亚洲国产日韩欧美一区二区三区,精品亚洲国产成人av在线,国产99视频精品免视看7,99国产精品久久久久久久成人热,欧美日韩亚洲国产综合乱

目錄 搜尋
Compose About versions and upgrading (Compose) ASP.NET Core + SQL Server on Linux (Compose) CLI environment variables (Compose) Command-line completion (Compose) Compose(組成) Compose command-line reference(組合命令行參考) Control startup order (Compose) Django and PostgreSQL (Compose) Docker stacks and distributed application bundles (Compose) docker-compose build(docker-compose構(gòu)建) docker-compose bundle docker-compose config docker-compose create docker-compose down docker-compose events docker-compose exec docker-compose help docker-compose images docker-compose kill docker-compose logs docker-compose pause docker-compose port docker-compose ps docker-compose pull docker-compose push docker-compose restart docker-compose rm docker-compose run docker-compose scale docker-compose start docker-compose stop docker-compose top docker-compose unpause docker-compose up Environment file (Compose) Environment variables in Compose Extend services in Compose Frequently asked questions (Compose) Getting started (Compose) Install Compose Link environment variables (deprecated) (Compose) Networking in Compose Overview of Docker Compose Overview of docker-compose CLI Quickstart: Compose and WordPress Rails and PostgreSQL (Compose) Sample apps with Compose Using Compose in production Using Compose with Swarm Engine .NET Core application (Engine) About images, containers, and storage drivers (Engine) Add nodes to the swarm (Engine) Apply custom metadata (Engine) Apply rolling updates (Engine) apt-cacher-ng Best practices for writing Dockerfiles (Engine) Binaries (Engine) Bind container ports to the host (Engine) Breaking changes (Engine) Build your own bridge (Engine) Configure container DNS (Engine) Configure container DNS in user-defined networks (Engine) CouchDB (Engine) Create a base image (Engine) Create a swarm (Engine) Customize the docker0 bridge (Engine) Debian (Engine) Default bridge network Delete the service (Engine) Deploy a service (Engine) Deploy services to a swarm (Engine) Deprecated Engine features Docker container networking (Engine) Docker overview (Engine) Docker run reference (Engine) Dockerfile reference (Engine) Dockerize an application Drain a node (Engine) Engine FAQ (Engine) Fedora (Engine) Get started (Engine) Get started with macvlan network driver (Engine) Get started with multi-host networking (Engine) How nodes work (Engine) How services work (Engine) Image management (Engine) Inspect the service (Engine) Install Docker (Engine) IPv6 with Docker (Engine) Join nodes to a swarm (Engine) Legacy container links (Engine) Lock your swarm (Engine) Manage nodes in a swarm (Engine) Manage sensitive data with Docker secrets (Engine) Manage swarm security with PKI (Engine) Manage swarm service networks (Engine) Migrate to Engine 1.10 Optional Linux post-installation steps (Engine) Overview (Engine) PostgreSQL (Engine) Raft consensus in swarm mode (Engine) Riak (Engine) Run Docker Engine in swarm mode Scale the service (Engine) SDKs (Engine) Select a storage driver (Engine) Set up for the tutorial (Engine) SSHd (Engine) Storage driver overview (Engine) Store service configuration data (Engine) Swarm administration guide (Engine) Swarm mode key concepts (Engine) Swarm mode overlay network security model (Engine) Swarm mode overview (Engine) Understand container communication (Engine) Use multi-stage builds (Engine) Use swarm mode routing mesh (Engine) Use the AUFS storage driver (Engine) Use the Btrfs storage driver (Engine) Use the Device mapper storage driver (Engine) Use the OverlayFS storage driver (Engine) Use the VFS storage driver (Engine) Use the ZFS storage driver (Engine) Engine: Admin Guide Amazon CloudWatch logs logging driver (Engine) Bind mounts (Engine) Collect Docker metrics with Prometheus (Engine) Configuring and running Docker (Engine) Configuring logging drivers (Engine) Control and configure Docker with systemd (Engine) ETW logging driver (Engine) Fluentd logging driver (Engine) Format command and log output (Engine) Google Cloud logging driver (Engine) Graylog Extended Format (GELF) logging driver (Engine) Journald logging driver (Engine) JSON File logging driver (Engine) Keep containers alive during daemon downtime (Engine) Limit a container's resources (Engine) Link via an ambassador container (Engine) Log tags for logging driver (Engine) Logentries logging driver (Engine) PowerShell DSC usage (Engine) Prune unused Docker objects (Engine) Run multiple services in a container (Engine) Runtime metrics (Engine) Splunk logging driver (Engine) Start containers automatically (Engine) Storage overview (Engine) Syslog logging driver (Engine) tmpfs mounts Troubleshoot volume problems (Engine) Use a logging driver plugin (Engine) Using Ansible (Engine) Using Chef (Engine) Using Puppet (Engine) View a container's logs (Engine) Volumes (Engine) Engine: CLI Daemon CLI reference (dockerd) (Engine) docker docker attach docker build docker checkpoint docker checkpoint create docker checkpoint ls docker checkpoint rm docker commit docker config docker config create docker