How To Setup Docker Private Registry on CentOS 7/RHEL 7?

Looking for Setting up Docker Private Registry on CentOS 7/RHEL 7?

Docker Private Registry?

Docker is one of the most emerging technology in today worlds. It is based on container and images. Images in docker are stored in repository which are used for creation of containers.

Well docker provide a public repository for storing our docker images knows as Docker Hub. You may push your images to docker hub for free, but the problem is, anything you upload is also public. And trust me as an origination or as private project developer you don’t want this to happen. So, Docker Private Registry comes in picture.

This article will guide you to set up and secure your own private Docker registry locally without using a docker image

Learn to setup Docker Private Registry without an docker container image. You may use this register to push or pull your own images.

Scenario:

192.168.56.101 push.kapendra.local push
192.168.56.102 pull.kapendra.local pull
192.168.56.104 registry.kapendra.local registry
Note: Firewalld service is down with SELinux disabled

All three servers have pre-install docker and running. If you don’t have docker service running, then visit my docker series

Let’s start

Step 1: Create Host Entry

To make Our push and pull node communicate with docker registry server, we need to create an entry in /etc/hosts file

[[email protected] ~]# vim /etc/hosts
192.168.56.101 push.kapendra.local push
192.168.56.102 pull.kapendra.local pull
192.168.56.104 registry.kapendra.local registry

Save this using :wq command

This step in only requited if your host machine can’t resolve hostname. In production this may not be required as record will get resolved through DNS server.

Note : Make this entry on all three nodes

Step 2: Install appropriate repository

To get the docker-distribution package you need to install epel repository or docker-ce repository. For this article I am using epel repo

[[email protected] ~]# yum -y update
[[email protected] ~]# yum install epel-release
[[email protected] ~]# yum clean all

Note : Run these commands on all three nodes

Step 3: Check for docker service.

To setup docker private registry , it very important to have a running docker service on that host. I suggest you check this service on all three. nodes

[[email protected] ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-10-06 16:48:44 IST; 11s ago

Note : Run this command on all three nodes

now rest of the command will need to run on registry node.

Step 4: Install Docker Registry

If you have CentOS 7.4 or above, then this package is available in epel repository. As told earlier I am using epel.

[[email protected] ~]# yum -y install docker-distribution

Step 5: Setup Docker registry

Default registry file is /etc/docker-distribution/registry/config.yml. You may change the root directory or port if you need to change.

[[email protected] ~]# vim /etc/docker-distribution/registry/config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
    cache:
        layerinfo: inmemory
    filesystem:
        rootdirectory: /var/lib/registry
http:
    addr: :5000

From the default configuration file:

  • /var/lib/registry – location to store docker images, so make sure you make this partition on lvm and big one partition.
  • Port 5000 – bind port for registry service.

Step 6: Allow port 5000 in firewalld (optional)

This step is optional if you have SELinux enabled. I would suggest disable it else use this method

[[email protected] ~]# firewall-cmd --add-port=5000/tcp --permanent
[[email protected] ~]# firewall-cmd --reload

Step 7: Enable and start docker registry service

Now start the registry service with following command also enable for on boot start and don’t not forget to check the status.

[[email protected] ~]# systemctl start docker-distribution
[[email protected] ~]# systemctl enable docker-distribution
Created symlink from /etc/systemd/system/multi-user.target.wants/docker-distribution.service to /usr/lib/systemd/system/docker-distribution.service.
[[email protected] ~]# systemctl status docker-distribution
● docker-distribution.service - v2 Registry server for Docker
Loaded: loaded (/usr/lib/systemd/system/docker-distribution.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-10-06 18:14:31 IST; 17s ago

Step 8: Add Insecure Registry to Docker Engine

As default docker uses https to connect to docker registry and we are not using any secure method, so we need to add our insecure registry. Follow below steps to add Insecure Registry to Docker Engine

.Note : Run these commands on all three nodes

[[email protected] ~]# cat > /etc/docker/daemon.json << EOF
{
"insecure-registries" : ["registry.kapendra.local:5000"]
}
EOF

Then restart Docker engine on three nodes

[[email protected] ~]# systemctl restart docker

Test Our Setup

Step 9: Push Images To local registry

Now our docker registry is ready, so we can test it by pushing an image
So, on the push node run the flowing command.

[[email protected] ~]# docker pull busybox
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/busybox latest 59788edf1f3e 3 days ago 1.15 MB

Now tag this image as registry.kapendra.local:5000/busybox:latest.

[[email protected] ~]# docker tag busybox:latest registry.kapendra.local:5000/busybox:latest
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/busybox latest 59788edf1f3e 3 days ago 1.15 MB
registry.kapendra.local:5000/busybox latest 59788edf1f3e 3 days ago 1.15 MB

Push the image to our created docker registry at registry.kapendra.local:5000/busybox:latest

[[email protected] ~]# docker push registry.kapendra.local:5000/busybox:latest
The push refers to a repository [registry.kapendra.local:5000/busybox]
8a788232037e: Pushed
latest: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527

sha256 hash show that image push was successful.

Note : To check this log on to registry server and see

Pushed images is stored under /var/lib/registry/docker/registry/v2/repositories directory on registry server.

[[email protected] ~]# ls /var/lib/registry/docker/registry/v2/repositories/
busybox

Step 10: Pull Images From local registry

Now we have pushed our image to registry server so now we can pull this image on any server . so, let’s use our pull server to pull this image.

[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[[email protected] ~]# docker pull registry.kapendra.local:5000/busybox:latest
Trying to pull repository registry.kapendra.local:5000/busybox ...
sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5: Pulling from registry.kapendra.local:5000/busybox
90e01955edcd: Pull complete
Digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5
Status: Downloaded newer image for registry.kapendra.local:5000/busybox:latest

Check for pulled image

[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.kapendra.local:5000/busybox latest 59788edf1f3e 3 days ago 1.15 MB

this brings us to the end of the setting up docker registry without https. In next article we will set up a GUI name Portainer for private docker hub registry.