Podman : Use Registry2020/05/11 |
|
Install Registry to build Private Registry for Container Images.
|
|
| [1] |
On The Host the Registry Container runs, Get SSL Certificates, refer to here.
This example is based on the case that SSL certificates are gotten under the [/etc/letsencrypt/live/dlp.srv.world] and set the [Common Name] as [dlp.srv.world]. |
| [2] | Copy Certificates and pull Registry Image (v2). Container Images are located under [/var/lib/regstry] on Registry v2 Container, so map to mount [/var/lib/docker/registry] on parent Host for Registry Container to use as Persistent Storage. |
|
[root@dlp ~]#
[root@dlp ~]# mkdir -p /etc/containers/certs.d/dlp.srv.world:5000 [root@dlp ~]# cp -p /etc/letsencrypt/live/dlp.srv.world/cert.pem /etc/containers/certs.d/dlp.srv.world:5000/ca.crt
podman pull registry:2 [root@dlp ~]# mkdir /var/lib/containers/registry [root@dlp ~]# podman run --privileged -d -p 5000:5000 \
[root@dlp ~]# -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \ -e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \ -v /etc/letsencrypt/live/dlp.srv.world:/certs \ -v /var/lib/containers/registry:/var/lib/registry \ registry:2 podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c8cc43420972 docker.io/library/registry:2 /etc/docker/regis... 8 seconds ago Up 8 seconds ago 0.0.0.0:5000->5000/tcp eloquent_montalcini |
| [3] | If SELinux is enabled, change policy. |
|
[root@dlp ~]#
vi my-podman.te # create new
module my-podman 1.0;
require {
type firewalld_t;
type pcscd_t;
class capability sys_nice;
}
#============= firewalld_t ==============
allow firewalld_t self:capability sys_nice;
allow pcscd_t self:capability sys_nice;
checkmodule -m -M -o my-podman.mod my-podman.te [root@dlp ~]# semodule_package --outfile my-podman.pp --module my-podman.mod [root@dlp ~]# semodule -i my-podman.pp |
| [4] | If Firewalld is running, allow mapped port. |
|
[root@dlp ~]# firewall-cmd --add-port=5000/tcp --permanent success [root@dlp ~]# firewall-cmd --reload success |
| [5] | For pushing local image to Registry Container, set like follows. |
|
# list images on Registry container [root@dlp ~]# curl https://dlp.srv.world:5000/v2/_catalog {"repositories":[]} podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/nginx_server latest f0bde03754eb 20 minutes ago 406 MB srv.world/fedora_httpd latest a461b4b0b704 24 minutes ago 452 MB registry.fedoraproject.org/fedora latest d81c91deec0d 11 days ago 208 MB docker.io/library/registry 2 708bc6af7e5e 3 months ago 26.3 MB # set a tag and push [root@dlp ~]# podman tag srv.world/nginx_server dlp.srv.world:5000/nginx_server [root@dlp ~]# podman push dlp.srv.world:5000/nginx_server Getting image source signatures Copying blob 762cd72f3931 done Copying blob 1232b62231c3 done Copying blob a4c0fa2b217d done Copying config f0bde03754 done Writing manifest to image destination Storing signatures[root@dlp ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/nginx_server latest f0bde03754eb 21 minutes ago 406 MB dlp.srv.world:5000/nginx_server latest f0bde03754eb 21 minutes ago 406 MB srv.world/fedora_httpd latest a461b4b0b704 25 minutes ago 452 MB registry.fedoraproject.org/fedora latest d81c91deec0d 11 days ago 208 MB docker.io/library/registry 2 708bc6af7e5e 3 months ago 26.3 MB[root@dlp ~]# curl https://dlp.srv.world:5000/v2/_catalog {"repositories":["nginx_server"]} |
| [6] | For getting images from Registry Container on a Podman node, set like follows. |
|
# get certificate from Registry Container [root@node01 ~]# mkdir -p /etc/containers/certs.d/dlp.srv.world:5000 [root@node01 ~]# cd /etc/containers/certs.d/dlp.srv.world:5000 [root@node01 dlp.srv.world:5000]# scp dlp.srv.world:"/etc/containers/certs.d/dlp.srv.world:5000/ca.crt" ./
podman pull dlp.srv.world:5000/nginx_server Trying to pull dlp.srv.world:5000/nginx_server... Getting image source signatures Copying blob 3088721d7dbf done Copying blob 738c7e5b4571 done Copying blob 57904cb9351e done Copying config f0bde03754 done Writing manifest to image destination Storing signatures f0bde03754eb78b94d465246c9c239cc9d403a92e990cac1533b09fdecbe3846[root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/nginx_server latest f0bde03754eb 36 minutes ago 406 MB |
| Sponsored Link |