config inspect docker config ls docker config rm docker container docker container attach docker container commit docker container cp docker container create docker container diff docker container exec docker container export docker container inspect docker container kill docker container logs docker container ls docker container pause docker container port docker container prune docker container rename docker container restart docker container rm docker container run docker container start docker container stats docker container stop docker container top docker container unpause docker container update docker container wait docker cp docker create docker deploy docker diff docker events docker exec docker export docker history docker image docker image build docker image history docker image import docker image inspect docker image load docker image ls docker image prune docker image pull docker image push docker image rm docker image save docker image tag docker images docker import docker info docker inspect docker kill docker load docker login docker logout docker logs docker network docker network connect docker network create docker network disconnect docker network inspect docker network ls docker network prune docker network rm docker node docker node demote docker node inspect docker node ls docker node promote docker node ps docker node rm docker node update docker pause docker plugin docker plugin create docker plugin disable docker plugin enable docker plugin inspect docker plugin install docker plugin ls docker plugin push docker plugin rm docker plugin set docker plugin upgrade docker port docker ps docker pull docker push docker rename docker restart docker rm docker rmi docker run docker save docker search docker secret docker secret create docker secret inspect docker secret ls docker secret rm docker service docker service create docker service inspect docker service logs docker service ls docker service ps docker service rm docker service scale docker service update docker stack docker stack deploy docker stack ls docker stack ps docker stack rm docker stack services docker start docker stats docker stop docker swarm docker swarm ca docker swarm init docker swarm join docker swarm join-token docker swarm leave docker swarm unlock docker swarm unlock-key docker swarm update docker system docker system df docker system events docker system info docker system prune docker tag docker top docker unpause docker update docker version docker volume docker volume create docker volume inspect docker volume ls docker volume prune docker volume rm docker wait Use the Docker command line (Engine) Engine: Extend Access authorization plugin (Engine) Docker log driver plugins Docker network driver plugins (Engine) Extending Engine with plugins Managed plugin system (Engine) Plugin configuration (Engine) Plugins API (Engine) Volume plugins (Engine) Engine: Security AppArmor security profiles for Docker (Engine) Automation with content trust (Engine) Content trust in Docker (Engine) Delegations for content trust (Engine) Deploying Notary (Engine) Docker security (Engine) Docker security non-events (Engine) Isolate containers with a user namespace (Engine) Manage keys for content trust (Engine) Play in a content trust sandbox (Engine) Protect the Docker daemon socket (Engine) Seccomp security profiles for Docker (Engine) Secure Engine Use trusted images Using certificates for repository client verification (Engine) Engine: Tutorials Engine tutorials Network containers (Engine) Get Started Part 1: Orientation Part 2: Containers Part 3: Services Part 4: Swarms Part 5: Stacks Part 6: Deploy your app Machine Amazon Web Services (Machine) Digital Ocean (Machine) docker-machine active docker-machine config docker-machine create docker-machine env docker-machine help docker-machine inspect docker-machine ip docker-machine kill docker-machine ls docker-machine provision docker-machine regenerate-certs docker-machine restart docker-machine rm docker-machine scp docker-machine ssh docker-machine start docker-machine status docker-machine stop docker-machine upgrade docker-machine url Driver options and operating system defaults (Machine) Drivers overview (Machine) Exoscale (Machine) Generic (Machine) Get started with a local VM (Machine) Google Compute Engine (Machine) IBM Softlayer (Machine) Install Machine Machine Machine CLI overview Machine command-line completion Machine concepts and help Machine overview Microsoft Azure (Machine) Microsoft Hyper-V (Machine) Migrate from Boot2Docker to Machine OpenStack (Machine) Oracle VirtualBox (Machine) Provision AWS EC2 instances (Machine) Provision Digital Ocean Droplets (Machine) Provision hosts in the cloud (Machine) Rackspace (Machine) VMware Fusion (Machine) VMware vCloud Air (Machine) VMware vSphere (Machine) Notary Client configuration (Notary) Common Server and signer configurations (Notary) Getting started with Notary Notary changelog Notary configuration files Running a Notary service Server configuration (Notary) Signer configuration (Notary) Understand the service architecture (Notary) Use the Notary client
文字

