# Private Docker Registry with CentOS 8 ## resource ### 1. 4 core, 4 G RAM, 50 G Disk for 2 VM ### 2. IP: 192.168.122.60, hostname: drg; IP: 192.168.122.40, hostname: non-registry ### 3. OS: CentOS 8 ## Pre-install ### 1. #yum update -y ### 2. make sure you have fix private ip address, it's sample. ``` [root@drg ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp1s0 DEVICE=enp1s0 ONBOOT=yes IPADDR=192.168.122.60 PREFIX=24 GATEWAY=192.168.122.1 DNS1=8.8.8.8 ``` ## Install Docker Packages ### 1. install yum utils #yum install -y yum-utils ### 2. install docker repo #yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo ``` [root@drg ~]# yum-config-manager --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo ``` ### 3. install containerd #wget https://download.docker.com/linux/fedora/30/x86_64/stable/Packages/containerd.io-1.2.6-3.3.fc30.x86_64.rpm #dnf install containerd.io-1.2.6-3.3.fc30.x86_64.rpm #dnf install docker-ce docker-ce-cli -y ``` [root@drg ~]# dnf install docker-ce docker-ce-cli Failed to set locale, defaulting to C.UTF-8 Last metadata expiration check: 0:12:32 ago on Sat Oct 3 00:11:24 2020. Dependencies resolved. ======================================================================================================================= Package Architecture Version Repository Size ======================================================================================================================= Installing: docker-ce x86_64 3:19.03.13-3.el8 docker-ce-stable 24 M docker-ce-cli x86_64 1:19.03.13-3.el8 docker-ce-stable 38 M Installing dependencies: libcgroup x86_64 0.41-19.el8 BaseOS 70 k Transaction Summary ======================================================================================================================= Install 3 Packages Total download size: 63 M Installed size: 272 M Is this ok [y/N]: y Downloading Packages: (1/3): libcgroup-0.41-19.el8.x86_64.rpm 148 kB/s | 70 kB 00:00 (2/3): docker-ce-cli-19.03.13-3.el8.x86_64.rpm 8.7 MB/s | 38 MB 00:04 (3/3): docker-ce-19.03.13-3.el8.x86_64.rpm 4.7 MB/s | 24 MB 00:05 ----------------------------------------------------------------------------------------------------------------------- Total 8.8 MB/s | 63 MB 00:07 warning: /var/cache/dnf/docker-ce-stable-fa9dc42ab4cec2f4/packages/docker-ce-19.03.13-3.el8.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY Docker CE Stable - x86_64 72 kB/s | 1.6 kB 00:00 Importing GPG key 0x621E9F35: Userid : "Docker Release (CE rpm) <docker@docker.com>" Fingerprint: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35 From : https://download.docker.com/linux/centos/gpg Is this ok [y/N]: y Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : docker-ce-cli-1:19.03.13-3.el8.x86_64 1/3 Running scriptlet: docker-ce-cli-1:19.03.13-3.el8.x86_64 1/3 Running scriptlet: libcgroup-0.41-19.el8.x86_64 2/3 Installing : libcgroup-0.41-19.el8.x86_64 2/3 Running scriptlet: libcgroup-0.41-19.el8.x86_64 2/3 Installing : docker-ce-3:19.03.13-3.el8.x86_64 3/3 Running scriptlet: docker-ce-3:19.03.13-3.el8.x86_64 3/3 Verifying : libcgroup-0.41-19.el8.x86_64 1/3 Verifying : docker-ce-3:19.03.13-3.el8.x86_64 2/3 Verifying : docker-ce-cli-1:19.03.13-3.el8.x86_64 3/3 Installed products updated. Installed: docker-ce-3:19.03.13-3.el8.x86_64 docker-ce-cli-1:19.03.13-3.el8.x86_64 libcgroup-0.41-19.el8.x86_64 Complete! ``` ### 4. enable, start and check docker status ``` [root@drg ~]# systemctl enable docker Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service. [root@drg ~]# systemctl start docker [root@drg ~]# systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2020-10-03 00:25:46 CST; 4s ago Docs: https://docs.docker.com Main PID: 3946 (dockerd) Tasks: 12 Memory: 44.3M CGroup: /system.slice/docker.service └─3946 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock Oct 03 00:25:45 drg dockerd[3946]: time="2020-10-03T00:25:45.239485480+08:00" level=error msg="Failed to > Oct 03 00:25:45 drg dockerd[3946]: time="2020-10-03T00:25:45.376777116+08:00" level=warning msg="Your ker> Oct 03 00:25:45 drg dockerd[3946]: time="2020-10-03T00:25:45.376795548+08:00" level=warning msg="Your ker> Oct 03 00:25:45 drg dockerd[3946]: time="2020-10-03T00:25:45.376923591+08:00" level=info msg="Loading con> Oct 03 00:25:45 drg dockerd[3946]: