Contact Us
How To Setup Docker Private Registry on CentOS 7/RHEL 7?
Looking for Setting up Docker Private Registry on CentOS 7/RHEL 7?
Docker Private Registry?
Docker is one of the most emerging technology in today worlds. It is based on container and images. Images in docker are stored in repository which are used for creation of containers.
Well docker provide a public repository for storing our docker images knows as Docker Hub. You may push your images to docker hub for free, but the problem is, anything you upload is also public. And trust me as an origination or as private project developer you don’t want this to happen. So, Docker Private Registry comes in picture.
This article will guide you to set up and secure your own private Docker registry locally without using a docker image
Learn to setup Docker Private Registry without an docker container image. You may use this register to push or pull your own images.
Scenario:
192.168.56.101 push.kapendra.local push
192.168.56.102 pull.kapendra.local pull
192.168.56.104 registry.kapendra.local registry
Note: Firewalld service is down with SELinux disabled
All three servers have pre-install docker and running. If you don’t have docker service running, then visit my docker series
Let’s start
Step 1: Create Host Entry
To make Our push and pull node communicate with docker registry server, we need to create an entry in /etc/hosts file
[root@registry ~]# vim /etc/hosts 192.168.56.101 push.kapendra.local push 192.168.56.102 pull.kapendra.local pull 192.168.56.104 registry.kapendra.local registry
Save this using :wq command
This step in only requited if your host machine can’t resolve hostname. In production this may not be required as record will get resolved through DNS server.
Note : Make this entry on all three nodes
Step 2: Install appropriate repository
To get the docker-distribution package you need to install epel repository or docker-ce repository. For this article I am using epel repo
[root@registry ~]# yum -y update [root@registry ~]# yum install epel-release [root@registry ~]# yum clean all
Note : Run these commands on all three nodes
Step 3: Check for docker service.
To setup docker private registry , it very important to have a running docker service on that host. I suggest you check this service on all three. nodes
[root@registry ~]# systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2018-10-06 16:48:44 IST; 11s ago
Note : Run this command on all three nodes
now rest of the command will need to run on registry node.
Step 4: Install Docker Registry
If you have CentOS 7.4 or above, then this package is available in epel repository. As told earlier I am using epel.
[root@registry ~]# yum -y install docker-distribution
Step 5: Setup Docker registry
Default registry file is /etc/docker-distribution/registry/config.yml. You may change the root directory or port if you need to change.
[root@registry ~]# vim /etc/docker-distribution/registry/config.yml version: 0.1 log: fields: service: registry storage: cache: layerinfo: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000
From the default configuration file:
- /var/lib/registry – location to store docker images, so make sure you make this partition on lvm and big one partition.
- Port 5000 – bind port for registry service.
Step 6: Allow port 5000 in firewalld (optional)
This step is optional if you have SELinux enabled. I would suggest disable it else use this method
[root@registry ~]# firewall-cmd --add-port=5000/tcp --permanent [root@registry ~]# firewall-cmd --reload
Step 7: Enable and start docker registry service
Now start the registry service with following command also enable for on boot start and don’t not forget to check the status.
[root@registry ~]# systemctl start docker-distribution [root@registry ~]# systemctl enable docker-distribution Created symlink from /etc/systemd/system/multi-user.target.wants/docker-distribution.service to /usr/lib/systemd/system/docker-distribution.service. [root@registry ~]# systemctl status docker-distribution ● docker-distribution.service - v2 Registry server for Docker Loaded: loaded (/usr/lib/systemd/system/docker-distribution.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2018-10-06 18:14:31 IST; 17s ago
Step 8: Add Insecure Registry to Docker Engine
As default docker uses https to connect to docker registry and we are not using any secure method, so we need to add our insecure registry. Follow below steps to add Insecure Registry to Docker Engine
.Note : Run these commands on all three nodes
[root@registry ~]# cat > /etc/docker/daemon.json << EOF { "insecure-registries" : ["registry.kapendra.local:5000"] } EOF
Then restart Docker engine on three nodes
[root@registry ~]# systemctl restart docker
Test Our Setup
Step 9: Push Images To local registry
Now our docker registry is ready, so we can test it by pushing an image
So, on the push node run the flowing command.
[root@push ~]# docker pull busybox [root@push ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/busybox latest 59788edf1f3e 3 days ago 1.15 MB
Now tag this image as registry.kapendra.local:5000/busybox:latest.
[root@push ~]# docker tag busybox:latest registry.kapendra.local:5000/busybox:latest [root@push ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/busybox latest 59788edf1f3e 3 days ago 1.15 MB registry.kapendra.local:5000/busybox latest 59788edf1f3e 3 days ago 1.15 MB
Push the image to our created docker registry at registry.kapendra.local:5000/busybox:latest
[root@push ~]# docker push registry.kapendra.local:5000/busybox:latest The push refers to a repository [registry.kapendra.local:5000/busybox] 8a788232037e: Pushed latest: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527
sha256 hash show that image push was successful.
Note : To check this log on to registry server and see
Pushed images is stored under /var/lib/registry/docker/registry/v2/repositories directory on registry server.
[root@registry ~]# ls /var/lib/registry/docker/registry/v2/repositories/ busybox
Step 10: Pull Images From local registry
Now we have pushed our image to registry server so now we can pull this image on any server . so, let’s use our pull server to pull this image.
[root@pull ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE [root@pull ~]# docker pull registry.kapendra.local:5000/busybox:latest Trying to pull repository registry.kapendra.local:5000/busybox ... sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5: Pulling from registry.kapendra.local:5000/busybox 90e01955edcd: Pull complete Digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 Status: Downloaded newer image for registry.kapendra.local:5000/busybox:latest
Check for pulled image
[root@pull ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.kapendra.local:5000/busybox latest 59788edf1f3e 3 days ago 1.15 MB
this brings us to the end of the setting up docker registry without https. In next article we will set up a GUI name Portainer for private docker hub registry.