本文檔介紹公證人 CLI 的基本用法,作為支持 Docker  Content Trust的工具。對于更高級的使用情況,您必須運行自己的公證服務(wù),并且應(yīng)該讀取公證客戶端用于高級用戶文檔的用法。

什么是公證

公證是用于發(fā)布和管理可信集合內(nèi)容的工具。發(fā)布商可以對收藏進行數(shù)字簽名,消費者可以驗證內(nèi)容的完整性和來源。此功能基于簡單的密鑰管理和簽名界面來創(chuàng)建簽名集合并配置可信發(fā)布者。

通過公證,任何人都可以提供對任意數(shù)據(jù)集合的信任。使用更新框架(TUF)作為基礎(chǔ)安全框架,公證負(fù)責(zé)創(chuàng)建,管理和分發(fā)必要的操作,以確保內(nèi)容的完整性和新鮮度。

安裝公證

您可以從 GitHub 的 Notary 存儲庫版本頁面下載針對64位 Linux 或 macOS 的預(yù)編譯公證庫二進制文件。Windows 并未得到正式支持,但如果您是開發(fā)人員和 Windows 用戶,我們將非常感謝您就問題提供的任何見解。

了解公證名稱

公證處使用全球唯一名稱(GUN)來識別信托收藏。要使公證以多租戶方式運行,您必須在通過公證客戶端與 Docker Hub 交互時使用此格式。為公證客戶端指定 Docker 鏡像名稱時,GUN 格式為:

  • 對于官方圖像(可通過“官方存儲庫”名稱識別),Docker Hub 上顯示的圖像名稱,前綴為docker.io/library/。例如,如果你通常輸入docker pull ubuntu你必須輸入notary {cmd} docker.io/library/ubuntu。

  • 對于所有其他圖像,Docker Hub 上顯示的圖像名稱前綴為docker.io。

Docker Engine 客戶端為您處理這些名稱擴展,因此不要更改您在 Engine 客戶端或 API 中使用的名稱。只有通過公證客戶端與相同的 Docker Hub 存儲庫進行交互時,才需要這樣做。

檢查 Docker Hub 存儲庫

最基本的操作是將可用的簽名標(biāo)簽列入存儲庫。隔離使用的公證客戶端不知道信任存儲庫的位置。因此,您必須提供-s(或長格式--server)標(biāo)志來告訴客戶端應(yīng)該與哪個存儲庫服務(wù)器進行通信。

官方的Docker Hub公證服務(wù)器位于https://notary.docker.io。如果您想使用您自己的公證服務(wù)器,則必須使用與客戶端相同或更新的公證版本來實現(xiàn)功能兼容性(例如:客戶端版本0.2,服務(wù)器/簽署者版本> = 0.2)。此外,公證處還會將您自己的簽名密鑰和先前下載的信任元數(shù)據(jù)的緩存存儲在隨-d標(biāo)志一起提供的目錄中。與Docker Hub存儲庫進行交互時,您必須指示客戶端使用關(guān)聯(lián)的信任目錄,默認(rèn)情況下,該目錄.docker/trust位于調(diào)用用戶的主目錄內(nèi)(未能使用此目錄可能會在向您的信任數(shù)據(jù)發(fā)布更新時導(dǎo)致錯誤):