time="2020-10-03T00:25:45.816471876+08:00" level=info msg="Default bri> Oct 03 00:25:46 drg dockerd[3946]: time="2020-10-03T00:25:46.040497527+08:00" level=info msg="Loading con> Oct 03 00:25:46 drg dockerd[3946]: time="2020-10-03T00:25:46.085266550+08:00" level=info msg="Docker daem> Oct 03 00:25:46 drg dockerd[3946]: time="2020-10-03T00:25:46.085496952+08:00" level=info msg="Daemon has > Oct 03 00:25:46 drg dockerd[3946]: time="2020-10-03T00:25:46.197052571+08:00" level=info msg="API listen > Oct 03 00:25:46 drg systemd[1]: Started Docker Application Container Engine. ``` ## check environment ### 1. #docker run hello-world :::info if you wanna try ubuntu cli from CentOS 8, don't miss **docker run -it ubuntu bash** ::: ``` [root@drg ~]# docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 0e03bdcc26d7: Pull complete Digest: sha256:4cf9c47f86df71d48364001ede3a4fcd85ae80ce02ebad74156906caff5378bc Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/ ``` ## delte test container and image ### 1. list container first. ``` [root@drg ~]# docker container ls --all CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 15ed1b18694d ubuntu "bash" About a minute ago Exited (130) About a minute ago fervent_nobel 665af40c4a2b hello-world "/hello" 2 minutes ago Exited (0) 2 minutes ago intelligent_swartz ``` ### 2. delete container ``` [root@drg ~]# docker container rm 15ed 15ed [root@drg ~]# docker container rm 665 665 ``` ### 3. delete image ``` [root@drg ~]# docker image rm hello-world Untagged: hello-world:latest Untagged: hello-world@sha256:4cf9c47f86df71d48364001ede3a4fcd85ae80ce02ebad74156906caff5378bc Deleted: sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b Deleted: sha256:9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63 [root@drg ~]# docker image rm ubuntu Untagged: ubuntu:latest Untagged: ubuntu@sha256:bc2f7250f69267c9c6b66d7b6a81a54d3878bb85f1ebb5f951c896d13e6ba537 Deleted: sha256:9140108b62dc87d9b278bb0d4fd6a3e44c2959646eb966b86531306faa81b09b Deleted: sha256:69ea0ba6086b4837bc259353a9dec7e6f7bcc9b8297b0f722387a114697e5691 Deleted: sha256:923b52e8276c042a8602849149a284ae77cccf4c688cc4284bf01ec9669a6e6c Deleted: sha256:d42a4fdf4b2ae8662ff2ca1b695eae571c652a62973c1beb81a296a4f4263d92 ``` ## Create Private Registry for local ### 1. create a local registry, open 5000 port, always restart ``` [root@drg ~]# docker run -d -p 5000:5000 --restart=always --name registry registry:2 Unable to find image 'registry:2' locally 2: Pulling from library/registry cbdbe7a5bc2a: Pull complete 47112e65547d: Pull complete 46bcb632e506: Pull complete c1cc712bcecd: Pull complete 3db6272dcbfa: Pull complete Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d Status: Downloaded newer image for registry:2 3037303cfc1a23767a128d8c516a64af1e9507427d1292a1cbeb9968cfa88fcf [root@drg ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3037303cfc1a registry:2 "/entrypoint.sh /etc…" 5 seconds ago Up 2 seconds 0.0.0.0:5000->5000/tcp registry ``` ### 2. pull a image and prepare for test ``` [root@drg ~]# docker pull ubuntu:16.04 16.04: Pulling from library/ubuntu 4f53fa4d2cf0: Pull complete 6af7c939e38e: Pull complete 903d0ffd64f6: Pull complete 04feeed388b7: Pull complete Digest: sha256:185fec2d6dbe9165f35e4a1136b4cf09363b328d4f850695393ca191aa1475fd Status: Downloaded newer image for ubuntu:16.04 docker.io/library/ubuntu:16.04 ``` ### 3. tag image for localhost ``` [root@drg ~]# docker tag ubuntu:16.04 localhost:5000/my-ubuntu ``` ### 4. list image, verify already tagged ``` [root@drg ~]# docker image list REPOSITORY TAG IMAGE ID CREATED SIZE ubuntu 16.04 096efd74bb89 6 days ago 127MB localhost:5000/my-ubuntu latest 096efd74bb89 6 days ago 127MB registry 2 2d4f4b5309b1 3 months ago 26.2MB ``` ### 5. push image to local ``` [root@drg ~]# docker push localhost:5000/my-ubuntu The push refers to repository [localhost:5000/my-ubuntu] e27729ee6e59: Pushed c4d7b15878d0: Pushed 06859de2f3e3: Pushed f577d0e0bf70: Pushed latest: digest: sha256:168b1eb205e49339b2c23b6160ea1d60155b5a715025323c56f089f7f854d054 size: 1150 ``` ## if you wanna use CA File for registry, and share to everyone at local. ### 1. mkdir drg# mkdir -p /certs ### 2. mkdir ca file drg# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /certs/ca.key -x509 -days 3650 -out /certs/ca.crt ### 3. create registry with ca file drg# docker run -d -p 5000:5000 --restart=always --name registry -v /certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ca.crt -e REGISTRY_HTTP_TLS_KEY=/certs/ca.key registry ### 4. modify non-registry docker daemon with drg server info non-registry# vim /etc/docker/daemon.json ``` { "insecure-registries" : ["drg:5000"] } ``` :::warning drg is registry server. non-registry need this, not registry. ::: ### 5. make ca directory within docker certs directory non-registry# mkdir -p /etc/docker/certs.d/drg:5000/ ### 6. copy drg ca file and place at your directory non-registry# scp drg:/certs/ca.crt /etc/docker/certs.d/drg\:5000/ :::info non-registry require ca file ::: ### 7. restart non-registry VM non-registry# systemctl restart docker ## push image to drg ### image list ``` [root@non-registry ~]# docker image list REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.122.40:5000/test latest d1df39331564 19 hours ago 855 MB 192.168.122.50:5000/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB docker.io/ubuntu 16.04 096efd74bb89 7 days ago 127 MB localhost:5000/ubuntu 16.04 096efd74bb89 7 days ago 127 MB docker.io/fossology/fossology latest 0baaa1e0031e 5 weeks ago 645 MB docker.io/registry 2 2d4f4b5309b1 3 months ago 26.2 MB docker.io/registry latest 2d4f4b5309b1 3 months ago 26.2 MB docker.io/konradkleine/docker-registry-frontend v2 60d4b91e68fa 2 years ago 266 MB docker.io/samopenstack/docker-whale latest 7902382e8f33 4 years ago 256 MB ``` ### tag target image ``` [root@non-registry ~]# docker tag d1df39331564 drg:5000/docker-jenkins-python-slave ``` ### check image already tagged ``` [root@non-registry ~]# docker image list REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.122.40:5000/test latest d1df39331564 19 hours ago 855 MB 192.168.122.50:5000/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB drg:5000/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB localhost:5000/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB test/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB 192.168.122.40:5000/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB localhost:5000/ubuntu 16.04 096efd74bb89 7 days ago 127 MB docker.io/ubuntu 16.04 096efd74bb89 7 days ago 127 MB docker.io/fossology/fossology latest 0baaa1e0031e 5 weeks ago 645 MB docker.io/registry 2 2d4f4b5309b1 3 months ago 26.2 MB docker.io/registry latest 2d4f4b5309b1 3 months ago 26.2 MB docker.io/konradkleine/docker-registry-frontend v2 60d4b91e68fa 2 years ago 266 MB ``` ### push image to registry server ``` [root@non-registry ~]# docker push drg:5000/docker-jenkins-python-slave The push refers to a repository [drg:5000/docker-jenkins-python-slave] 9657bc492d31: Pushed a3d2c44ed683: Pushed 440171327fc4: Pushed c9ae4cc1abe8: Pushed 1a3da476bbad: Pushed c1f9e1759502: Pushed 2307b53c3b8a: Pushed 23545765a58a: Pushed aa284d8587e6: Pushed 99464ee00543: Pushed c466392054c6: Pushed e27729ee6e59: Pushed c4d7b15878d0: Pushed 06859de2f3e3: Pushed f577d0e0bf70: Pushed latest: digest: sha256:a7141d4694524a5d543d70481bd755f63ceb4b412ab70eb5cb278fdd71e869fa size: 3460 [root@non-registry ~]# docker image list REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.122.40:5000/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB 192.168.122.40:5000/test latest d1df39331564 19 hours ago 855 MB 192.168.122.50:5000/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB drg:5000/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB localhost:5000/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB test/docker-jenkins-python-slave latest d1df39331564 19 hours ago 855 MB localhost:5000/ubuntu 16.04 096efd74bb89 7 days ago 127 MB docker.io/ubuntu 16.04 096efd74bb89 7 days ago 127 MB docker.io/fossology/fossology latest 0baaa1e0031e 5 weeks ago 645 MB docker.io/registry 2 2d4f4b5309b1 3 months ago 26.2 MB docker.io/registry latest 2d4f4b5309b1 3 months ago 26.2 MB docker.io/konradkleine/docker-registry-frontend v2 60d4b91e68fa 2 years ago 266 MB ``` ## reference 1. http://n.sfs.tw/content/index/14643?noframe=true 2. https://docs.docker.com/registry/deploying/#considerations-for-air-gapped-registries 3. https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-setup-docker-private-registry-on-centos-7-ubuntu-16-04.html