Реестр артефактов: запрещенная ошибка

Мы пытаемся настроить Artifactory в нашей корпоративной настройке (в миксе есть прокси-сервер). Nginx, Artifactory и PostgreSQL работают в контейнерах (раскручиваются на примере составления докера JFrog).

Но я не могу успешно войти в докер с помощью команды cli (docker login). Я получаю следующую ошибку:

Error response from daemon: Get https://docker.artifactory/v2/: Forbidden

Это мой файл /etc/hosts:

xx.xx.x.xxx docker-local.artifactory docker-remote.artifactory bintray-docker-remote.artifactory docker-virtual.artifactory docker.artifactory artifactory

Это файл artifactory.conf:

###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################

## server configuration
server {

    listen 80 ;
    server_name ~(?<repo>.+)\.artifactory artifactory;

    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/artifactory-access.log timing;
    ## error_log /var/log/nginx/artifactory-error.log;
    rewrite ^/$ /artifactory/webapp/ redirect;
    rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
    rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
    chunked_transfer_encoding on;
    client_max_body_size 0;
    location /artifactory/ {
    proxy_read_timeout  900;
    proxy_pass_header   Server;
    proxy_cookie_path   ~*^/.* /;
    if ( $request_uri ~ ^/artifactory/(.*)$ ) {
        proxy_pass          http://xx.xx.x.xxx:8081/artifactory/$1;
    }
    proxy_pass          http://xx.xx.x.xxx:8081/artifactory/;
    proxy_set_header    X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
}

Другая полезная информация:

информация о докере

[root@jprdevops1 source]# docker info
Containers: 42
 Running: 29
 Paused: 0
 Stopped: 13
Images: 28
Server Version: 17.06.2-ee-10
Storage Driver: devicemapper
 Pool Name: docker-253:0-201376616-pool
 Pool Blocksize: 65.54kB
 Base Device Size: 10.74GB
 Backing Filesystem: xfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 4.668GB
 Data Space Total: 107.4GB
 Data Space Available: 54.84GB
 Metadata Space Used: 8.266MB
 Metadata Space Total: 2.147GB
 Metadata Space Available: 2.139GB
 Thin Pool Minimum Free Space: 10.74GB
 Udev Sync Supported: true
 Deferred Removal Enabled: true
 Deferred Deletion Enabled: true
 Deferred Deleted Device Count: 0
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.146-RHEL7 (2018-01-22)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
 NodeID: 73zg9m9we01buq3gvkf3zwh9t
 Is Manager: true
 ClusterID: ybotbith447qdwu5fjvkitb0a
 Managers: 1
 Nodes: 3
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 10
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
  Force Rotate: 0
  External CAs:
    cfssl: https://xx.xx.x.xxx:12381/api/v1/cfssl/sign
 Root Rotation In Progress: false
 Node Address: xx.xx.x.xxx
 Manager Addresses:
  xx.xx.x.xxx:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 6e23458c129b551d5c9871e5174f6b1b7f6d1170
runc version: 462c82662200a17ee39e74692f536067a3576a50
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-693.21.1.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.4 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.51GiB
Name: jprdevops1
ID: CQEY:6LPH:YT2U:EHNG:KDSZ:QH7L:2EOM:2HYH:JF4P:HPNB:4CF3:FCDU
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Http Proxy: http://xx.xx.xx.xx:80/
Https Proxy: https://xx.xx.xx.xx:80/
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use.
         Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.

версия докера:

Client: Docker Enterprise Edition (EE) 2.0
 Version:       17.06.2-ee-10
 API version:   1.30
 Go version:    go1.8.7
 Git commit:    66261a0
 Built: Fri Apr 27 00:38:41 2018
 OS/Arch:       linux/amd64

Server: Docker Enterprise Edition (EE) 2.0
 Engine:
  Version:      17.06.2-ee-10
  API version:  1.30 (minimum version 1.12)
  Go version:   go1.8.7
  Git commit:   66261a0
  Built:        Fri Apr 27 00:40:03 2018
  OS/Arch:      linux/amd64
  Experimental: false

Что я пробовал?

•   Docker proxies are configured correctly in docker.service.d dir (as per documentation procedure)

•   Proxy information is also set in Artifactory (Admin -> Configuration -> Proxies)

•   Added Google's public dns server details in /etc/resolv.conf

•   Restarted the docker daemon

•   Added self signed cert to /etc/pki and updated ca certs.

Я действительно измотан и зашел в тупик. Нужно руководство по успешному входу в докер с помощью CLI.

С уважением

Адитья

0 ответов

Другие вопросы по тегам