$ notary -s https://notary.docker.io -d ~/.docker/trust list docker.io/library/alpine
   NAME                                 DIGEST                                SIZE (BYTES)    ROLE------------------------------------------------------------------------------------------------------  2.6      e9cec9aec697d8b9d450edd32860ecd363f2f3174c8338beb5f809422d182c63   1374           targets  2.7      9f08005dff552038f0ad2f46b8e65ff3d25641747d3912e3ea8da6785046561a   1374           targets  3.1      e876b57b2444813cd474523b9c74aacacc238230b288a22bccece9caf2862197   1374           targets  3.2      4a8c62881c6237b4c1434125661cddf09434d37c6ef26bf26bfaef0b8c5e2f05   1374           targets  3.3      2d4f890b7eddb390285e3afea9be98a078c2acd2fb311da8c9048e3d1e4864d3   1374           targets
  edge     878c1b1d668830f01c2b1622ebf1656e32ce830850775d26a387b2f11f541239   1374           targets
  latest   24a36bbc059b1345b7e8be0df20f1b23caa3602e85d42fff7ecd9d0bd255de56   1377           targets

輸出顯示了可用標(biāo)記的名稱,與該標(biāo)記關(guān)聯(lián)的圖像清單的十六進制編碼的 sha256 摘要,清單的大小以及將此標(biāo)記簽署到存儲庫中的公證角色?!澳繕?biāo)”角色是簡單存儲庫中最常見的角色。當(dāng)存儲庫擁有(或期望)擁有協(xié)作者時,您可以根據(jù)管理員選擇如何組織他們的協(xié)作者的方式,將其他“委派”角色列為簽名者。

當(dāng)你運行一個docker pull命令時,Docker 引擎使用一個集成的公證庫(與公證人 CLI 相同)來請求將標(biāo)簽映射到你感興趣的一個標(biāo)簽的 sha256 摘要中(或者如果你通過--all標(biāo)志,客戶端會使用列表操作高效地檢索所有映射)。驗證了信任數(shù)據(jù)上的簽名后,客戶端將指示引擎執(zhí)行“按摘要拉取”。在此拉動過程中,引擎使用 sha256 校驗和作為內(nèi)容地址來請求并驗證 Docker 注冊表中的圖像清單。

刪除標(biāo)簽

公證人在其運行的主機上生成并存儲簽名密鑰。這意味著 Docker Hub 不能從信任數(shù)據(jù)中刪除標(biāo)簽,必須使用公證客戶端刪除它們。你可以用notary remove命令來做到這一點。同樣,您必須指示它與正確的公證服務(wù)器通話(注意,既不是您,也不是作者有權(quán)從官方的高山資料庫刪除標(biāo)簽,下面的輸出僅用于演示):

$ notary -s https://notary.docker.io -d ~/.docker/trust remove docker.io/library/alpine 2.6Removal of 2.6 from docker.io/library/alpine staged for next publish.

在前面的示例中,輸出消息指示僅刪除已分階段。執(zhí)行任何寫入操作時,它們被分段到一個更改列表中。該列表在下一次notary publish為該存儲庫運行時應(yīng)用于最新版本的信任存儲庫。

您可以通過運行notary status修改后的存儲庫來查看未完成的更改。該status子命令是脫機操作,因此,不需要-s標(biāo)志,但它將忽略的標(biāo)志,如果提供的。未能為-d標(biāo)志提供正確的值可能會顯示錯誤的(可能是空的)更改列表:

$ notary -d ~/.docker/trust status docker.io/library/alpine
Unpublished changes for docker.io/library/alpine:action    scope     type        path----------------------------------------------------delete    targets   target      2.6$ notary -s https://notary.docker.io publish docker.io/library/alpine

配置客戶端

冗長而繁瑣的是,總是必須手動為大多數(shù)命令提供-s-d標(biāo)志。創(chuàng)建預(yù)配置的 Notary 命令版本的簡單方法是通過別名。將以下內(nèi)容添加到您的.bashrc或同等設(shè)備:

alias dockernotary="notary -s https://notary.docker.io -d ~/.docker/trust"

更高級的配置方法和附加選項可以在配置文檔中找到并運行notary --help。

上一篇: 下一篇: