我正在尝试在 Openshift 中构建 cups 打印服务器。服务器运行良好。我可以看到打印机并查看打印机详细信息。但是,我无法让管理功能正常工作。每次它要求进行身份验证时,似乎默认都在寻找命名空间用户 ID (1000610000),而且我无法更改它。为了更好地理解,我还附上了日志。任何关于如何让管理区域正常工作的想法都会非常有帮助。编辑:dockerfile 没有,EXPOSE因为它从 redhat cups 图像中传输端口
docker文件
FROM registry.redhat.io/rhel8/cups:latest
USER root
RUN dnf install hplip gutenprint openssl cups-pdf -y && dnf clean all
RUN useradd cupsadmin --create-home --groups=root,lp,wheel,sys && \
echo "cupsadmin\ncupsadmin" | passwd cupsadmin --stdin
RUN useradd cupsuser --groups=root,lp,wheel
RUN sed -i "/SystemGroup sys root$/ s/$/ wheel/" /etc/cups/cups-files.conf
COPY conf/cupsd.conf /etc/cups/cupsd.conf
COPY conf/printers.conf /etc/cups/printers.conf
ADD ppd /etc/cups/ppd
RUN chown -R cupsuser:root /var/cache/cups /var/cache/ldconfig /var/log/cups /var/run/cups/ /etc/cups /var/spool/cups /var/spool/cups-pdf /var/spool/lpd /var/run/hplip && \
chmod -R 775 /var/cache/ /var/log/cups/ /var/run/cups/ /var/spool/cups/ /var/cache/cups/ /var/spool/cups-pdf/ /var/spool/lpd/ /var/run/hplip/
USER cupsuser
ENTRYPOINT /usr/sbin/cupsd -f
cupsd.conf
MaxLogSize 0
LogLevel debug
AccessLogLevel all
Listen 0.0.0.0:6631
# Minimum TLS Version
SSLOptions MinTLS1.2
Listen /var/run/cups/cups.sock
ServerAlias *
Browsing Off
BrowseLocalProtocols none
DefaultAuthType Basic
DefaultEncryption IfRequested
WebInterface Yes
PreserveJobFiles On
PreserveJobHistory On
ErrorPolicy retry-job
JobRetryLimit 10
JobRetryInterval 5
MaxJobs 40000
<Location />
# Allow remote access...
Order allow,deny
Allow from 10.*
Allow from 172.*
Allow from 192.168.*
Allow from localhost
#Allow all
</Location>
<Location /admin>
Order allow,deny
Allow from 10.*
Allow from 172.*
Allow from 192.168.*
Allow from localhost
#Allow all
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
</Location>
<Policy default>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
日志
D [06/Oct/2023:17:23:16 +0000] [CGI] admin.cgi started...
D [06/Oct/2023:17:23:16 +0000] cupsdSetBusyState: newbusy="Active clients", busy="Active clients"
D [06/Oct/2023:17:23:16 +0000] [Client 32] Server address is "127.0.0.1".
D [06/Oct/2023:17:23:16 +0000] [Client 32] Accepted from localhost:45262 (IPv4)
D [06/Oct/2023:17:23:16 +0000] [Client 32] Waiting for request.
D [06/Oct/2023:17:23:16 +0000] [CGI] http=0x55f1cabf28f0
D [06/Oct/2023:17:23:16 +0000] [CGI] cgiSetVariable: SECTION=\"admin\"
D [06/Oct/2023:17:23:16 +0000] [CGI] cgiSetVariable: REFRESH_PAGE=\"\"
D [06/Oct/2023:17:23:16 +0000] [CGI] org.cups.sid cookie is \"635b72fc63403b5e835153911946b9f2\"
D [06/Oct/2023:17:23:16 +0000] [CGI] cgiSetVariable: org.cups.sid=\"635b72fc63403b5e835153911946b9f2\"
D [06/Oct/2023:17:23:16 +0000] [CGI] cgiSetVariable: OP=\"add-printer\"
D [06/Oct/2023:17:23:16 +0000] [CGI] op=\"add-printer\"...
