
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
* Python2 Deprecation Notice:
Since version 2.1.0 the connector is migrated to the python3.6.x (or above) codebase.
The further maintenance, support and development of the python2 based version is NOT planned.
Please make sure you have converted ALL custom converters and filters to py3 syntax before upgrading the connector to the 2.1.0 or above.
Oomnitza’s local connector, built using Python, is a single application that pulls data from multiple vendor applications and pushes data into your Oomnitza instance.
The local connector can pull data from the following sources:
The local connector can be used to create two types of integrations:
Basic integrations run on our local connector and can presently pull data from the sources listed above. To create a basic integration, you complete these actions:
!integrationtypes_basic_and_extended
The initial setup and configuration of extended integrations that use the local connector is similar to that of basic integrations. However, when an extended integration is pushed to your Oomnitza instance, you can avail of additional features in the Oomnitza UI to:
To set up an extended integration locally, complete the steps and set the connector to run in managed mode. Some of the reasons why customers choose to install extended integrations locally are as follows:
Alternatively, you can create extended connector integrations that run in the Oomnitza Cloud. When you run extended integrations in the Oomnitza cloud, you get more more benefits and features such as:
We also have more extended cloud integrations to choose from! To view a complete list of our supported extended integrations navigate to Configuration>Extended>New Integration in your Oomnitza instance or checkout our documentation.
If you can’t find an integration, you can request one. See how to request extended integrations.
The most current version of this documentation can always be found on https://github.com/Oomnitza/oomnitza-connector/blob/master/README.md.
Use this local connector to run basic integrations and to run extended integrations locally.
To run basic integrations, follow the steps to install and configure the local connector.
To run extended integrations locally, follow the steps to install the local connector and set the connector to run in managed mode.
If you would prefer to run extended integrations in the Oomnitza Cloud, refer to extended integrations.
The Oomnitza Connector supports Linux, Windows, and Mac OS. For Linux, we recommend the Ubuntu OS. Recommended Requirements: 2-4 vCPU, 4-8 GB RAM, 2 GB disk space. Overall the Connector has a small footprint and only utilizes CPU and RAM during the scheduled synchronization jobs. With log rotation enabled for the generated Connector logs, the consumed disk space will remain within limits. Depending on the number of integrations and volume of data, the Connector can be configured to use additional workers.
You will need to install Python 3.6.X (or above) as well as the packages which the connector relies upon. Some of the python packages may require build tools to be installed.
Please visit the sections below related to the build tools before installing the additional modules.
We suggest you setup a virtual environment
and use pip to install the requirements. This can be done as follows (See our
documentation on installing
additional Python modules for use in Oomnitza.):
cd /path/to/connector virtualenv . source ***/activate pip install --upgrade pip pip install -r requirements.txt
On Ubuntu, the build tools are installed using:
sudo apt-get install build-essential unixodbc unixodbc-dev
For MS Windows you have to install Windows C++ compilers as build tools. Please visit the https://wiki.python.org/moin/WindowsCompilers To check what is appropriate compiler you have to download and install.
For OS X environment you have to install the build tools using the following command:
xcode-select --install
Before we begin installing the local connector, it is important to think ahead about what data you want to bring in and how you want to store it in Oomnitza. Since Oomnitza is highly customizable, there are many possibilities. Before proceeding to the next steps, take time to think about what information you want, and what Oomnitza fields you want filled out with data. Complete the following steps in your Oomnitza instance:
If the fields you want to map to Oomnitza haven’t been created yet, refer to our Guide to creating custom fields in Oomnitza.
To run the local connector in a docker container, you must:
Download the GitHub repository
Install the GitHub repository
You create a directory to download and install the GitHub repository on a local drive.
For example, in Windows, you create a directory called myconfig in this file path: C:\oomnitza\connector\myconfig
In Linux, you create a directory called myconfig in this file path: /home/myconfig
Download and install Docker Desktop
Click a link to download Docker Desktop:
Initial configuration
To start the local connector using Docker Compose, you must complete these steps:
Save the template for the connector configuration file, docker-compose.yml, in the directory, for example myconfig, that you created.
