HBM TWIC is an open source project for managing Docker certificates to connect to the Docker daemon using TLS
Home Page: http://harbormaster.io/docs/twic/
License: GNU General Public License v3.0
Hi,
I have to setup docker. For that i have to setup "HBM,TSA,TWIC" for users authentication on docker commands. I have setup TSA server, Docker host, AD.
Docker host:-
packaged installed: docker-engine-1.12.6-1.el7.centos.x86_64,hbm-0.2.2-1.el7.centos.x86_64,twic-0.1.0-1.el7.centos.x86_64,
TSA server : -
[root@workernode2 ~]# tsa info
Certificate Authority:
Type: root
Expire: 2027-05-30
Country: INDIA
State: HR
Locality: Gurgoan
Organization: Example
Organizational Unit: IT department Certificate Authority
Common Name: IT department Root CA
E-mail: [email protected]
API:
FQDN: workernode2.example.com
Bind Address: 0.0.0.0
Bind Port: 443
Auth Type: ldap
Certificates: 1
Valid: 1
Expired: 0
Revoked: 0
Server Version: 0.1.1
Storage Driver: sqlite
Logging Driver: standard
TSA Root Dir: /var/lib/tsa
[root@workernode2 ~]# tsa auth ls
KEY VALUE
auth_type ldap
auth_host ad1.example.com
auth_port 3269
auth_tls true
auth_bind_username [email protected]
auth_attr_members memberOf
auth_bind_password secret
auth_search_base_user ou=containers,dc=example,dc=com
auth_search_filter (&(objectCategory=containers)(cn=%s))
auth_group_admin cn=dockeradmin,ou=containers,ou=admindocker,dc=example,dc=com
auth_group_user cn=docker1,ou=containers,ou=admindocker,dc=example,dc=com
Getting error while generation twic certificate. on client node as well as docker host, below are error message.
[docker1@workernode1 ~]$ twic cert add tsa1
TSA URL : https://workernode2.example.com
Username : admin (Admin user and credential)
Password : ******
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x6b076c]
goroutine 1 [running]:
github.com/kassisol/twic/vendor/github.com/juliengk/stack/client.(*Request).Do(0xc4201a17c0, 0xa24446, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/go/src/github.com/kassisol/twic/vendor/github.com/juliengk/stack/client/client.go:132 +0x74c
github.com/kassisol/twic/vendor/github.com/juliengk/stack/client.(*Request).Get(0xc4201a17c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/go/src/github.com/kassisol/twic/vendor/github.com/juliengk/stack/client/client.go:145 +0x95
github.com/kassisol/twic/vendor/github.com/kassisol/tsa/client.(*Config).GetDirectory(0xc4201ab180, 0x1f, 0xc4201ab180)
/go/src/github.com/kassisol/twic/vendor/github.com/kassisol/tsa/client/client.go:42 +0x106
github.com/kassisol/twic/cli/command/cert.runAdd(0xc420077200, 0xc42018f6d0, 0x1, 0x1)
/go/src/github.com/kassisol/twic/cli/command/cert/add.go:144 +0x60c
github.com/kassisol/twic/vendor/github.com/spf13/cobra.(*Command).execute(0xc420077200, 0xc42018f690, 0x1, 0x1, 0xc420077200, 0xc42018f690)
/go/src/github.com/kassisol/twic/vendor/github.com/spf13/cobra/command.go:648 +0x231
github.com/kassisol/twic/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc420076b40, 0xc420076b40, 0xc420076b40, 0xc420076b40)
/go/src/github.com/kassisol/twic/vendor/github.com/spf13/cobra/command.go:734 +0x339
github.com/kassisol/twic/vendor/github.com/spf13/cobra.(*Command).Execute(0xc420076b40, 0xc4200001a0, 0xc4200001a0)
/go/src/github.com/kassisol/twic/vendor/github.com/spf13/cobra/command.go:693 +0x2b
main.main()
/go/src/github.com/kassisol/twic/main.go:42 +0x2f
Please help me fix it. Thank you in advance
Hi, I'd like to ask you some questions. I want to use the command ''twic cert add -u -c -p '' to create a certificate. But I fail to create certificate under home/.twic/certs. There is nothing in the directory. And the monitor says that ''Certificate already exists and is valid''. When i use the command "twic cert ls", nothing in the monitor. I have no idea about it. Have you ever encountered this problem?
twic version
Version: 0.1.8
Git commit: 73e2c5e
Built: 2019-07-10 11:37:31 +0200 CEST
Go version: go1.8.3
OS/Arch: linux/amd64
Hi team,
I am getting below error while create twic engine.
[root@dockermanager ~]# twic engine create
Common Name (CN) : dockermanager.example.com
Alt Names : dockermanager,192.168.254.135,127.0.0.1
TSA URL : https://workernode2.example.com
Username : dockeradmin
Password : **********
FATA[0027] Authorization denied
TSA server
[root@workernode2 ~]# tsa auth ls
KEY VALUE
auth_type ldap
auth_host ad1.example.com
auth_port 3269
auth_tls true
auth_bind_username [email protected]
auth_bind_password Comnet@123
auth_search_filter (&(objectCategory=user)(cn=%s))
auth_attr_members memberOf
auth_search_base_user ou=containers,ou=admindocker,dc=example,dc=com
auth_group_admin cn=admindocker,ou=containers,dc=example,dc=com
auth_group_user cn=dockeradmin,ou=admindocker,dc=example,dc=com
Please help me to fix it.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
