How To Setup Docker Private Registry on CentOS 7/RHEL 7?

Looking for Setting up Docker Private Registry on CentOS 7/RHEL 7?

Docker Private Registry?

Docker is one of the most emerging technology in today worlds. It is based on container and images. Images in docker are stored in repository which are used for creation of containers.

Well docker provide a public repository for storing our docker images knows as Docker Hub. You may push your images to docker hub for free, but the problem is, anything you upload is also public. And trust me as an origination or as private project developer you don’t want this to happen. So, Docker Private Registry comes in picture.

This article will guide you to set up and secure your own private Docker registry locally without using a docker image

Learn to setup Docker Private Registry without an docker container image. You may use this register to push or pull your own images.

Scenario:

192.168.56.101 push.kapendra.local push
192.168.56.102 pull.kapendra.local pull
192.168.56.104 registry.kapendra.local registry
Note: Firewalld service is down with SELinux disabled

All three servers have pre-install docker and running. If you don’t have docker service running, then visit my docker series

Let’s start

Step 1: Create Host Entry

To make Our push and pull node communicate with docker registry server, we need to create an entry in /etc/hosts file

[root@registry ~]# vim /etc/hosts
192.168.56.101 push.kapendra.local push
192.168.56.102 pull.kapendra.local pull
192.168.56.104 registry.kapendra.local registry

Save this using :wq command

This step in only requited if your host machine can’t resolve hostname. In production this may not be required as record will get resolved through DNS server.

Note : Make this entry on all three nodes

Step 2: Install appropriate repository

To get the docker-distribution package you need to install epel repository or docker-ce repository. For this article I am using epel repo

[root@registry ~]# yum -y update
[root@registry ~]# yum install epel-release
[root@registry ~]# yum clean all

Note : Run these commands on all three nodes

Step 3: Check for docker service.

To setup docker private registry , it very important to have a running docker service on that host. I suggest you check this service on all three. nodes

[root@registry ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-10-06 16:48:44 IST; 11s ago

Note : Run this command on all three nodes

now rest of the command will need to run on registry node.

Step 4: Install Docker Registry

If you have CentOS 7.4 or above, then this package is available in epel repository. As told earlier I am using epel.

[root@registry ~]# yum -y install docker-distribution

Step 5: Setup Docker registry

Default registry file is /etc/docker-distribution/registry/config.yml. You may change the root directory or port if you need to change.

[root@registry ~]# vim /etc/docker-distribution/registry/config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
    cache:
        layerinfo: inmemory
    filesystem:
        rootdirectory: /var/lib/registry
http:
    addr: :5000

From the default configuration file:

  • /var/lib/registry – location to store docker images, so make sure you make this partition on lvm and big one partition.
  • Port 5000 – bind port for registry service.

Step 6: Allow port 5000 in firewalld (optional)

This step is optional if you have SELinux enabled. I would suggest disable it else use this method

[root@registry ~]# firewall-cmd --add-port=5000/tcp --permanent
[root@registry ~]# firewall-cmd --reload

Step 7: Enable and start docker registry service

Now start the registry service with following command also enable for on boot start and don’t not forget to check the status.

[root@registry ~]# systemctl start docker-distribution
[root@registry ~]# systemctl enable docker-distribution
Created symlink from /etc/systemd/system/multi-user.target.wants/docker-distribution.service to /usr/lib/systemd/system/docker-distribution.service.
[root@registry ~]# systemctl status docker-distribution
● docker-distribution.service - v2 Registry server for Docker
Loaded: loaded (/usr/lib/systemd/system/docker-distribution.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-10-06 18:14:31 IST; 17s ago

Step 8: Add Insecure Registry to Docker Engine

As default docker uses https to connect to docker registry and we are not using any secure method, so we need to add our insecure registry. Follow below steps to add Insecure Registry to Docker Engine

.Note : Run these commands on all three nodes

[root@registry ~]# cat > /etc/docker/daemon.json << EOF
{
"insecure-registries" : ["registry.kapendra.local:5000"]
}
EOF

Then restart Docker engine on three nodes

[root@registry ~]# systemctl restart docker

Test Our Setup

Step 9: Push Images To local registry

Now our docker registry is ready, so we can test it by pushing an image
So, on the push node run the flowing command.

[root@push ~]# docker pull busybox
[root@push ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/busybox latest 59788edf1f3e 3 days ago 1.15 MB

Now tag this image as registry.kapendra.local:5000/busybox:latest.

[root@push ~]# docker tag busybox:latest registry.kapendra.local:5000/busybox:latest
[root@push ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/busybox latest 59788edf1f3e 3 days ago 1.15 MB
registry.kapendra.local:5000/busybox latest 59788edf1f3e 3 days ago 1.15 MB

Push the image to our created docker registry at registry.kapendra.local:5000/busybox:latest

[root@push ~]# docker push registry.kapendra.local:5000/busybox:latest
The push refers to a repository [registry.kapendra.local:5000/busybox]
8a788232037e: Pushed
latest: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527

sha256 hash show that image push was successful.

Note : To check this log on to registry server and see

Pushed images is stored under /var/lib/registry/docker/registry/v2/repositories directory on registry server.

[root@registry ~]# ls /var/lib/registry/docker/registry/v2/repositories/
busybox

Step 10: Pull Images From local registry

Now we have pushed our image to registry server so now we can pull this image on any server . so, let’s use our pull server to pull this image.

[root@pull ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@pull ~]# docker pull registry.kapendra.local:5000/busybox:latest
Trying to pull repository registry.kapendra.local:5000/busybox ...
sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5: Pulling from registry.kapendra.local:5000/busybox
90e01955edcd: Pull complete
Digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5
Status: Downloaded newer image for registry.kapendra.local:5000/busybox:latest

Check for pulled image

[root@pull ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.kapendra.local:5000/busybox latest 59788edf1f3e 3 days ago 1.15 MB

this brings us to the end of the setting up docker registry without https. In next article we will set up a GUI name Portainer for private docker hub registry.