vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/swr/umn/swr_01_1000.html
Dong, Qiu Jian 38e4c01e6c SWR UMN: Permission description is added 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-06-18 06:49:13 +00:00

41 lines
8.2 KiB
HTML
Raw Blame History

<a name="swr_01_1000"></a><a name="swr_01_1000"></a>
<h1 class="topictitle1">Obtaining a Long-Term Valid Login Command</h1>
<div id="body1526527373724"><div class="section" id="swr_01_1000__section139621122486"><h4 class="sectiontitle">Scenario</h4><p id="swr_01_1000__p6864442134918">This section describes how to obtain a login command that is valid for a year.</p>
<div class="note" id="swr_01_1000__note1521917215294"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="swr_01_1000__p122193219294">For security purposes, it is advised to obtain the login command in the development environment.</p>
</div></div>
</div>
<div class="section" id="swr_01_1000__section447122712411"><h4 class="sectiontitle">Process</h4><p id="swr_01_1000__p205744652415">You can obtain a long-term valid login command as the following process:</p>
<div class="fignone" id="swr_01_1000__fig814171712513"><span class="figcap"><b>Figure 1 </b>Process</span><br><span><img id="swr_01_1000__image7141191792517" src="en-us_image_0000001539605245.png" height="48.877500000000005" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>
</div>
<div class="section" id="swr_01_1000__section140815918599"><h4 class="sectiontitle">Procedure</h4><ol id="swr_01_1000__ol2768163651813"><li id="swr_01_1000__li122491614174210"><span><strong id="swr_01_1000__b769314712814">Obtain the programmatic access permission. (If the current user has the permission, skip this step.)</strong></span><p><ol type="a" id="swr_01_1000__ol166282020114314"><li id="swr_01_1000__li962862016433">Log in to the management console as an administrator.</li><li id="swr_01_1000__li1396382454819">Click <span><img id="swr_01_1000__image69631524114811" src="en-us_image_0000001507688112.png"></span> in the upper left corner and select a region and a project.</li><li id="swr_01_1000__li796320240486">Click <span><img id="swr_01_1000__image1296392416481" src="en-us_image_0000001558527697.png"></span> in the navigation pane on the left and choose <strong id="swr_01_1000__b454814149713">Management &amp; Governance</strong> &gt; <strong id="swr_01_1000__b1360217431878">Identity and Access Management</strong>.</li><li id="swr_01_1000__li1648619084417">Enter the name of the user to whom you want to grant the programmatic access permission in the search box on the <span class="uicontrol" id="swr_01_1000__uicontrol2591115485711"><b>Users</b></span> page.</li><li id="swr_01_1000__li13271644917">Click the user to go to its details page.</li><li id="swr_01_1000__li1824411845118">Click <span><img id="swr_01_1000__image6527152492412" src="en-us_image_0000001507528236.png"></span> next to <span class="uicontrol" id="swr_01_1000__uicontrol1240373214107"><b>Access Type</b></span>.</li><li id="swr_01_1000__li1224675617202">Select <span class="uicontrol" id="swr_01_1000__uicontrol666119454011"><b>Programmatic access</b></span>. (You can select only programmatic access or both access types.)</li></ol>
</p></li><li id="swr_01_1000__li5768123671815"><a name="swr_01_1000__li5768123671815"></a><a name="li5768123671815"></a><span>Obtain the region, project name, and image repository address.</span><p><ol type="a" id="swr_01_1000__ol1692413110449"><li id="swr_01_1000__li17636121114363">Log in to the management console, click your username in the upper right corner, and click <span class="uicontrol" id="swr_01_1000__uicontrol176323015916"><b>My Credentials</b></span>.</li><li id="swr_01_1000__li165135188513">On the <strong id="swr_01_1000__b181711521148">Projects</strong> tab page, search for the project corresponding to the current region.</li><li id="swr_01_1000__li533871972612">Obtain the image repository address by referring to <a href="swr_01_0011.html#swr_01_0011__en-us_topic_0112596104_li182568055016">1.b</a>. The domain name at the end of the login command is the image repository address.</li></ol>
</p></li><li id="swr_01_1000__li1863783911295"><a name="swr_01_1000__li1863783911295"></a><a name="li1863783911295"></a><span>Obtain an AK/SK.</span><p><div class="note" id="swr_01_1000__note47741129113520"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="swr_01_1000__p867354104619">The access key ID (AK) and secret access key (SK) are a pair of access keys used together to authenticate users who wish to make API requests. The AK/AS pair provides functions similar to a password. If you already have an AK/SK, skip this step.</p>
</div></div>
<ol type="a" id="swr_01_1000__ol135056239350"><li id="swr_01_1000__li1856382020016">Log in to the management console, click your username in the upper right corner, and click <strong id="swr_01_1000__b192218382046">My Credentials</strong>.</li><li id="swr_01_1000__li750572393517">On the <strong id="swr_01_1000__b973619128514">Access Keys</strong> tab page, click <strong id="swr_01_1000__b17432012554">Add Access Key</strong>.</li><li id="swr_01_1000__li150592353512">Enter the login password and verification code sent to your mailbox or mobile phone.</li><li id="swr_01_1000__li3505112314357">Download the access key, which includes the AK and SK.<div class="note" id="swr_01_1000__note2050512393510"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="swr_01_1000__p4505423163519">Keep the access key secure and do not disclose it to any unauthorized personnel.</p>
</div></div>
</li></ol>
</p></li><li id="swr_01_1000__li132430753010"><a name="swr_01_1000__li132430753010"></a><a name="li132430753010"></a><span>Log in to a Linux PC and run the following command to <span class="keyword" id="swr_01_1000__keyword83181535173114">obtain the login key</span>:</span><p><p id="swr_01_1000__p101396227569"><strong id="swr_01_1000__b183847299230">printf "<em id="swr_01_1000__i913613510377">$AK</em>" | openssl dgst -binary -sha256 -hmac "<em id="swr_01_1000__i11361555373">$SK</em>" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'</strong></p>
<p id="swr_01_1000__p6793194675712">In the command, <strong id="swr_01_1000__b49613615112">$AK</strong> and <strong id="swr_01_1000__b996718611110">$SK</strong> indicate the AK and SK obtained in <a href="#swr_01_1000__li1863783911295">3</a> respectively.</p>
<div class="fignone" id="swr_01_1000__fig56444333813"><span class="figcap"><b>Figure 2 </b>Sample command output</span><br><span><img id="swr_01_1000__image156445335810" src="en-us_image_0165729699.png" height="44.054654000000006" width="492.1" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="swr_01_1000__li5743102065612"><span>Put the information you obtained in the following format to generate a long-term valid login command:</span><p><p id="swr_01_1000__p1568617424597"><strong id="swr_01_1000__b12402163612512">docker login -u</strong> [<em id="swr_01_1000__i778855718392">Regional project name</em>]<strong id="swr_01_1000__b14491359143913">@</strong>[<em id="swr_01_1000__i798944517396">AK</em>] <strong id="swr_01_1000__b4126195219510">-p</strong> [<em id="swr_01_1000__i1058412479398">Login key</em>] [<em id="swr_01_1000__i860045174012">Image repository address</em>]</p>
<p id="swr_01_1000__p11139175415">In the command, the regional project name and image repository address are obtained in <a href="#swr_01_1000__li5768123671815">2</a>, the AK in <a href="#swr_01_1000__li1863783911295">3</a>, and the login key in <a href="#swr_01_1000__li132430753010">4</a>.</p>
<div class="note" id="swr_01_1000__note10514103775017"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="swr_01_1000__p15514133785011">The login key is encrypted and cannot be decrypted. Therefore, other users cannot obtain the SK from -p.</p>
<p id="swr_01_1000__p118301550175412">The login command can be used on other devices.</p>
</div></div>
</p></li><li id="swr_01_1000__li273684916227"><span>Run the <strong id="swr_01_1000__b1892424665117">history -c</strong> command to clear the operation records.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="swr_01_0028.html">Image Management</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink