Реестр артефактов: запрещенная ошибка
Мы пытаемся настроить Artifactory в нашей корпоративной настройке (в миксе есть прокси-сервер). Nginx, Artifactory и PostgreSQL работают в контейнерах (раскручиваются на примере составления докера JFrog).
Но я не могу успешно войти в докер с помощью команды cli (docker login
). Я получаю следующую ошибку:
Error response from daemon: Get https://docker.artifactory/v2/: Forbidden
Это мой файл /etc/hosts:
xx.xx.x.xxx docker-local.artifactory docker-remote.artifactory bintray-docker-remote.artifactory docker-virtual.artifactory docker.artifactory artifactory
Это файл artifactory.conf:
###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################
## server configuration
server {
listen 80 ;
server_name ~(?<repo>.+)\.artifactory artifactory;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/artifactory-access.log timing;
## error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
chunked_transfer_encoding on;
client_max_body_size 0;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
if ( $request_uri ~ ^/artifactory/(.*)$ ) {
proxy_pass http://xx.xx.x.xxx:8081/artifactory/$1;
}
proxy_pass http://xx.xx.x.xxx:8081/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Другая полезная информация:
информация о докере
[root@jprdevops1 source]# docker info
Containers: 42
Running: 29
Paused: 0
Stopped: 13
Images: 28
Server Version: 17.06.2-ee-10
Storage Driver: devicemapper
Pool Name: docker-253:0-201376616-pool
Pool Blocksize: 65.54kB
Base Device Size: 10.74GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 4.668GB
Data Space Total: 107.4GB
Data Space Available: 54.84GB
Metadata Space Used: 8.266MB
Metadata Space Total: 2.147GB
Metadata Space Available: 2.139GB
Thin Pool Minimum Free Space: 10.74GB
Udev Sync Supported: true
Deferred Removal Enabled: true
Deferred Deletion Enabled: true
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.146-RHEL7 (2018-01-22)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: 73zg9m9we01buq3gvkf3zwh9t
Is Manager: true
ClusterID: ybotbith447qdwu5fjvkitb0a
Managers: 1
Nodes: 3
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
External CAs:
cfssl: https://xx.xx.x.xxx:12381/api/v1/cfssl/sign
Root Rotation In Progress: false
Node Address: xx.xx.x.xxx
Manager Addresses:
xx.xx.x.xxx:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 6e23458c129b551d5c9871e5174f6b1b7f6d1170
runc version: 462c82662200a17ee39e74692f536067a3576a50
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-693.21.1.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.4 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.51GiB
Name: jprdevops1
ID: CQEY:6LPH:YT2U:EHNG:KDSZ:QH7L:2EOM:2HYH:JF4P:HPNB:4CF3:FCDU
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Http Proxy: http://xx.xx.xx.xx:80/
Https Proxy: https://xx.xx.xx.xx:80/
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use.
Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
версия докера:
Client: Docker Enterprise Edition (EE) 2.0
Version: 17.06.2-ee-10
API version: 1.30
Go version: go1.8.7
Git commit: 66261a0
Built: Fri Apr 27 00:38:41 2018
OS/Arch: linux/amd64
Server: Docker Enterprise Edition (EE) 2.0
Engine:
Version: 17.06.2-ee-10
API version: 1.30 (minimum version 1.12)
Go version: go1.8.7
Git commit: 66261a0
Built: Fri Apr 27 00:40:03 2018
OS/Arch: linux/amd64
Experimental: false
Что я пробовал?
• Docker proxies are configured correctly in docker.service.d dir (as per documentation procedure)
• Proxy information is also set in Artifactory (Admin -> Configuration -> Proxies)
• Added Google's public dns server details in /etc/resolv.conf
• Restarted the docker daemon
• Added self signed cert to /etc/pki and updated ca certs.
Я действительно измотан и зашел в тупик. Нужно руководство по успешному входу в докер с помощью CLI.
С уважением
Адитья