lboka/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/swr/umn/swr_01_1000.html
Dong, Qiu Jian 38e4c01e6c SWR UMN: Permission description is added 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-06-18 06:49:13 +00:00

8.2 KiB
Raw Blame History

Obtaining a Long-Term Valid Login Command

Scenario

This section describes how to obtain a login command that is valid for a year.

For security purposes, it is advised to obtain the login command in the development environment.

Process

You can obtain a long-term valid login command as the following process:

Figure 1 Process

Procedure

  1. Obtain the programmatic access permission. (If the current user has the permission, skip this step.)

    1. Log in to the management console as an administrator.
    2. Click in the upper left corner and select a region and a project.
    3. Click in the navigation pane on the left and choose Management & Governance > Identity and Access Management.
    4. Enter the name of the user to whom you want to grant the programmatic access permission in the search box on the Users page.
    5. Click the user to go to its details page.
    6. Click next to Access Type.
    7. Select Programmatic access. (You can select only programmatic access or both access types.)

  2. Obtain the region, project name, and image repository address.

    1. Log in to the management console, click your username in the upper right corner, and click My Credentials.
    2. On the Projects tab page, search for the project corresponding to the current region.
    3. Obtain the image repository address by referring to 1.b. The domain name at the end of the login command is the image repository address.

  3. Obtain an AK/SK.

    The access key ID (AK) and secret access key (SK) are a pair of access keys used together to authenticate users who wish to make API requests. The AK/AS pair provides functions similar to a password. If you already have an AK/SK, skip this step.

    1. Log in to the management console, click your username in the upper right corner, and click My Credentials.
    2. On the Access Keys tab page, click Add Access Key.
    3. Enter the login password and verification code sent to your mailbox or mobile phone.
    4. Download the access key, which includes the AK and SK.

      Keep the access key secure and do not disclose it to any unauthorized personnel.

  4. Log in to a Linux PC and run the following command to obtain the login key:

    printf "$AK" | openssl dgst -binary -sha256 -hmac "$SK" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'

    In the command, $AK and $SK indicate the AK and SK obtained in 3 respectively.

    Figure 2 Sample command output

  5. Put the information you obtained in the following format to generate a long-term valid login command:

    docker login -u [Regional project name]@[AK] -p [Login key] [Image repository address]

    In the command, the regional project name and image repository address are obtained in 2, the AK in 3, and the login key in 4.

    The login key is encrypted and cannot be decrypted. Therefore, other users cannot obtain the SK from -p.

    The login command can be used on other devices.

  6. Run the history -c command to clear the operation records.
Parent topic: Image Management