|
Podman : Use Registry
2019/10/11 |
|
Install Registry to build Private Registry for Podman images.
Pull the Registry image and run it.
Container images are located under [/var/lib/regstry] on Registry v2 Container,
so map to mount [/var/lib/containers/registry] on parent Host for Registry Container to use as Persistent Storage. |
|
| [1] | Configure Registry. This is for the case to use HTTP and no authentication. |
|
# if SELinux is [Enforcing], add [--privileged] option [root@dlp ~]# podman run --privileged -d -p 5000:5000 \
-v /var/lib/containers/registry:/var/lib/registry \ registry:2 podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8d7425252c9c docker.io/library/registry:2 /etc/docker/regis... About a minute ago Up About a minute ago 0.0.0.0:5000->5000/tcp trusting_mahavira # if Firewalld is running, allow ports [root@dlp ~]# firewall-cmd --add-port=5000/tcp --permanent [root@dlp ~]# firewall-cmd --reload
# verify to push to Registry from localhost # for HTTP connection, add [--tls-verify=false] option [root@dlp ~]# podman tag centos dlp.srv.world:5000/centos:latest [root@dlp ~]# podman push dlp.srv.world:5000/centos:latest --tls-verify=false Getting image source signatures ..... ..... Writing manifest to image destination Storing signatures[root@dlp ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/registry 2 5c4008a25e05 3 weeks ago 26.8 MB registry.centos.org/centos latest 2f3766df23b6 3 months ago 217 MB dlp.srv.world:5000/centos latest 2f3766df23b6 3 months ago 217 MB |
| [2] | To enable Basic authentication, Configure like follows. |
|
[root@dlp ~]#
dnf -y install httpd-tools
# add users for Registry authentication [root@dlp ~]# htpasswd -Bc /etc/containers/.htpasswd cent New password: Re-type new password: Adding password for user cent
[root@dlp ~]#
podman run --privileged -d -p 5000:5000 \
-v /var/lib/containers/registry:/var/lib/registry \ -v /etc/containers:/auth \ -e REGISTRY_AUTH=htpasswd \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/.htpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \ registry:2 # login as a user you added above [root@dlp ~]# podman login dlp.srv.world:5000 --tls-verify=false
Username: cent
Password:
Login Succeeded!
[root@dlp ~]# podman tag centos dlp.srv.world:5000/centos2:latest [root@dlp ~]# podman push dlp.srv.world:5000/centos2:latest --tls-verify=false [root@dlp ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/registry 2 5c4008a25e05 3 weeks ago 26.8 MB registry.centos.org/centos latest 2f3766df23b6 3 months ago 217 MB dlp.srv.world:5000/centos latest 2f3766df23b6 3 months ago 217 MB dlp.srv.world:5000/centos2 latest 2f3766df23b6 3 months ago 217 MB |
| [3] | This is for the case you set valid certificate like Let's Encrypt and enable HTTPS connection. This example is based on that certificate were created under the [/etc/letsencrypt] directory. |
|
[root@dlp ~]#
podman run --privileged -d -p 5000:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \ -e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \ -v /etc/letsencrypt/live/dlp.srv.world:/certs \ -v /var/lib/containers/registry:/var/lib/registry \ registry:2 # verify to push to Registry [root@node01 ~]# podman tag centos dlp.srv.world:5000/centos3:latest [root@node01 ~]# podman push dlp.srv.world:5000/centos3:latest [root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/registry 2 5c4008a25e05 3 weeks ago 26.8 MB registry.centos.org/centos latest 2f3766df23b6 3 months ago 217 MB dlp.srv.world:5000/centos latest 2f3766df23b6 3 months ago 217 MB dlp.srv.world:5000/centos2 latest 2f3766df23b6 3 months ago 217 MB |