Я успешно использую свой собственный реестр. В качестве базы используется официальное изображение docker registry. Для аутентификации я использую docker_auth . Я храню ACL и логины в MongoDB. Это прекрасно работает, но я хочу использовать TLS между docker_auth и mongodb.
Но теперь docker_auth терпит неудачу.
docker_auth log:
docker_auth_1_14457fe1be84 | F0508 08:12:36.117584 1 main.go:49] Failed to create auth server: no reachable servers
docker-registry_docker_auth_1_14457fe1be84 exited with code 1
mongo журнал:
[...]
db_1_653e79e3c33a | 2019-05-08T09:03:27.780+0000 I CONTROL [initandlisten] options: { net: { bindIpAll: true, ssl: { CAFile: "/etc/mongo/ca.pem", PEMKeyFile: "/etc/mongo/Docker_Registry.pem", mode: "requireSSL" } }, security: { authorization: "enabled" } }
[...]
db_1_653e79e3c33a | 2019-05-08T09:09:08.576+0000 I NETWORK [listener] connection accepted from 172.24.0.4:34224 #52 (1 connection now open)
db_1_653e79e3c33a | 2019-05-08T09:09:08.578+0000 I NETWORK [conn52] end connection 172.24.0.4:34224 (0 connections now open)
db_1_653e79e3c33a | 2019-05-08T09:09:09.078+0000 I NETWORK [listener] connection accepted from 172.24.0.4:34226 #53 (1 connection now open)
db_1_653e79e3c33a | 2019-05-08T09:09:09.079+0000 I NETWORK [conn53] end connection 172.24.0.4:34226 (0 connections now open)
db_1_653e79e3c33a | 2019-05-08T09:09:09.580+0000 I NETWORK [listener] connection accepted from 172.24.0.4:34228 #54 (1 connection now open)
# Before docker_auth fails:
db_1_653e79e3c33a | 2019-05-08T09:09:09.581+0000 I NETWORK [conn54] end connection 172.24.0.4:34228 (0 connections now open)
IP - это адрес контейнера docker_auth.
Моя конфигурация:
auth_config.yml (конфигурация для docker_auth):
server:
addr: ":5001"
certificate: "/certs/Docker_Registry.pem"
key: "/certs/Docker_Registry.key"
token:
issuer: "me"
expiration: 900
mongo_auth:
dial_info:
addrs: ["db"]
timeout: "10s"
database: "docker_auth"
username: "auth_helper"
password_file: "/config/mongo_pw"
# Enable TLS connection to MongoDB (only enable this if your server supports it)
enable_tls: true
collection: "users"
acl_mongo:
dial_info:
addrs: ["db"]
timeout: "10s"
database: "docker_auth"
username: "auth_helper"
password_file: "/config/mongo_pw"
enable_tls: true
collection: "acl"
cache_ttl: "2m"
докер-compose.yml:
version: "3.7"
services:
registry:
image: registry:2.6
[...]
docker_auth:
image: cesanta/docker_auth:1.3.1
restart: always
ports:
- "5001:5001"
volumes:
- ${PWD}/docker_auth:/config:ro
- ${PWD}/certs:/certs:ro
db:
image: mongo
restart: always
ports:
- "27017:27017"
volumes:
- ${PWD}/mongodb/entrypoint/:/docker-entrypoint-initdb.d/:ro
- /data/mongodb:/data/db
- ${PWD}/certs/Docker_Registry.cert_and_key.pem:/etc/mongo/Docker_Registry.pem:ro
- ${PWD}/certs/ca.pem:/etc/mongo/ca.pem:ro
environment:
- MONGO_INITDB_ROOT_USERNAME=myUser
- MONGO_INITDB_ROOT_PASSWORD=myPassword
command: --sslMode requireSSL --sslPEMKeyFile /etc/mongo/Docker_Registry.pem --sslCAFile /etc/mongo/ca.pem
Я пробовал без опции --sslCAFile: тот же результат
У вас были какие-либо предложения?