D [06/Oct/2023:17:23:16 +0000] [CGI] do_am_printer: DEVICE_URI=\"(null)\"
D [06/Oct/2023:17:23:16 +0000] [CGI] Getting list of devices...
D [06/Oct/2023:17:23:16 +0000] [Client 32] POST / HTTP/1.1
D [06/Oct/2023:17:23:16 +0000] cupsdSetBusyState: newbusy="Active clients", busy="Active clients"
D [06/Oct/2023:17:23:16 +0000] [Client 32] Read: status=200, state=6
D [06/Oct/2023:17:23:16 +0000] [Client 32] No authentication data provided.
D [06/Oct/2023:17:23:16 +0000] [Client 32] 1.1 CUPS-Get-Devices 1
D [06/Oct/2023:17:23:16 +0000] CUPS-Get-Devices
D [06/Oct/2023:17:23:16 +0000] cupsdIsAuthorized: username=""
D [06/Oct/2023:17:23:16 +0000] [Client 32] Returning HTTP Unauthorized for CUPS-Get-Devices (no URI) from localhost
localhost - - [06/Oct/2023:17:23:16 +0000] "POST / HTTP/1.1" 401 91 CUPS-Get-Devices successful-ok
D [06/Oct/2023:17:23:16 +0000] [Client 32] cupsdSendHeader: code=401, type="text/html", auth_type=0
D [06/Oct/2023:17:23:16 +0000] [Client 32] WWW-Authenticate: Basic realm=\"CUPS\", trc=\"y\"
D [06/Oct/2023:17:23:16 +0000] [CGI] cgi_passwd(prompt=\"Password for 1000610000 on localhost? \") called!
D [06/Oct/2023:17:23:16 +0000] [Client 30] CGI data ready to be sent.
D [06/Oct/2023:17:23:16 +0000] [Client 30] con->http=0x55eb0af3f160
D [06/Oct/2023:17:23:16 +0000] [Client 30] cupsdWriteClient error=0, used=0, state=HTTP_STATE_POST_SEND, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=2147483647, response=(nil)(), pipe_pid=74, file=11
D [06/Oct/2023:17:23:16 +0000] [Client 30] Waiting for CGI data.
D [06/Oct/2023:17:23:16 +0000] [Client 30] Script header: Status: 401
D [06/Oct/2023:17:23:16 +0000] [Client 30] Script header:
D [06/Oct/2023:17:23:16 +0000] [Client 30] Sending status 401 for CGI.
192.168.134.8 - - [06/Oct/2023:17:23:14 +0000] "POST /admin/ HTTP/1.1" 401 60 - -
D [06/Oct/2023:17:23:16 +0000] [Client 30] cupsdSendHeader: code=401, type="text/html", auth_type=0
D [06/Oct/2023:17:23:16 +0000] [Client 30] WWW-Authenticate: Basic realm=\"CUPS\"
192.168.134.8 - - [06/Oct/2023:17:23:14 +0000] "POST /admin/ HTTP/1.1" 200 60 - -
D [06/Oct/2023:17:23:16 +0000] [Client 30] Flushing write buffer.
D [06/Oct/2023:17:23:16 +0000] [Client 30] New state is HTTP_STATE_WAITING
D [06/Oct/2023:17:23:16 +0000] [Client 30] Waiting for request.
D [06/Oct/2023:17:23:16 +0000] [Client 30] Closing because Keep-Alive is disabled.
D [06/Oct/2023:17:23:16 +0000] [Client 30] Closing connection.
D [06/Oct/2023:17:23:16 +0000] cupsdSetBusyState: newbusy="Active clients", busy="Active clients"
D [06/Oct/2023:17:23:16 +0000] [Client 32] HTTP_STATE_WAITING Closing for error 32 (Broken pipe)
D [06/Oct/2023:17:23:16 +0000] [Client 32] Closing connection.
D [06/Oct/2023:17:23:16 +0000] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [06/Oct/2023:17:23:16 +0000] PID 74 (/usr/lib/cups/cgi-bin/admin.cgi) exited with no errors.