Open the docker-compose.yml file and replace /path/on/local/machine in the volumes section with the path on your local machine.
Windows: Replace /path/on/local/machine with C:\oomnitza\connector\myconfig.
Linux: Replace /path/on/local/machine with /home/myconfig.
Open a command line in the directory that you created, for example myconfig, and issue the following command:
docker-compose up generate-ini
Result
The generated configuration file (config.ini) is copied to the directory on your local machine.
Modify the config.ini file
To set up the local connector for your basic or extended integration, and to connect the local connector to your Oomnitza instance, you must modify the config.ini file. The config.ini file tells the local connector which Oomnitza Cloud instance to connect to and which basic or extended integration the local connector should serve up to the Oomnitza Cloud instance.
If you intend to run the local connector solely to connect to systems that are behind a firewall, you only need to maintain the [oomnitza section] and one or more of the managed sections in the config.ini file.
For more information, see https://github.com/Oomnitza/oomnitza-connector/blob/master/README.md#setting-the-connector-to-run-in-managed-mode.
Run the local connector
To run the local connector, issue the following command:
docker-compose up oomnitza-connector -d
Result
The docker container will run in detached mode. That is, as a background process.
If you need to run extended integrations, you can add an additional service to the Docker Compose configuration file, docker-compose.yml.
LDAP service
For LDAP, you add:
oomnitza-connector-ldap: image: oomnitza/oomnitza-connector:latest command: python connector.py --ini ../config/config.ini upload ldap volumes: - /path/on/local/machine:/home/appuser/config/
CSV Assets service
For CSV assets, you add:
oomnitza-connector-csv-assets: image: oomnitza/oomnitza-connector:latest command: python connector.py --ini ../config/config.ini upload csv_assets --testmode volumes: - /path/on/local/machine:/home/appuser/config/ - /another/path/on/local/machine:/home/appuser/exp/
The CSV file that contains the asset records should be stored in a directory on the local machine, the path in the container should be defined in the configuration file. For example, /home/appuser/exp/<file_name>.csv.
Example
[csv_assets] enable = True sync_field = BARCODE filename = /home/appuser/exp/assets.csv directory = mapping.BARCODE = {"source": "Barcode"}
Important
If you run Docker on a Windows 10 desktop, you might need to enclose the Windows folder path with single or double quotes in the volumes section.
Now you should be able to generate a default config file. Running python connector.py generate-ini will regenerate
the config.ini file, and create a backup if the file already exists. When you edit this file, it will have one section
per connection. You can safely remove the section for the connections you will not be using to keep the file small and
manageable.
If you require multiple different configurations of a single connector, such as the need to pull from two different LDAP OUs,
additional sections can be added by appending a '.' and a unique identifier to the section name. For example, having both a
[ldap] and [ldap.Contractors] section will allow you to pull users from a default and Contractor OU.
An example generated config.ini follows.
[oomnitza] url = [***] api_token = username = oomnitza-sa password = ThePassword [managed.xxx] enable = False saas_authorization = {"params": {"api-token": "saas-api-token"}, "headers": {"Authorization": "Bearer Example"}} oomnitza_authorization = oomnitza-api-token local_inputs = {"username": "***", "password": "ThePassword"} test_run = false [chef] enable = False url = [***] client = user key_file = /path/to/user.pem attribute_extension = [chromebooks] enable = False service_account_impersonate = *** service_account_json_key = {} [csv_assets] enable = False filename = /some/path/to/file/assets.csv directory = /some/path/to/files/ sync_field = 24DCF85294E411E38A52066B556BA4EE [csv_users] enable = False filename = /some/path/to/file/users.csv directory = /some/path/to/files/ default_role = 25 default_position = Employee sync_field = USER [jasper] enable = False wsdl_path = [***] username = *** password = change-me api_token = YOUR Jasper API TOKEN storage = storage.db [kace] enable = False url = [***] username = *** password = *** organization_name = Default api_version = 8 [ldap] enable = False url = ldaps://ldap.com:389 username = cn=read-only-admin,dc=example,dc=com password = base_dn = dc=example,dc=com group_dn = protocol_version = 3 filter = (objectClass=*) default_role = 25 default_position = Employee page_criterium = groups_dn = [] group_members_attr = member group_member_filter = [ldap_assets] enable = False url = ldaps://ldap.com:389 username = cn=read-only-admin,dc=example,dc=com password = base_dn = dc=example,dc=com group_dn = protocol_version = 3 filter = (objectClass=*) page_criterium = groups_dn = [] group_members_attr = member group_member_filter = sync_field = 24DCF85294E411E38A52066B556BA4EE [mobileiron] enable = False url = [***] username = *** password = change-me partitions = ["Drivers"] api_version = 1 include_checkin_devices_only = True last_checkin_date_threshold = *** [netbox] enable = False url = [***] auth_token = ******* [open_audit] enable = False url = [***] username = password = [sccm] enable = False server = server.example.com database = CM_DCT username = change-me password = change-me authentication = SQL Server driver = [simplemdm] enable = False secret_access_key = *** device_groups = device_types = computers,mobiledevices custom_attributes = 0 [tanium] enable = False url = [***] username = *** password = *** domain = view = [vcenter] enabled = False url = [***] username = *** password = change-me [workspaceone_devicesoftware] enable = False subdomain = tech-dev client_id = *** client_secret = *** region = na
The [oomnitza] section is where you configure the connector with the URL and login credentials for connecting to
Oomnitza. You can use an existing user’s credentials for username and password, but best practice is to create a
service account using your standard naming convention. See the documentation for managing user accounts in Oomnitza.
The remaining sections each deal with a single connection to an external service. The "enable" field is common to all connections and if set to "True" will enable this service for processing. Some fields are common to a type of connection. For example, "default_role" and "default_user" are fields for connections dealing with loading People into the Oomnitza app.
Each section can end with a list of field mappings. Simple mappings which just copy a field from the external system to a field inside Oomnitza can be defined here or in the System Settings within Oomnitza. Simple mappings are as follows:
mapping.[Oomnitza Field] = {"source": "[external field]"}
For fields which require processing before being brought into Oomnitza must be defined in the INI. These mappings are more involved. Please contact *** for more information. The format is:
mapping.[Oomnitza Field] = {"source": "[external field]", "converter": "[converter name]"}
sync_field: The Oomnitza field (fields) which contains the object's unique identifier.
We typically recommend username or email for users and serial_number for assets.
Will be loaded from Oomnitza mapping if not set. To create multiple sync field, split it by comma,
for example sync_field = USER,EMAIL.
The exceptions for this rule are the LDAP assets & CSV files because there is no way to
set the mapping in Oomnitza for these data sources at the current moment.
insert_only: set this to True to only create records in Oomnitza. Records for existing objects will not be updated.
update_only: set this to True to only update records in Oomnitza. Records for new objects will not be created.
insert_only and update_only can not be both of true value.
verify_ssl: set to false if the target data source instance is running with a self signed or invalid SSL certificate.
ssl_protocol : if the service to be connected to requires a particular SSL protocol version to properly connect, the connection's
section in the ini file can include a ssl_protocol option. The value can be one of:
ssl, sslv23, sslv3, tls, tls1.
url: the url of the Oomnitza application. For example: https://example.oomnitza.com
username: the Oomnitza username to use
password: the Oomnitza password to use
api_token: The API Token belonging to the Oomnitza user. If provided, username and password will not be used. For further information, refer to Creating an API token.
user_pem_file: The path to the PEM-encoded certificate containing the both private and public keys of the user.
Has to be used only if there is enabled two factor authentication in your environment. The certificate has to be also uploaded to Oomnitza in the "Configuration/ Security/ Certificates" page.
To prevent secrets sprawl and disclosure the Oomnitza Connector uses secret backends to securely store credentials, usernames, API tokens, and passwords.
There are three options:
KeyRing (KeyChain) is a secure encrypted database and the easiest to configure.
The https://www.vaultproject.io/intro/index.html and CyberArk provide an additional layer of security. In this case, all secrets will be stored in the external encrypted system
Before adding secrets for Connector, first, follow the instructions and setup the Oomnitza Connector. Use a technical role with restricted permissions to run the Connector.
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
来自真实用户的反馈,见证轩辕镜像的优质服务