKzBsdDZOR3hvenNOSFJHd3EwakpqNWtZbWFnWHpEQm5NQ3l5eDFBWFpkMHBNaUlPSjhsaDhRQ09GMStsMkVuV1U1K0thaTZKYVNEOFZJc2VrRzB3YXd4T1dER3U0YzYreE1XYUx3SURBUUFCbzRHeU1JR3ZNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVBCZ05WSFNVRUNEQUdCZ1JWSFNVQU1FUUdBMVVkRGdROUJEdFdRVU5XT2pWT1dqTTZURFJVV1RwUVVFcFlPbEpOUVZRNlJsWTJUenBXTlRKVE9rSkpOMW82VWt3MVRqcFlWazlDT2tKVFdrWTZSbE5VTmpCR0JnTlZIU01FUHpBOWdEc3lWMDVaT2xWTFMxSTZSRTFFVWpwU1NVOUZPa3hITmtFNlExVllWRHBOUmxWTU9rWXpTRVU2TlZBeVZUcExTak5HT2tOQk5sazZTa2xFVVRBS0JnZ3Foa2pPUFFRREFnTkpBREJHQWlFQWdZTWF3Si9uMXM0dDlva0VhRjh2aGVkeURzbERObWNyTHNRNldmWTFmRTRDSVFEbzNWazJXcndiSjNmU1dwZEVjT3hNazZ1ZEFwK2c1Nkd6TjlRSGFNeVZ1QT09Il19.eyJhY2Nlc3MiOltdLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuaW8iLCJleHAiOjE1NDIwMzA2MDUsImlhdCI6MTU0MjAzMDMwNSwiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiJ6SkZ3RktUd1pqdXpSOVRqbEprbCIsIm5iZiI6MTU0MjAzMDAwNSwic3ViIjoiIn0.NG95HQofUfM8llZy7ucWAOPMUoCBE0yPtKufWZPLAQNIqRwHrG4howBEfXiVGFW0qZKMZUfj87rsTZoy0J7zb9gyLfDkbo8I_LZz8XocCSBDCNsaHux1GkwEYI0cnztUDJZuyXtYRzNou1MM3aNRyAFRrV7FHyJq0CX8NZG3eLs_GHOGwDVopjRY-xMv_i-Q7kdsYDwWA3znL7lpDBOtGhFMmAKgwmvg6vSzJGrfNB6RQqvT9YrMeF7xI0Fp5r_a67eFnDQCCstwldJ3CEZfyy13sOlbhZL6wwcqrBSstH-S2K2Pw5uf1Kbdri8VfdJCxktCXl_iu4X0KYDHSOTx9w
REQUESTMANIFESTS:https://registry.hub.docker.com/v2/library/https/manifests/latest
REQUEST_TOKEN:URL:https://auth.docker.io/token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull
Starting new HTTPS connection (1): auth.docker.io:443
https://auth.docker.io:443 "GET /token?client_id=paclair&service=registry.docker.io&scope=repository:library/https:pull HTTP/1.1" 200 None
TOKEN:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDK2pDQ0FwK2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXpzeVYwNVpPbFZMUzFJNlJFMUVVanBTU1U5Rk9reEhOa0U2UTFWWVZEcE5SbFZNT2tZelNFVTZOVkF5VlRwTFNqTkdPa05CTmxrNlNrbEVVVEFlRncweE9EQXlNVFF5TXpBMk5EZGFGdzB4T1RBeU1UUXlNekEyTkRkYU1FWXhSREJDQmdOVkJBTVRPMVpCUTFZNk5VNWFNenBNTkZSWk9sQlFTbGc2VWsxQlZEcEdWalpQT2xZMU1sTTZRa2szV2pwU1REVk9PbGhXVDBJNlFsTmFSanBHVTFRMk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMGtyTmgyZWxESnVvYjVERWd5Wi9oZ3l1ZlpxNHo0OXdvNStGRnFRK3VPTGNCMDRyc3N4cnVNdm1aSzJZQ0RSRVRERU9xNW5keEVMMHNaTE51UXRMSlNRdFY1YUhlY2dQVFRkeVJHUTl2aURPWGlqNFBocE40R0N0eFV6YTNKWlNDZC9qbm1YbmtUeDViOElUWXBCZzg2TGNUdmMyRFVUV2tHNy91UThrVjVPNFFxNlZKY05TUWRId1B2Mmp4YWRZa3hBMnhaaWNvRFNFQlpjWGRneUFCRWI2YkRnUzV3QjdtYjRRVXBuM3FXRnRqdCttKzBsdDZOR3hvenNOSFJHd3EwakpqNWtZbWFnWHpEQm5NQ3l5eDFBWFpkMHBNaUlPSjhsaDhRQ09GMStsMkVuV1U1K0thaTZKYVNEOFZJc2VrRzB3YXd4T1dER3U0YzYreE1XYUx3SURBUUFCbzRHeU1JR3ZNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVBCZ05WSFNVRUNEQUdCZ1JWSFNVQU1FUUdBMVVkRGdROUJEdFdRVU5XT2pWT1dqTTZURFJVV1RwUVVFcFlPbEpOUVZRNlJsWTJUenBXTlRKVE9rSkpOMW82VWt3MVRqcFlWazlDT2tKVFdrWTZSbE5VTmpCR0JnTlZIU01FUHpBOWdEc3lWMDVaT2xWTFMxSTZSRTFFVWpwU1NVOUZPa3hITmtFNlExVllWRHBOUmxWTU9rWXpTRVU2TlZBeVZUcExTak5HT2tOQk5sazZTa2xFVVRBS0JnZ3Foa2pPUFFRREFnTkpBREJHQWlFQWdZTWF3Si9uMXM0dDlva0VhRjh2aGVkeURzbERObWNyTHNRNldmWTFmRTRDSVFEbzNWazJXcndiSjNmU1dwZEVjT3hNazZ1ZEFwK2c1Nkd6TjlRSGFNeVZ1QT09Il19.eyJhY2Nlc3MiOltdLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuaW8iLCJleHAiOjE1NDIwMzA2MDYsImlhdCI6MTU0MjAzMDMwNiwiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiJtTDJPTkxuRkN5ZmFUdmNkZlNWYSIsIm5iZiI6MTU0MjAzMDAwNiwic3ViIjoiIn0.LmDr8aGuoyrn1gWTmGpmsaw9odSaSFCjstKHRj5RcL97AC2ixx0I3UIpJJzqb0blhLbxZFxdXmEBmI-c6WY9tTCrvXfrZwrJqDQFa1_K1gWMMKoaTj3oPyB9FKB9z0FeSfttXmHOhd6E7q4v67Ba7bcMqGyu6pfWJu66POtgVrbUjnqM7GFqkBrwtu9HQnzN1bJI15r-lWW-e11nc4FCzMqYLSiKa0srE59D3jZpt01RZhlu9oVdu2fMTmlHOWJBjQR-HSPEKh7yMy2-9FpSzIVQdQWM1_HI8CZPE6HAOp06QMRCQW-IYmHcl_Fqw8HAplwGYsImikLIqn39B2uBgA
Starting new HTTPS connection (1): registry.hub.docker.com:443
https://registry.hub.docker.com:443 "GET /v2/library/https/manifests/latest HTTP/1.1" 401 156
MANIFESTS:HTTPCODEERROR:401
Error treating https://nexus.example.com:10009/fidelia:1.8.12-all
Error access to : https://registry.hub.docker.com/v2/library/https/manifests/latest
Code Error : 401

Maybe someone here can give me a hint how I can configured paclair against a private nexus-docker-registry best regards Dan

1 answers

solution1
 2  2019-02-16 11:13:24

Your problem should be solved with paclair's version 3.1.1 You are using a custom port on your registry and it was not supported by older versions. That's why the application is trying to reach docker.com instead of your custom registry.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question kind cluster - how to see docker-images that are loaded? How to copy Docker images from Docker to Nexus Docker Static Analysis With Clair? can't pull docker images from nexus proxy Delete docker images from nexus registry using api List docker images in Nexus repository from a remote machine Gitlab CI: pull Docker images from Private Nexus nexus - hosting Nuget and docker images nexus 3 create docker with pre define configuration How to run versioned images of docker with nexus?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM