Podman : Use Registry2023/04/26 |
Install Registry to build Private Registry for Container images.
|
|
[1] | Install Registry. |
[root@dlp ~]# dnf -y install docker-distribution
|
[2] | If Firewalld is running, allow registry port. |
[root@dlp ~]# firewall-cmd --add-port=5000/tcp success [root@dlp ~]# firewall-cmd --runtime-to-permanent success |
[3] | Configure Registry. This is the settings to use HTTP connection and no-authentication. |
[root@dlp ~]#
vi /etc/docker-distribution/registry/config.yml # this is the default # no need to change on HTTP and no authentication version: 0.1 log: fields: service: registry storage: cache: layerinfo: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000
[root@dlp ~]#
[root@dlp ~]# systemctl enable --now docker-distribution
podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/fedora-nginx latest 97533117cdc8 16 minutes ago 420 MB srv.world/fedora-httpd latest 51d32e13e2f4 21 minutes ago 477 MB registry.fedoraproject.org/fedora latest c9bfca6d0ac2 6 days ago 196 MB # [push] from localhost [root@dlp ~]# podman tag fedora dlp.srv.world:5000/fedora:my-registry [root@dlp ~]# podman push dlp.srv.world:5000/fedora:my-registry --tls-verify=false [root@dlp ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/fedora-nginx latest 97533117cdc8 16 minutes ago 420 MB srv.world/fedora-httpd latest 51d32e13e2f4 22 minutes ago 477 MB registry.fedoraproject.org/fedora latest c9bfca6d0ac2 6 days ago 196 MB dlp.srv.world:5000/fedora my-registry c9bfca6d0ac2 6 days ago 196 MB # [pull] from another node [root@node01 ~]# podman pull dlp.srv.world:5000/fedora:my-registry --tls-verify=false [root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/fedora my-registry c9bfca6d0ac2 6 days ago 196 MB |
[4] | To enable Basic authentication, Configure like follows. |
[root@dlp ~]#
dnf -y install httpd-tools
[root@dlp ~]#
vi /etc/docker-distribution/registry/config.yml # add to the end auth: htpasswd: realm: basic-realm path: /etc/containers/registries.d/.htpasswd
[root@dlp ~]#
systemctl restart docker-distribution
# add users # add [-c] at initial file creation [root@dlp ~]# htpasswd -Bc /etc/containers/registries.d/.htpasswd fedora New password: Re-type new password: Adding password for user fedora # verify possible to access # an error is shown if access with no-authentication [root@node01 ~]# podman pull dlp.srv.world:5000/fedora:my-registry --tls-verify=false Trying to pull dlp.srv.world:5000/fedora:my-registry... Error: initializing source docker://dlp.srv.world:5000/fedora:my-registry: reading manifest my-registry in dlp.srv.world:5000/fedora: unauthorized: authentication required # authenticate by a user added with [htpasswd] [root@node01 ~]# podman login dlp.srv.world:5000 --tls-verify=false
Username: fedora
Password:
Login Succeeded!
[root@node01 ~]# podman pull dlp.srv.world:5000/fedora:my-registry --tls-verify=false [root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/fedora my-registry c9bfca6d0ac2 6 days ago 196 MB |
[5] | To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows. This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.srv.world]. |
[root@dlp ~]# cp -p /etc/letsencrypt/live/dlp.srv.world/{fullchain,privkey}.pem /etc/containers/certs.d/
[root@dlp ~]#
vi /etc/docker-distribution/registry/config.yml # add [tls] section under the [http] section like follows
.....
.....
http:
addr: :5000
tls:
certificate: /etc/containers/certs.d/fullchain.pem
key: /etc/containers/certs.d/privkey.pem
.....
.....
[root@dlp ~]#
systemctl restart docker-distribution
# verify possible to access [root@node01 ~]# podman pull dlp.srv.world:5000/fedora:my-registry [root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/fedora my-registry c9bfca6d0ac2 6 days ago 196 MB |
Sponsored Link |
|