michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0fa163276e4ee9c539347fed75b461e0433f45e1
michaelschiemer/scripts/test-registry-credentials.sh
Michael Schiemer 16d586ecdf chore: Update deployment configuration and documentation 
- Update Gitea configuration (remove DEFAULT_ACTIONS_URL)
- Fix deployment documentation
- Update Ansible playbooks
- Clean up deprecated files
- Add new deployment scripts and templates
2025-10-31 21:11:11 +01:00

329 lines
11 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
#
# Script zum Testen der Docker Registry Credentials
# Testet sowohl HTTP als auch HTTPS Zugriff auf die Registry
#
set -euo pipefail
# Farben für Output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Default-Werte
REGISTRY_USER="${REGISTRY_USER:-admin}"
REGISTRY_PASSWORD="${REGISTRY_PASSWORD:-}"
REGISTRY_DOMAIN="${REGISTRY_DOMAIN:-registry.michaelschiemer.de}"
REGISTRY_HOST="${REGISTRY_HOST:-94.16.110.151}"
REGISTRY_PORT="${REGISTRY_PORT:-5000}"
# Funktionen
print_header() {
echo ""
echo -e "${BLUE}════════════════════════════════════════════════════════════${NC}"
echo -e "${BLUE}$1${NC}"
echo -e "${BLUE}════════════════════════════════════════════════════════════${NC}"
echo ""
}
print_success() {
echo -e "${GREEN}$1${NC}"
}
print_error() {
echo -e "${RED}$1${NC}"
}
print_warning() {
echo -e "${YELLOW}⚠️ $1${NC}"
}
print_info() {
echo -e "${BLUE} $1${NC}"
}
# Prüfe ob Docker verfügbar ist
check_docker() {
if ! command -v docker >/dev/null 2>&1; then
print_error "Docker ist nicht installiert oder nicht im PATH"
exit 1
fi
if ! docker info >/dev/null 2>&1; then
print_error "Docker daemon läuft nicht oder keine Berechtigung"
exit 1
fi
print_success "Docker ist verfügbar"
}
# Prüfe ob curl verfügbar ist
check_curl() {
if ! command -v curl >/dev/null 2>&1; then
print_warning "curl ist nicht verfügbar, installiere..."
if command -v apk >/dev/null 2>&1; then
apk add --no-cache curl ca-certificates >/dev/null 2>&1
elif command -v apt-get >/dev/null 2>&1; then
apt-get update >/dev/null 2>&1 && apt-get install -y curl ca-certificates >/dev/null 2>&1
else
print_error "curl kann nicht automatisch installiert werden"
return 1
fi
fi
print_success "curl ist verfügbar"
}
# Teste HTTP-Zugriff auf Registry
test_http_connectivity() {
local test_url="$1"
print_info "Teste HTTP-Zugriff auf $test_url..."
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://${test_url}/v2/" 2>&1 || echo "000")
if [ "$HTTP_CODE" = "401" ]; then
print_success "Registry erreichbar über HTTP (Status: 401 - Auth erforderlich, das ist gut!)"
return 0
elif [ "$HTTP_CODE" = "200" ]; then
print_success "Registry erreichbar über HTTP (Status: 200 - keine Auth erforderlich)"
return 0
elif [ "$HTTP_CODE" = "000" ]; then
print_error "Registry nicht erreichbar über HTTP (curl Fehler)"
return 1
else
print_warning "Registry antwortet über HTTP (Status: $HTTP_CODE)"
return 1
fi
}
# Teste HTTPS-Zugriff auf Registry
test_https_connectivity() {
local test_url="$1"
print_info "Teste HTTPS-Zugriff auf $test_url..."
HTTPS_CODE=$(curl -k -s -o /dev/null -w "%{http_code}" "https://${test_url}/v2/" 2>&1 || echo "000")
if [ "$HTTPS_CODE" = "401" ]; then
print_success "Registry erreichbar über HTTPS (Status: 401 - Auth erforderlich, das ist gut!)"
