alex/proxmox-ha-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
proxmox-ha-setup/scripts/setup-registry-client.sh
alex a4b7d3c738 build image
2025-11-29 19:51:15 +01:00

166 lines
5.6 KiB
Bash
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# setup-registry-client.sh
# Script per configurare un client Docker per accedere a un registry con certificato self-signed
set -e
REGISTRY_IP=${1:-"192.168.1.204"}
REGISTRY_PORT=${2:-5000}
CERT_SOURCE=${3}
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
print_success() { echo -e "${GREEN}$1${NC}"; }
print_error() { echo -e "${RED}$1${NC}"; }
print_info() { echo -e "${BLUE} $1${NC}"; }
print_warning() { echo -e "${YELLOW}$1${NC}"; }
if [ "$#" -lt 1 ]; then
echo "Uso: $0 <registry_ip> [port] [cert_file]"
echo ""
echo "Parametri:"
echo " registry_ip - IP del registry (es: 192.168.1.204)"
echo " port - Porta del registry (default: 5000)"
echo " cert_file - File certificato (opzionale, verrà scaricato se non specificato)"
echo ""
echo "Esempi:"
echo " $0 192.168.1.204"
echo " $0 192.168.1.204 5000"
echo " $0 192.168.1.204 5000 /path/to/domain.crt"
exit 1
fi
REGISTRY_URL="$REGISTRY_IP:$REGISTRY_PORT"
DOCKER_CERTS_DIR="/etc/docker/certs.d/$REGISTRY_URL"
print_info "Configurazione client Docker per registry: $REGISTRY_URL"
echo ""
# Verifica se Docker è installato
if ! command -v docker &> /dev/null; then
print_error "Docker non trovato. Installalo prima di continuare."
exit 1
fi
# Crea directory per i certificati Docker
print_info "Creazione directory certificati Docker..."
sudo mkdir -p "$DOCKER_CERTS_DIR"
print_success "Directory creata: $DOCKER_CERTS_DIR"
# Scarica o copia il certificato
if [ -z "$CERT_SOURCE" ]; then
print_info "Scaricamento certificato dal registry..."
# Tenta di scaricare il certificato usando openssl
if timeout 5 openssl s_client -showcerts -connect "$REGISTRY_URL" </dev/null 2>/dev/null | \
openssl x509 -outform PEM > /tmp/registry-cert.pem 2>/dev/null; then
sudo mv /tmp/registry-cert.pem "$DOCKER_CERTS_DIR/ca.crt"
print_success "Certificato scaricato con successo"
else
print_error "Impossibile scaricare il certificato automaticamente"
print_warning "Opzioni:"
print_info " 1. Copia manualmente il certificato dal registry:"
print_info " scp root@$REGISTRY_IP:/opt/docker-registry/certs/domain.crt /tmp/registry.crt"
print_info " sudo cp /tmp/registry.crt $DOCKER_CERTS_DIR/ca.crt"
print_info ""
print_info " 2. Riavvia questo script specificando il file certificato:"
print_info " $0 $REGISTRY_IP $REGISTRY_PORT /path/to/cert.crt"
exit 1
fi
else
if [ ! -f "$CERT_SOURCE" ]; then
print_error "File certificato non trovato: $CERT_SOURCE"
exit 1
fi
print_info "Copia certificato da: $CERT_SOURCE"
sudo cp "$CERT_SOURCE" "$DOCKER_CERTS_DIR/ca.crt"
print_success "Certificato copiato"
fi
# Verifica permessi
sudo chmod 644 "$DOCKER_CERTS_DIR/ca.crt"
# Verifica certificato
print_info "Verifica certificato installato..."
if sudo openssl x509 -in "$DOCKER_CERTS_DIR/ca.crt" -text -noout > /dev/null 2>&1; then
print_success "Certificato valido"
print_info "Dettagli certificato:"
sudo openssl x509 -in "$DOCKER_CERTS_DIR/ca.crt" -noout -subject -issuer -dates
# Mostra SANs se presenti
if sudo openssl x509 -in "$DOCKER_CERTS_DIR/ca.crt" -text -noout | grep -q "Subject Alternative Name"; then
print_info "Subject Alternative Names:"
sudo openssl x509 -in "$DOCKER_CERTS_DIR/ca.crt" -text -noout | grep -A 3 "Subject Alternative Name"
else
print_warning "Certificato non ha Subject Alternative Names (SANs)"
print_warning "Considera di rigenerare il certificato con: ./scripts/generate-registry-cert.sh"
fi
else
print_error "Certificato non valido"
exit 1
fi
# Riavvia Docker
print_info "Riavvio Docker daemon..."
sudo systemctl restart docker
sleep 3
if sudo systemctl is-active --quiet docker; then
print_success "Docker riavviato con successo"
else
print_error "Errore nel riavvio di Docker"
exit 1
fi
# Test connessione al registry
echo ""
print_info "Test connessione al registry..."
# Test HTTPS
if timeout 5 openssl s_client -connect "$REGISTRY_URL" -CAfile "$DOCKER_CERTS_DIR/ca.crt" </dev/null 2>&1 | grep -q "Verify return code: 0"; then
print_success "Connessione HTTPS con verifica certificato: OK"
elif timeout 5 openssl s_client -connect "$REGISTRY_URL" </dev/null 2>&1 | grep -q "CONNECTED"; then
print_warning "Connessione HTTPS: OK ma verifica certificato fallita"
print_info "Il certificato potrebbe essere self-signed o avere SANs non corretti"
else
print_error "Impossibile connettersi al registry"
fi
# Test Docker login
echo ""
print_info "Per testare Docker con il registry, esegui:"
echo " docker pull $REGISTRY_URL/orchestrator-app:latest"
echo ""
print_info "Se il registry richiede autenticazione:"
echo " docker login $REGISTRY_URL"
echo ""
# Opzionale: installa anche nel sistema
read -p "Vuoi installare il certificato anche nel sistema per curl/wget? (y/N) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
print_info "Installazione certificato nel sistema..."
sudo cp "$DOCKER_CERTS_DIR/ca.crt" /usr/local/share/ca-certificates/registry-$REGISTRY_IP.crt
sudo update-ca-certificates
print_success "Certificato installato nel sistema"
# Test con curl
if curl -I "https://$REGISTRY_URL/v2/" 2>&1 | grep -q "200 OK"; then
print_success "Test curl: OK"
else
print_warning "Test curl fallito (normale se registry richiede autenticazione)"
fi
fi
echo ""
print_success "Setup client completato!"
print_info "Il Docker daemon ora può accedere a: $REGISTRY_URL"
Reference in New Issue View Git Blame Copy Permalink