針對(duì)開(kāi)源網(wǎng)絡(luò)打印機(jī)軟件CUPS的容器化實(shí)踐

創(chuàng)建一個(gè)目錄搁胆，并在目錄內(nèi)建立一個(gè)文件名為Dockerfile的文件和文件名為cupsd.conf的配置文件

Dockerfile

#使用原始鏡像
FROM centos:6
#作者
MAINTAINER shark1985
#使用阿里云yum源
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo && yum makecache
#安裝cups及組件
RUN yum -y install cups cups-libs
#備份原始配置文件
RUN mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.bak
#將cupsd.conf文件復(fù)制到配置目錄
COPY cupsd.conf /etc/cups/
#開(kāi)放631端口
EXPOSE 631
#運(yùn)行cups服務(wù)
CMD ["cupsd"]

cupsd.conf

• 其中修改了"Listen *:631",允許任何地址訪問(wèn)
• 如下增加"Allow all"配置
  Restrict access to the server...
  <Location />
  Order allow,deny
  Allow all
  </Location>

Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow all
</Location>

Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow all
</Location>

cupsd.conf文件內(nèi)容

MaxLogSize 0
#
# "$Id: cupsd.conf.in 8805 2009-08-31 16:34:06Z mike $"
#
# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn

# Administrator user group...
SystemGroup sys root


# Only listen for connections from the local machine.
Listen *:631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
  Order allow,deny
  Allow all
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow all
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow all
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI>
    AuthType Default
    Order deny,allow
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

構(gòu)建鏡像

docker build -t office-cups-centos6 .

構(gòu)建過(guò)程

Sending build context to Docker daemon  6.656kB
Step 1/8 : FROM centos:6
 ---> d0957ffdf8a2
Step 2/8 : MAINTAINER shark1985
 ---> Using cache
 ---> 27ecd3caf516
Step 3/8 : RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo && yum makecache
 ---> Using cache
 ---> b1c6f3ba74d5
Step 4/8 : RUN yum -y install cups cups-libs
 ---> Using cache
 ---> 48e62c3cb9c7
Step 5/8 : RUN mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.bak
 ---> Running in b916430865f1
Removing intermediate container b916430865f1
 ---> 0bec467158d6
Step 6/8 : COPY cupsd.conf /etc/cups/
 ---> 16187084007f
Step 7/8 : EXPOSE 631
 ---> Running in e9644f736601
Removing intermediate container e9644f736601
 ---> 3322999c070b
Step 8/8 : CMD ["cupsd"]
 ---> Running in 9eec5c9fc7dd
Removing intermediate container 9eec5c9fc7dd
 ---> 354c91defd47
Successfully built 354c91defd47
Successfully tagged office-cups-centos6:latest

查看鏡像

docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
office-cups-centos6          latest              354c91defd47        About an hour ago   487MB

使用鏡像運(yùn)行容器

docker run -d -p 631:631  office-cups:latest

docker ps -a
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS                      PORTS                                          NAMES
e63fc4ae54cc        office-cups-centos6:latest   "cupsd"                  About an hour ago   Up About an hour            0.0.0.0:631->631/tcp

進(jìn)入容器為root添加密碼色洞，才能管理CUPS

docker exec -it e63fc4ae54cc /bin/bash
[root@e63fc4ae54cc /]# passwd

通過(guò)https訪問(wèn)CUPS管理頁(yè)面
https://ip:631/admin
使用前面的root賬號(hào)和密碼登錄

image.png