265d96bed1
Fixed Patchset 4 comments Fixed Patchset 3 comments and added additional updates Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Change-Id: I7482afc3a90bbdc94b6ecd8b6ac39d831b8a45db Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2.3 KiB
Local Docker Registry Authentication and Authorization
Authentication is enabled for the local Docker registry. When logging in, users are authenticated using their platform keystone credentials.
For example:
$ docker login registry.local:9001 -u <keystoneUserName> -p <keystonePassword>An authorized administrator ('admin' and 'sysinv') can perform any Docker action. Regular users can only interact with their own repositories (i.e. registry.local:9001/<keystoneUserName>/). Any authenticated user can pull from the following list of public images:
The mtce user can only pull public images, but cannot push any images.
For example, only admin and testuser accounts can push to or pull from registry.local:9001/testuser/busybox:latest
Username and Docker compatibility
Repository names in Docker registry paths must be lower case. For this reason, a keystone user must exist that consists of all lower case characters. For example, the user testuser is correct in the following URL, while testUser would result in an error:
registry.local:9001/testuser/busybox:latest
Note
Use of the auto-generated self-signed certificate for the registry certificate is not recommended. If you must do so, then from the central cloud/systemController, access to the local registry can only be done using registry.local:9001. registry.central:9001 will be inaccessible. Installing a -signed certificate for the registry and the certificate of the as an 'ssl_ca' certificate will remove this restriction.
For more information about Docker commands, see https://docs.docker.com/engine/reference/commandline/docker/.