Portus is an authoritzation server and a user interface for the next generation of the Docker registry.
Portus supports the concept of users and teams. Users have their own personal Docker namespace where they have both read (aka
docker pull) and write (aka
docker push) access. A team is a group of users that have read and write access to a certain namespace. You can read more about this in
documentation page about it.
By the way, to set up the Portus environment, we use a Ansible playbook to automatize the build.
Ansible is a radically simple IT automation system. It handles configuration-management, application deployment, cloud provisioning, ad-hoc task-execution, and multinode orchestration - including trivializing things like zero downtime rolling updates with load balancers.(see more in https://github.com/ansible/ansible). Pull any official repository of Ansible from Docker hub, such as:
So, to run Portus Builder is necessary execute the following instructions.
Tested hosts with Debian 8 or Ubuntu 14.04.
## Installing docker on your host
To install the Docker quickly, run:
sudo curl -sSL https://get.docker.com/ | sh
Get Portus-Builder image from docker hub.
To get a image of Portus-Build you need to create a account in Docker hub (https://hub.docker.com/). After that, on your host:
<put your dockerhub credentials>
Get the image reference.
docker pull popes/portus-builder
Run the image
sudo docker run -it popes/portus-builder bash [root@commit ansible]#
Configure and Run Portus-Builder
Edit file myhosts and set a IP and PORT/SSH of the host that will run Portus. This IP and SSH port need to be configured before in the Host (out of Ansible container). Ex:
[portus] 126.96.36.199 ansible_user=root ansible_port=22
The playbook needs to ssh authentication in host tha will receive Portus (out of container). So, we need generate a new ssh keys. The IP is the address that will be used in Portus Host. (usually eth0).
Inside the container, run
Copy the id_rsa.pub key to /root/.ssh/authorized_keys of host.
Configure vars to setup LDAP and SSL HTTP Certificate.
Before execute the Ansible playbook, it's necessary to adjust variables in /var/vars.yml. After that, execute Ansible playbook. Set yout domain, IPs, certificate files, etc.
domain: "portus-exemple.example.com" portus_ip: "188.8.131.52" \#put cetificates in ./file/ssl to https in Portus Host. crt_file: pop-zy.crt key_file: pop-zy.key gs_root_file: gs_root.pem intermediate_file: intermediate.pem \#authorized subnets to access portus in ipv4 and ipv6(opcional) access_v4: 184.108.40.206/24 access_v6: 2001:2001:6c0::/64 \##ldap conf ldap_hostname: ldap1.pop-zy.example.com ldap_port: <ldapport> \# Available options: "plain", "simple_tls" and "starttls". The default is \# # "plain", the recommended is "starttls". ldap_method: simple_tls ldap_base: "dc=pop-zy,dc=example,dc=com" \# The LDAP attribute where to search for username. The default is 'uid'. ldap_uid: uid ldap_bind_dn: "uid=agent,ou=People,dc=pop-zy,dc=example,dc=com" ldap_password: "password"
After ajusts vars file, run the playbook.
To ssl certificates, is necessary copy crt_file and key_file to ./files/ssl. If you will generate your self-signed certificate, do it and move the file to this folder. (ref.: http://www.akadia.com/services/ssh_test_certificate.html)
If the user in myhosts need sudo, run
ansible-playbook tasks/main.yml --ask-sudo-pass
To check if everthings gone right, access
If you correctly access, and authenticaded, you can delete this ansible container in the host.
docker rm -f popes/portus-builder
Otherwise, post your comment bellow.