Podman : Use Registry2024/02/29

	Install Registry to build Private Registry for Container images.
[1]	Install Registry.

root@dlp:~ #

pkg install -y docker-registry

[2]	Configure Registry. This is the settings to use HTTP connection and no-authentication.

root@dlp:~ #

vi /usr/local/etc/docker-registry/config.yml

# comment out the [auth] section

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
#auth:
#  htpasswd:
#    realm: basic-realm
#    path: /etc/registry
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

root@dlp:~ #

service docker_registry enable

registry enabled in /etc/rc.conf
root@dlp:~ #

service docker_registry start

root@dlp:~ #

podman images

REPOSITORY                TAG         IMAGE ID      CREATED       SIZE
localhost/freebsd-nginx   latest      a0a053cc78a3  17 hours ago  1.17 GB
localhost/freebsd-httpd   latest      add46dedb2b7  23 hours ago  1.44 GB
localhost/freebsd-base    latest      2527bfa5eeb4  43 hours ago  1.05 GB
quay.io/centos/centos     stream9     ce3ac91d4020  2 weeks ago   161 MB
docker.io/library/ubuntu  latest      3db8720ecbf5  2 weeks ago   80.4 MB

# [push] from localhost

root@dlp:~ #

podman tag localhost/freebsd-base dlp.srv.world:5000/freebsd-base:my-registry

root@dlp:~ #

podman push dlp.srv.world:5000/freebsd-base:my-registry --tls-verify=false

Getting image source signatures
Copying blob e08c67379022 done   |
Copying config 2527bfa5ee done   |
Writing manifest to image destination

root@dlp:~ #

podman images

REPOSITORY                       TAG          IMAGE ID      CREATED       SIZE
localhost/freebsd-nginx          latest       a0a053cc78a3  17 hours ago  1.17 GB
localhost/freebsd-httpd          latest       add46dedb2b7  23 hours ago  1.44 GB
localhost/freebsd-base           latest       2527bfa5eeb4  43 hours ago  1.05 GB
dlp.srv.world:5000/freebsd-base  my-registry  2527bfa5eeb4  43 hours ago  1.05 GB
quay.io/centos/centos            stream9      ce3ac91d4020  2 weeks ago   161 MB
docker.io/library/ubuntu         latest       3db8720ecbf5  2 weeks ago   80.4 MB

# possible to [pull] from another node

root@node01:~ #

podman pull dlp.srv.world:5000/freebsd-base:my-registry --tls-verify=false

root@node01:~ #

podman images

REPOSITORY                       TAG          IMAGE ID      CREATED       SIZE
dlp.srv.world:5000/freebsd-base  my-registry  2527bfa5eeb4  43 hours ago  1.05 GB

[3]	To enable Basic authentication, Configure like follows.

root@dlp:~ #

pkg install -y apache24

root@dlp:~ #

vi /usr/local/etc/docker-registry/config.yml

# uncomment the [auth] section and change [path]

auth:
  htpasswd:
    realm: basic-realm
    path: /usr/local/etc/containers/.htpasswd

root@dlp:~ #

service docker_registry restart

# add users
# [-B] ⇒ it means using bcrypt : registry supports only bcrypt password
# [-c] ⇒ add it only at initial file creation

root@dlp:~ #

htpasswd -B -c /usr/local/etc/containers/.htpasswd freebsd

# verify possible to access from any node
# an error is shown if access with no-authentication

root@node01:~ #

podman pull dlp.srv.world:5000/freebsd-base:my-registry --tls-verify=false

Trying to pull dlp.srv.world:5000/freebsd-base:my-registry...
Error: initializing source docker://dlp.srv.world:5000/freebsd-base:my-registry: reading manifest my-registry in dlp.srv.world:5000/freebsd-base: StatusCode: 400,

# authenticate by a user added with [htpasswd]

root@node01:~ #

podman login dlp.srv.world:5000 --tls-verify=false

Username: freebsd
Password:
Login Succeeded!

root@node01:~ #

podman pull dlp.srv.world:5000/freebsd-base:my-registry --tls-verify=false

root@node01:~ #

podman images

REPOSITORY                       TAG          IMAGE ID      CREATED       SIZE
dlp.srv.world:5000/freebsd-base  my-registry  2527bfa5eeb4  44 hours ago  1.05 GB

[4]	To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows. This example is based on the environment that certificates have been gotten under the [/usr/local/etc/letsencrypt/live/dlp.srv.world].

root@dlp:~ #

cp -p /usr/local/etc/letsencrypt/live/dlp.srv.world/*.pem /usr/local/etc/containers/certs.d/

root@dlp:~ #

vi /usr/local/etc/docker-registry/config.yml

# add [tls] section under the [http] section like follows

.....
.....
http:
    addr: :5000
    tls:
      certificate: /usr/local/etc/containers/certs.d/fullchain.pem
      key: /usr/local/etc/containers/certs.d/privkey.pem
.....
.....

root@dlp:~ #

service docker_registry restart

# verify possible to access

root@node01:~ #

podman pull dlp.srv.world:5000/freebsd-base:my-registry

root@node01:~ #

podman images

REPOSITORY                       TAG          IMAGE ID      CREATED       SIZE
dlp.srv.world:5000/freebsd-base  my-registry  2527bfa5eeb4  44 hours ago  1.05 GB

Matched Content