针对开源网络打印机软件CUPS的容器化实践
创建一个目录,并在目录内建立一个文件名为Dockerfile的文件和文件名为cupsd.conf的配置文件
Dockerfile
#使用原始镜像
FROM centos:6
#作者
MAINTAINER shark1985
#使用阿里云yum源
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo && yum makecache
#安装cups及组件
RUN yum -y install cups cups-libs
#备份原始配置文件
RUN mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.bak
#将cupsd.conf文件复制到配置目录
COPY cupsd.conf /etc/cups/
#开放631端口
EXPOSE 631
#运行cups服务
CMD ["cupsd"]
cupsd.conf
- 其中修改了"Listen *:631",允许任何地址访问
- 如下增加"Allow all"配置
Restrict access to the server...
<Location />
Order allow,deny
Allow all
</Location>
Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow all
</Location>
Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow all
</Location>
cupsd.conf文件内容
MaxLogSize 0
#
# "$Id: cupsd.conf.in 8805 2009-08-31 16:34:06Z mike $"
#
# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
# Administrator user group...
SystemGroup sys root
# Only listen for connections from the local machine.
Listen *:631
Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Restrict access to the server...
<Location />
Order allow,deny
Allow all
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow all
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow all
</Location>
# Set the default printer/job policies...
<Policy default>
# Job-related operations must be done by the owner or an administrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
构建镜像
docker build -t office-cups-centos6
构建过程
Sending build context to Docker daemon 6.656kB
Step 1/8 : FROM centos:6
---> d0957ffdf8a2
Step 2/8 : MAINTAINER shark1985
---> Using cache
---> 27ecd3caf516
Step 3/8 : RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo && yum makecache
---> Using cache
---> b1c6f3ba74d5
Step 4/8 : RUN yum -y install cups cups-libs
---> Using cache
---> 48e62c3cb9c7
Step 5/8 : RUN mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.bak
---> Running in b916430865f1
Removing intermediate container b916430865f1
---> 0bec467158d6
Step 6/8 : COPY cupsd.conf /etc/cups/
---> 16187084007f
Step 7/8 : EXPOSE 631
---> Running in e9644f736601
Removing intermediate container e9644f736601
---> 3322999c070b
Step 8/8 : CMD ["cupsd"]
---> Running in 9eec5c9fc7dd
Removing intermediate container 9eec5c9fc7dd
---> 354c91defd47
Successfully built 354c91defd47
Successfully tagged office-cups-centos6:latest
查看镜像
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
office-cups-centos6 latest 354c91defd47 About an hour ago 487MB
使用镜像运行容器
docker run -d -p 631:631 office-cups:latest
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e63fc4ae54cc office-cups-centos6:latest "cupsd" About an hour ago Up About an hour 0.0.0.0:631->631/tcp
进入容器为root添加密码,才能管理CUPS
docker exec -it e63fc4ae54cc /bin/bash
[root@e63fc4ae54cc /]# passwd
通过https访问CUPS管理页面
https://ip:631/admin
使用前面的root账号和密码登录
image.png
网友评论