Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This documentation is for CSC's private Docker registry for EDEN service and is based on the instructions:  https://hub.docker.com/_/registry/

 

# Update the host's (Centos 7) repos 
sudo yum update

1. Setting up storage 

# Create thin pool from LVM (40GB available, apprx. 30 GB allocated)
# with the next steps: 1) create the lvm device, 2) create the physical volume, 3) create the logical volumes, 4) convert the volumes to a thin-pool
fdisk -c -u /dev/sdb
In fdisk issue the following commands
n p 1 for first and last cylinder press enter, then enter (8e=LVM) t 8e w pvcreate /dev/sdb1

...

lvconvert --type thin-pool --poolmetadata docker-vg/docker-poolmeta docker-vg/docker-pool

 

Info
titleMore about LVM

https://forums.docker.com/t/docker-storage-config-on-centos-7-1/3164
http://10sa.com/sql_stories/?p=1025
https://github.com/projectatomic/adb-atomic-developer-bundle/pull/73

...

2. Installing Docker Daemon

# Add user docker to group docker
useradd -g docker docker
# Create /etc/sysconfig/docker file and add to the file:
OPTIONS="--storage-driver=devicemapper --storage-opt dm.fs=xfs --storage-opt dm.thinpooldev=/dev/mapper/docker--vg-docker--pool --storage-opt dm.use_deferred_deletion=true --storage-opt dm.use_deferred_removal=true"

# Create a /etc/systemd/system/docker.service -file and copy the contents of
# /usr/lib/systemd/system/docker.service into it in order to override the rpm-mainainted systemd unit file.
# Then mod the /etc-dir's docker.service-file by adding 1) EnvironmentFile-row and 2) OPTIONS-attribute:

 

Code Block
Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
EnvironmentFile=-/etc/sysconfig/docker
Type=notify
ExecStart=/usr/bin/docker daemon -H fd:// $OPTIONS
LimitNOFILE=1048576
LimitNPROC=1048576
TaskMax=1048576
[Install]
WantedBy=multi-user.target

 

# Check that docker uses Devicemapper thin pool! 
# If not, it initialises the Docker setup with loopback device.
# In this very case, run
# rm /var/lib/docker -rvf
# and reboot + verify Docker setup! 

3. Installing Docker Registry

# Copy the certificate to /etc/pki/tls/certs and the key to /etc/pki/tls/private
# Then concatenate the Digicert intermediary cert to the host cert!
# (example: cat /home/krhaapal/certs/reg_eden_csc_fi.pem /home/krhaapal/certs/DigiCertCA2.pem > reg.eden.csc.fi.crt)
docker run --entrypoint htpasswd registry:2.3.0 -Bbn USERNAMEHERE PASSWDHERE > htpasswd
# Create an ENV-file for the certificate at /opt/docker-registry/reg.env and fill it with the following data:
REGISTRY_HTTP_SECRET=SomePseudoRandomString
REGISTRY_HTTP_TLS_CERTIFICATE=/etc/ssl/certs/reg_eden_csc_fi_crt
REGISTRY_HTTP_TLS_KEY=/etc/ssl/private/reg.exam.csc.fi.key
REGISTRY_AUTH=htpasswd
REGISTRY_AUTH_HTPASSWD_PATH=/opt/docker-registry/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm

...

# NOTE: execute the following to generate a pseudo-random string for

...

 the REGISTRY_HTTP_

...

SECRET option above:
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 32
# Now you can try dry-running the Registry. 
# DO MAKE SURE YOU FIRST EDIT THE FOLLOWING COMMAND based on the cert paths!
# For readability the command has been split on several rows: remove the carriage returns before running.

...

systemctl daemon-reload
# Start registry service
systemctl start docker-registry.service
# Check that Registry service is started
systemctl status docker-registry.service -l

 

# It should give you something like this one (example):
Code Block
● docker-registry.service - Docker Registry Container Engine
   Loaded: loaded (/etc/systemd/system/docker-registry.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2016-02-24 13:52:36 EET; 11min ago
     Docs: https://docs.docker.com
 Main PID: 26558 (docker)
   CGroup: /system.slice/docker-registry.service
           └─26558 /usr/bin/docker run --name eden-reg -p 443:5000 --env-file /opt/docker-registry/reg.env -v /opt/docker-registry/htpasswd:/opt/docker-registry/htpasswd -v /etc/pki/tls/certs/:/etc/ssl/certs -v /etc/pki/tls/private/:/etc/ssl/private registry:2.3.0
Feb 24 13:52:36 reg.eden.csc.fi systemd[1]: Started Docker Registry Container Engine.
Feb 24 13:52:36 reg.eden.csc.fi systemd[1]: Starting Docker Registry Container Engine...
Feb 24 13:52:38 reg.eden.csc.fi docker[26558]: time="2016-02-24T11:52:38Z" level=info msg="redis not configured" go.version=go1.5.3 instance.id=3ae8c66f-7bfc-4834-849b-f3449b212649 version=v2.3.0
Feb 24 13:52:38 reg.eden.csc.fi docker[26558]: time="2016-02-24T11:52:38Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.3 instance.id=3ae8c66f-7bfc-4834-849b-f3449b212649 version=v2.3.0
Feb 24 13:52:38 reg.eden.csc.fi docker[26558]: time="2016-02-24T11:52:38Z" level=info msg="listening on [::]:5000, tls" go.version=go1.5.3 instance.id=3ae8c66f-7bfc-4834-849b-f3449b212649 version=v2.3.0
Feb 24 13:52:38 reg.eden.csc.fi docker[26558]: time="2016-02-24T11:52:38Z" level=info msg="Starting upload purge in 57m0s" go.version=go1.5.3 instance.id=3ae8c66f-7bfc-4834-849b-f3449b212649 version=v2.3.0