10f84f422e
Fixed Patchset 4 comments
Fixed Patchset 3 comments and added additional updates
Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
Change-Id: I7482afc3a90bbdc94b6ecd8b6ac39d831b8a45db
Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
(cherry picked from commit 265d96bed1)
2.3 KiB
Local Docker Registry Authentication and Authorization
Authentication is enabled for the local Docker registry. When logging in, users are authenticated using their platform keystone credentials.
For example:
$ docker login registry.local:9001 -u <keystoneUserName> -p <keystonePassword>An authorized administrator ('admin' and 'sysinv') can perform any Docker action. Regular users can only interact with their own repositories (i.e. registry.local:9001/<keystoneUserName>/). Any authenticated user can pull from the following list of public images:
The mtce user can only pull public images, but cannot push any images.
For example, only admin and testuser accounts can push to or pull from registry.local:9001/testuser/busybox:latest
Username and Docker compatibility
Repository names in Docker registry paths must be lower case. For this reason, a keystone user must exist that consists of all lower case characters. For example, the user testuser is correct in the following URL, while testUser would result in an error:
registry.local:9001/testuser/busybox:latest
Note
Use of the auto-generated self-signed certificate for the registry certificate is not recommended. If you must do so, then from the central cloud/systemController, access to the local registry can only be done using registry.local:9001. registry.central:9001 will be inaccessible. Installing a -signed certificate for the registry and the certificate of the as an 'ssl_ca' certificate will remove this restriction.
For more information about Docker commands, see https://docs.docker.com/engine/reference/commandline/docker/.