return 0
elif [ "$HTTPS_CODE" = "200" ]; then
print_success "Registry erreichbar über HTTPS (Status: 200 - keine Auth erforderlich)"
return 0
elif [ "$HTTPS_CODE" = "404" ]; then
print_warning "Registry Route nicht gefunden über HTTPS (Status: 404)"
print_info "Möglicherweise ist Traefik-Routing nicht richtig konfiguriert"
return 1
elif [ "$HTTPS_CODE" = "000" ]; then
print_error "Registry nicht erreichbar über HTTPS (curl Fehler)"
return 1
else
print_warning "Registry antwortet über HTTPS (Status: $HTTPS_CODE)"
return 1
fi
}
# Teste Docker Login
test_docker_login() {
local registry_url="$1"
local use_http="${2:-false}"
print_info "Teste Docker Login bei $registry_url..."
if [ -z "$REGISTRY_PASSWORD" ]; then
print_error "REGISTRY_PASSWORD ist nicht gesetzt!"
print_info "Setze es mit: export REGISTRY_PASSWORD='dein-passwort'"
return 1
fi
# Docker Login versuchen
set +e
LOGIN_OUTPUT=$(echo "$REGISTRY_PASSWORD" | docker login "$registry_url" -u "$REGISTRY_USER" --password-stdin 2>&1)
LOGIN_EXIT_CODE=$?
set -e
if [ $LOGIN_EXIT_CODE -eq 0 ]; then
print_success "Docker Login erfolgreich!"
echo "$LOGIN_OUTPUT" | grep -i "Login Succeeded" || true
return 0
else
print_error "Docker Login fehlgeschlagen (Exit Code: $LOGIN_EXIT_CODE)"
if echo "$LOGIN_OUTPUT" | grep -qi "unauthorized\|401"; then
print_warning "Fehler: Unauthorized (401)"
print_info "Die Credentials sind falsch:"
print_info " - Username: $REGISTRY_USER"
print_info " - Password Länge: ${#REGISTRY_PASSWORD} Zeichen"
print_info ""
print_info "Mögliche Lösungen:"
print_info " 1. Prüfe REGISTRY_USER in Gitea Secrets (sollte 'admin' sein)"
print_info " 2. Prüfe REGISTRY_PASSWORD in Gitea Secrets"
print_info " 3. Prüfe das Passwort in deployment/stacks/registry/auth/htpasswd auf dem Server"
fi
if echo "$LOGIN_OUTPUT" | grep -qi "HTTP response to HTTPS client"; then
print_warning "Fehler: Docker versucht HTTPS, aber Registry läuft auf HTTP"
print_info "Lösung: Docker-daemon muss mit --insecure-registry=$registry_url konfiguriert werden"
fi
if echo "$LOGIN_OUTPUT" | grep -qi "certificate\|tls"; then
print_warning "Fehler: SSL/TLS Problem"
print_info "Lösung: Prüfe SSL-Zertifikat-Konfiguration"
fi
echo ""
echo "Vollständiger Fehler-Output:"
echo "$LOGIN_OUTPUT" | while IFS= read -r line; do
echo " $line"
done
return 1
fi
}
# Teste Registry API Zugriff
test_registry_api() {
local registry_url="$1"
local protocol="${2:-http}"
print_info "Teste Registry API Zugriff über $protocol..."
API_URL="${protocol}://${registry_url}/v2/_catalog"
if [ "$protocol" = "https" ]; then
API_RESPONSE=$(curl -k -u "${REGISTRY_USER}:${REGISTRY_PASSWORD}" -s "$API_URL" 2>&1)
else
API_RESPONSE=$(curl -u "${REGISTRY_USER}:${REGISTRY_PASSWORD}" -s "$API_URL" 2>&1)
fi
if echo "$API_RESPONSE" | grep -qi "repositories"; then
print_success "Registry API Zugriff erfolgreich!"
echo "$API_RESPONSE" | jq '.' 2>/dev/null || echo "$API_RESPONSE"
return 0
elif echo "$API_RESPONSE" | grep -qi "unauthorized\|401"; then
print_error "Registry API Zugriff fehlgeschlagen: Unauthorized"
return 1
else
print_warning "Registry API Antwort: $API_RESPONSE"
return 1
fi
}
# Hauptfunktion
main() {
print_header "Docker Registry Credentials Test"
# Prüfungen
check_docker
check_curl
# Zeige Konfiguration
print_info "Verwendete Konfiguration:"
echo " REGISTRY_USER: $REGISTRY_USER"
echo " REGISTRY_PASSWORD: ${REGISTRY_PASSWORD:+*** (${#REGISTRY_PASSWORD} Zeichen)}"
echo " REGISTRY_DOMAIN: $REGISTRY_DOMAIN"
echo " REGISTRY_HOST: $REGISTRY_HOST"
echo " REGISTRY_PORT: $REGISTRY_PORT"
if [ -z "$REGISTRY_PASSWORD" ]; then
print_error ""
print_error "REGISTRY_PASSWORD ist nicht gesetzt!"
print_info ""
print_info "Verwendung:"
echo " export REGISTRY_PASSWORD='dein-passwort'"
echo " ./scripts/test-registry-credentials.sh"
echo ""
print_info "Oder in CI/CD:"
echo " REGISTRY_PASSWORD=\"\${{ secrets.REGISTRY_PASSWORD }}\" ./scripts/test-registry-credentials.sh"
exit 1
fi
echo ""
# Test-Ergebnisse
HTTP_AVAILABLE=false
HTTPS_AVAILABLE=false
HTTP_LOGIN_SUCCESS=false
HTTPS_LOGIN_SUCCESS=false
# Test 1: HTTP Connectivity
print_header "Test 1: HTTP Connectivity"
if test_http_connectivity "${REGISTRY_HOST}:${REGISTRY_PORT}"; then
HTTP_AVAILABLE=true
fi
# Test 2: HTTPS Connectivity
print_header "Test 2: HTTPS Connectivity"
if test_https_connectivity "$REGISTRY_DOMAIN"; then
HTTPS_AVAILABLE=true
fi
# Test 3: Docker Login über HTTP
if [ "$HTTP_AVAILABLE" = true ]; then
print_header "Test 3: Docker Login über HTTP"
if test_docker_login "${REGISTRY_HOST}:${REGISTRY_PORT}" "http"; then
HTTP_LOGIN_SUCCESS=true
fi
else
print_warning "Überspringe HTTP Login Test (Registry nicht erreichbar)"
fi
# Test 4: Docker Login über HTTPS
if [ "$HTTPS_AVAILABLE" = true ]; then
print_header "Test 4: Docker Login über HTTPS"
if test_docker_login "$REGISTRY_DOMAIN" "https"; then
HTTPS_LOGIN_SUCCESS=true
fi
else
print_warning "Überspringe HTTPS Login Test (Registry nicht erreichbar)"
fi
# Test 5: Registry API (nur wenn Login erfolgreich)
if [ "$HTTP_LOGIN_SUCCESS" = true ] || [ "$HTTPS_LOGIN_SUCCESS" = true ]; then
print_header "Test 5: Registry API Zugriff"
if [ "$HTTP_LOGIN_SUCCESS" = true ]; then
test_registry_api "${REGISTRY_HOST}:${REGISTRY_PORT}" "http" || true
fi
if [ "$HTTPS_LOGIN_SUCCESS" = true ]; then
test_registry_api "$REGISTRY_DOMAIN" "https" || true
fi
fi
# Zusammenfassung
print_header "Zusammenfassung"
if [ "$HTTP_LOGIN_SUCCESS" = true ] || [ "$HTTPS_LOGIN_SUCCESS" = true ]; then
print_success "✅ Credentials sind korrekt und funktionieren!"
if [ "$HTTPS_LOGIN_SUCCESS" = true ]; then
print_success "✅ HTTPS Login funktioniert (empfohlen)"
print_info "Verwende in Workflows: registry.michaelschiemer.de"
fi
if [ "$HTTP_LOGIN_SUCCESS" = true ]; then
print_warning "⚠️ HTTP Login funktioniert (Fallback)"
print_info "Verwende in Workflows: ${REGISTRY_HOST}:${REGISTRY_PORT}"
print_info "HINWEIS: Benötigt insecure-registry Konfiguration im Docker-daemon"
fi
exit 0
else
print_error "❌ Credentials funktionieren nicht!"
print_info ""
print_info "Nächste Schritte:"
print_info "1. Prüfe REGISTRY_USER in Gitea Secrets"
print_info "2. Prüfe REGISTRY_PASSWORD in Gitea Secrets"
print_info "3. Prüfe das Passwort in deployment/stacks/registry/auth/htpasswd auf dem Server"
print_info "4. Prüfe ob die Registry läuft: docker ps | grep registry"
print_info "5. Prüfe Registry-Logs: docker logs registry"
exit 1
fi
}
# Script ausführen
main "$@"
Reference in New Issue View Git Blame Copy Permalink