Fedora 32
Sponsored Link

Podman : Use Registry2020/05/11

 
Install Registry to build Private Registry for Container Images.
[1]
On The Host the Registry Container runs, Get SSL Certificates, refer to here.
This example is based on the case that SSL certificates are gotten under the [/etc/letsencrypt/live/dlp.srv.world] and set the [Common Name] as [dlp.srv.world].
[2] Copy Certificates and pull Registry Image (v2).
Container Images are located under [/var/lib/regstry] on Registry v2 Container, so map to mount [/var/lib/docker/registry] on parent Host for Registry Container to use as Persistent Storage.
[root@dlp ~]#
mkdir -p /etc/containers/certs.d/dlp.srv.world:5000

[root@dlp ~]#
cp -p /etc/letsencrypt/live/dlp.srv.world/cert.pem /etc/containers/certs.d/dlp.srv.world:5000/ca.crt
[root@dlp ~]#
podman pull registry:2

[root@dlp ~]#
mkdir /var/lib/containers/registry

[root@dlp ~]#
podman run --privileged -d -p 5000:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \
-e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \
-v /etc/letsencrypt/live/dlp.srv.world:/certs \
-v /var/lib/containers/registry:/var/lib/registry \
registry:2
[root@dlp ~]#
podman ps

CONTAINER ID  IMAGE                         COMMAND               CREATED        STATUS            PORTS                   NAMES
c8cc43420972  docker.io/library/registry:2  /etc/docker/regis...  8 seconds ago  Up 8 seconds ago  0.0.0.0:5000->5000/tcp  eloquent_montalcini
[3] If SELinux is enabled, change policy.
[root@dlp ~]#
vi my-podman.te
# create new

module my-podman 1.0;

require {
        type firewalld_t;
        type pcscd_t;
        class capability sys_nice;

}

#============= firewalld_t ==============
allow firewalld_t self:capability sys_nice;
allow pcscd_t self:capability sys_nice;

[root@dlp ~]#
checkmodule -m -M -o my-podman.mod my-podman.te

[root@dlp ~]#
semodule_package --outfile my-podman.pp --module my-podman.mod

[root@dlp ~]#
semodule -i my-podman.pp

[4] If Firewalld is running, allow mapped port.
[root@dlp ~]#
firewall-cmd --add-port=5000/tcp --permanent

success
[root@dlp ~]#
firewall-cmd --reload

success
[5] For pushing local image to Registry Container, set like follows.
# list images on Registry container

[root@dlp ~]#
curl https://dlp.srv.world:5000/v2/_catalog

{"repositories":[]}
[root@dlp ~]#
podman images

REPOSITORY                          TAG      IMAGE ID       CREATED          SIZE
srv.world/nginx_server              latest   f0bde03754eb   20 minutes ago   406 MB
srv.world/fedora_httpd              latest   a461b4b0b704   24 minutes ago   452 MB
registry.fedoraproject.org/fedora   latest   d81c91deec0d   11 days ago      208 MB
docker.io/library/registry          2        708bc6af7e5e   3 months ago     26.3 MB

# set a tag and push

[root@dlp ~]#
podman tag srv.world/nginx_server dlp.srv.world:5000/nginx_server

[root@dlp ~]#
podman push dlp.srv.world:5000/nginx_server

Getting image source signatures
Copying blob 762cd72f3931 done
Copying blob 1232b62231c3 done
Copying blob a4c0fa2b217d done
Copying config f0bde03754 done
Writing manifest to image destination
Storing signatures
[root@dlp ~]#
podman images

REPOSITORY                          TAG      IMAGE ID       CREATED          SIZE
srv.world/nginx_server              latest   f0bde03754eb   21 minutes ago   406 MB
dlp.srv.world:5000/nginx_server     latest   f0bde03754eb   21 minutes ago   406 MB
srv.world/fedora_httpd              latest   a461b4b0b704   25 minutes ago   452 MB
registry.fedoraproject.org/fedora   latest   d81c91deec0d   11 days ago      208 MB
docker.io/library/registry          2        708bc6af7e5e   3 months ago     26.3 MB

[root@dlp ~]#
curl https://dlp.srv.world:5000/v2/_catalog

{"repositories":["nginx_server"]}
[6] For getting images from Registry Container on a Podman node, set like follows.
# get certificate from Registry Container

[root@node01 ~]#
mkdir -p /etc/containers/certs.d/dlp.srv.world:5000

[root@node01 ~]#
cd /etc/containers/certs.d/dlp.srv.world:5000

[root@node01 dlp.srv.world:5000]#
scp dlp.srv.world:"/etc/containers/certs.d/dlp.srv.world:5000/ca.crt" ./
[root@node01 ~]#
podman pull dlp.srv.world:5000/nginx_server

Trying to pull dlp.srv.world:5000/nginx_server...
Getting image source signatures
Copying blob 3088721d7dbf done
Copying blob 738c7e5b4571 done
Copying blob 57904cb9351e done
Copying config f0bde03754 done
Writing manifest to image destination
Storing signatures
f0bde03754eb78b94d465246c9c239cc9d403a92e990cac1533b09fdecbe3846

[root@node01 ~]#
podman images

REPOSITORY                        TAG      IMAGE ID       CREATED          SIZE
dlp.srv.world:5000/nginx_server   latest   f0bde03754eb   36 minutes ago   406 MB
Matched Content