Fedora 38
Sponsored Link

Podman : Use Registry2023/04/26

 
Install Registry to build Private Registry for Container images.
[1] Install Registry.
[root@dlp ~]#
dnf -y install docker-distribution
[2] If Firewalld is running, allow registry port.
[root@dlp ~]#
firewall-cmd --add-port=5000/tcp

success
[root@dlp ~]#
firewall-cmd --runtime-to-permanent

success
[3] Configure Registry.
This is the settings to use HTTP connection and no-authentication.
[root@dlp ~]#
vi /etc/docker-distribution/registry/config.yml
# this is the default
# no need to change on HTTP and no authentication

version: 0.1
log:
  fields:
    service: registry
storage:
    cache:
        layerinfo: inmemory
    filesystem:
        rootdirectory: /var/lib/registry
http:
    addr: :5000

[root@dlp ~]#
systemctl enable --now docker-distribution
[root@dlp ~]#
podman images

REPOSITORY                         TAG         IMAGE ID      CREATED         SIZE
srv.world/fedora-nginx             latest      97533117cdc8  16 minutes ago  420 MB
srv.world/fedora-httpd             latest      51d32e13e2f4  21 minutes ago  477 MB
registry.fedoraproject.org/fedora  latest      c9bfca6d0ac2  6 days ago      196 MB

# [push] from localhost

[root@dlp ~]#
podman tag fedora dlp.srv.world:5000/fedora:my-registry

[root@dlp ~]#
podman push dlp.srv.world:5000/fedora:my-registry --tls-verify=false

[root@dlp ~]#
podman images

REPOSITORY                         TAG          IMAGE ID      CREATED         SIZE
srv.world/fedora-nginx             latest       97533117cdc8  16 minutes ago  420 MB
srv.world/fedora-httpd             latest       51d32e13e2f4  22 minutes ago  477 MB
registry.fedoraproject.org/fedora  latest       c9bfca6d0ac2  6 days ago      196 MB
dlp.srv.world:5000/fedora          my-registry  c9bfca6d0ac2  6 days ago      196 MB

# [pull] from another node

[root@node01 ~]#
podman pull dlp.srv.world:5000/fedora:my-registry --tls-verify=false

[root@node01 ~]#
podman images

REPOSITORY                 TAG          IMAGE ID      CREATED     SIZE
dlp.srv.world:5000/fedora  my-registry  c9bfca6d0ac2  6 days ago  196 MB
[4] To enable Basic authentication, Configure like follows.
[root@dlp ~]#
dnf -y install httpd-tools
[root@dlp ~]#
vi /etc/docker-distribution/registry/config.yml
# add to the end

auth:
  htpasswd:
    realm: basic-realm
    path: /etc/containers/registries.d/.htpasswd

[root@dlp ~]#
systemctl restart docker-distribution
# add users
# add [-c] at initial file creation

[root@dlp ~]#
htpasswd -Bc /etc/containers/registries.d/.htpasswd fedora

New password:
Re-type new password:
Adding password for user fedora

# verify possible to access
# an error is shown if access with no-authentication

[root@node01 ~]#
podman pull dlp.srv.world:5000/fedora:my-registry --tls-verify=false

Trying to pull dlp.srv.world:5000/fedora:my-registry...
Error: initializing source docker://dlp.srv.world:5000/fedora:my-registry: reading manifest my-registry in dlp.srv.world:5000/fedora: unauthorized: authentication required

# authenticate by a user added with [htpasswd]

[root@node01 ~]#
podman login dlp.srv.world:5000 --tls-verify=false

Username: fedora
Password:
Login Succeeded!
[root@node01 ~]#
podman pull dlp.srv.world:5000/fedora:my-registry --tls-verify=false

[root@node01 ~]#
podman images

REPOSITORY                 TAG          IMAGE ID      CREATED     SIZE
dlp.srv.world:5000/fedora  my-registry  c9bfca6d0ac2  6 days ago  196 MB
[5] To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows.
This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.srv.world].
[root@dlp ~]#
cp -p /etc/letsencrypt/live/dlp.srv.world/{fullchain,privkey}.pem /etc/containers/certs.d/

[root@dlp ~]#
vi /etc/docker-distribution/registry/config.yml
# add [tls] section under the [http] section like follows

.....
.....
http:
    addr: :5000
    tls:
      certificate: /etc/containers/certs.d/fullchain.pem
      key: /etc/containers/certs.d/privkey.pem
.....
.....

[root@dlp ~]#
systemctl restart docker-distribution
# verify possible to access

[root@node01 ~]#
podman pull dlp.srv.world:5000/fedora:my-registry

[root@node01 ~]#
podman images

REPOSITORY                 TAG          IMAGE ID      CREATED     SIZE
dlp.srv.world:5000/fedora  my-registry  c9bfca6d0ac2  6 days ago  196 MB
Matched Content