Skip to content

Configuration files and systemd units to configure and run the registry image

License

Notifications You must be signed in to change notification settings

openSUSE/container-registry-systemd

Repository files navigation

Run your own private registry

This repository contains everything to run the openSUSE container registry image on a systemd based Linux distribution, preferable openSUSE MicroOS or openSUSE Kubic.

Quick Installation

Setup Script

Run setup-container-registry to setup a registry with token based authentication. Other options e.g. without any authentication are possible, too. If necessary, this script will create self signed certificates and install them locally.

Start Registry

systemctl start container-registry will pull and start the registry. systemctl status container-registry should show a successful running registry and a command like reg ls localhost should be able to connect to it. Now the registry can be used.

Advanced Setup

Certificate

Since https is used to communicate with the registry by tools like docker, podman and cri-o, certificates are required to start the registry. An official certificate should be preferable requested, but a self signed should work for the start, too. The certificate needs to be stored in /etc/registry/certs as registry.crt and registry.key. Different names are possible, but in this case, /usr/etc/registry/config.yml needs to be copied to /etc/registry and adjusted. The directory /etc/registry/certs cannot be changed, else the container with the registry cannot access the certificates anymore. With an official certificate it is not necessary to distribute the public CA key to all machines.

Self Signed Certificates

The script create-container-registry-certs creates self signed certificates for the registry in /etc/registry/certs. It takes as arguments the names under which the registry should be reachable. If no argument is given, "localhost" and the local hostname are used. The script makes the CA certificate known to the local system. On every machine which should connect to this private registry, the file /etc/registry/certs/ContainerRegistryCA.crt needs to be copied to /etc/pki/trust/anchors/ContainerRegistryCA.pem and update-ca-certificates needs to be called.

Configuration File

The configuration file for the container registry can be found at /usr/etc/registry/config.yml. If changes should be made, the file needs to be copied to /etc/registry/config.yml. In this case, the administrator is responsible to merge distribution made changes in /usr/etc/registry/config.yml. The registry needs to be restarted so that the changes can take effect. More information about the registry configuration can be found here.

Container default config file

The files /usr/etc/default/container-registry and /etc/default/container-registry are read by the systemd service and contains variables to run the registry container. The first file contains the distribution defaults, the second file is optional and contains the changes done by the system administrator.

  • REGISTRY_IMAGE_PATH describes where the container registry image can be found.
  • EXTERNAL_PORT defines the port, under which the registry is reacheable.
  • STOARGE_DIR defines the directory, where the images are stored.

Pull-through cache

Adjust the configuration file /etc/registry/config.yml and add the following lines to it:

proxy:
  remoteurl: https://registry.opensuse.org

This will configure the registry to act as a pull-through cache.

About

Configuration files and systemd units to configure and run the registry image

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages