Podman : Use Registry2025/11/12 |
|
Install Registry to build Private Registry for Container images. |
|
| [1] | Install Registry. |
|
[root@dlp ~]# dnf -y install docker-distribution
|
| [2] | If Firewalld is running, allow registry port. |
|
[root@dlp ~]# firewall-cmd --add-port=5000/tcp success [root@dlp ~]# firewall-cmd --runtime-to-permanent success |
| [3] | Configure Registry. This is the settings to use HTTP connection and no-authentication. |
|
[root@dlp ~]#
vi /etc/docker-distribution/registry/config.yml # this is the default # no need to change on HTTP and no authentication
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
[root@dlp ~]#
[root@dlp ~]# systemctl enable --now docker-distribution
podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/fedora-nginx latest 78a532c42789 17 minutes ago 346 MB srv.world/fedora-httpd latest 9681aa9061c7 24 minutes ago 349 MB registry.fedoraproject.org/fedora latest a9005aba99b1 2 days ago 186 MB # [push] from localhost [root@dlp ~]# podman tag fedora dlp.srv.world:5000/fedora:my-registry [root@dlp ~]# podman push dlp.srv.world:5000/fedora:my-registry --tls-verify=false [root@dlp ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/fedora-nginx latest 78a532c42789 18 minutes ago 346 MB srv.world/fedora-httpd latest 9681aa9061c7 25 minutes ago 349 MB dlp.srv.world:5000/fedora my-registry a9005aba99b1 2 days ago 186 MB registry.fedoraproject.org/fedora latest a9005aba99b1 2 days ago 186 MB # [pull] from another node [root@node01 ~]# podman pull dlp.srv.world:5000/fedora:my-registry --tls-verify=false [root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/fedora my-registry a9005aba99b1 2 days ago 186 MB |
| [4] | To enable Basic authentication, Configure like follows. |
|
[root@dlp ~]#
dnf -y install httpd-tools
[root@dlp ~]#
vi /etc/docker-distribution/registry/config.yml # add to last line
auth:
htpasswd:
realm: basic-realm
path: /etc/containers/registries.d/.htpasswd
# add users # add [-c] only at initial file creation [root@dlp ~]# htpasswd -Bc /etc/containers/registries.d/.htpasswd fedora New password: Re-type new password: Adding password for user fedora
[root@dlp ~]#
systemctl restart docker-distribution
# verify possible to access # an error is shown if access with no-authentication [root@node01 ~]# podman pull dlp.srv.world:5000/fedora:my-registry --tls-verify=false Trying to pull dlp.srv.world:5000/fedora:my-registry... Error: initializing source docker://dlp.srv.world:5000/fedora:my-registry: reading manifest my-registry in dlp.srv.world:5000/fedora: authentication required # authenticate by a user added with [htpasswd] [root@node01 ~]# podman login dlp.srv.world:5000 --tls-verify=false
Username: fedora
Password:
Login Succeeded!
[root@node01 ~]# podman pull dlp.srv.world:5000/fedora:my-registry --tls-verify=false [root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/fedora my-registry a9005aba99b1 2 days ago 186 MB |
| [5] | To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows. This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.srv.world]. |
|
[root@dlp ~]# cp -p /etc/letsencrypt/live/dlp.srv.world/{fullchain,privkey}.pem /etc/containers/certs.d/
[root@dlp ~]#
vi /etc/docker-distribution/registry/config.yml # add [tls] section under the [http] section like follows
.....
.....
http:
addr: :5000
tls:
certificate: /etc/containers/certs.d/fullchain.pem
key: /etc/containers/certs.d/privkey.pem
.....
.....
[root@dlp ~]#
systemctl restart docker-distribution
# verify possible to access [root@node01 ~]# podman pull dlp.srv.world:5000/fedora:my-registry [root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/fedora my-registry a9005aba99b1 2 days ago 186 MB |
| Sponsored Link |
|
|