Managing containers in private automation hub
Administrator workflows and processes for configuring private automation hub container registry and repositories.
Abstract
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Managing your private automation hub container registry
Manage container image repositories in your {PlatfomNameShort} infrastructure using the automation hub container registry. Automation hub provides features to govern who can access individual container repositories, change tags on images, view activity and image layers, and provide additional information related to each container repository.
1.1. Container registries
The automation hub container registry is used for storing and managing container images. Once you have built or sourced a container image, you can push that container image to the registry portion of private automation hub to create a container repository.
1.2. Next steps
- Push a container image to the automation hub container registry.
- Create a group with access to the container repository in the registry.
- Add the new group to the container repository.
- Add a README to the container repository to provide users with information and relevant links.
Chapter 2. Configuring user access for container repositories in private automation hub
Configure user access for container repositories in your private automation hub to provide permissions that determine who can access and manage images in your Ansible Automation Platform.
2.1. Prerequisites
- You can create groups and assign permissions in private automation hub.
2.2. Container registry group permissions
User access provides granular controls to how users can interact with containers managed in private automation hub. Use the list of permissions below to create groups with the right privileges for your container registries.
Table 2.1. List of group permissions used to manage containers in private automation hub
Permission name | Description |
---|---|
Create new containers | Users can create new containers |
Change container namespace permissions | Users can change permissions on the container repository |
Change container | Users can change information on a container |
Change image tags | Users can modify image tags |
Pull private containers | Users can pull images from a private container |
Push to existing container | Users can push an image to an existing container |
View private containers | Users can view containers marked as private |
2.3. Creating a new group
You can create and assign permissions to a group in Automation Hub that enables users to access specified features in the system. By default, there is an admins group in Automation Hub that has all permissions assigned and is available on initial login with credentials created when installing Automation Hub.
Prerequisites
- You have groups permissions and can create and manage group configuration and access in Automation Hub.
Procedure
- Log in to your local Automation Hub.
- Navigate to User Access → Groups.
- Click Create.
- Provide a Name and click Create.
You can now assign permissions and add users on the new group edit page.
2.4. Assigning permissions to groups
You can assign permissions to groups in Automation Hub that enable users to access specific features in the system. By default, new groups do not have any assigned permissions. You can add permissions upon initial group creation or edit an existing group to add or remove permissions
Prerequisites
- You have Change group permissions and can edit group permissions in Automation Hub.
Procedure
- Log in to your local Automation Hub.
- Navigate to User Access → Groups.
- Click on a group name.
- Select the Permissions tab, then click Edit.
- Click in the field for each permission type and select permissions that appear in the list.
- Click Save when finished assigning permissions.
The group can now access features in Automation Hub associated the their assigned permissions.
Additional resources
- See Container registry group permissions to learn more about specific permissions.
2.5. Adding users to groups
You can add users to groups when creating a group or manually add users to existing groups. This section describes how to add users to an existing group.
Prerequisites
- You have groups permissions and can create and manage group configuration and access in Automation Hub.
Procedure
- Log in to Automation Hub
- Navigate to User Access → Groups.
- Click on a Group name.
- Navigate to the Users tab, then click Add.
- Select users to add from the list and click Add.
You have now added the users you selected to the group. These users now have permissions to use Automation Hub assigned to the group.
Chapter 3. Populating your private automation hub container registry
By default, private automation hub does not include container images. To populate your container registry, you need to push a container image to it. The procedures in this section describe how to pull images from the Red Hat Ecosystem Catalog (registry.redhat.io), tag them, and push them to your private automation hub container registry.
3.1. Prerequisites
- You have permissions to create new containers and push containers to private automation hub.
3.2. Obtaining images for use in automation hub
Before you can push container images to your private automation hub, you must first pull them from an existing registry and tag them for use. This example details how to pull an image from the Red Hat Ecosystem Catalog (registry.redhat.io).
Prerequisites
- You have permissions to pull images from registry.redhat.io
Procedure
Log in to Podman using your registry.redhat.io credentials:
$ podman login registry.redhat.io
- Enter your username and password at the prompts.
Pull a container image:
$ podman pull registry.redhat.io/<container_image_name>:<tag>
Verification
List the images in local storage:
$ podman images
- Verify that the image you recently pulled is contained in the list.
- Verify that the tag is correct.
Additional resources
- See Red Hat Ecosystem Catalog Help for information on registering and getting images.
3.3. Tagging images for use in automation hub
After you pull images from a registry, tag them for use in your private automation hub container registry.
Prerequisites
- You have pulled a container image from an external registry.
Procedure
Tag a local image with the automation hub container repository
$ podman tag registry.redhat.io/<container_image_name>:<tag> <automation_hub_URL>/<container_image_name>
Verification
List the images in local storage:
$ podman images
- Verify that the image you recently tagged with your automation hub information is contained in the list.
3.4. Pushing a container image to private automation hub
You can push tagged container images to private automation hub to create new containers and populate the container registry.
Prerequisites
- You have permissions to create new containers.
- You have the FQDN or IP address of the automation hub instance.
Procedure
Log in to Podman using your automation hub location and credentials:
$ podman login -u=<username> -p=<password> <automation_hub_url>
Push your container image to your automation hub container registry:
$ podman push <automation_hub_url>/<container_image_name> --remove-signatures
NoteThe
--remove-signatures
flag is required when signed images from registry.redhat.io are pushed to the automation hub container registry. Thepush
operation re-compresses image layers during the upload, which is not guaranteed to be reproducible and is client implementation dependent. This may lead to image-layer digest changes and a failed push operation, resulting inError: Copying this image requires changing layer representation, which is not possible (image is signed or the destination specifies a digest)
.
Verification
- Log in to your automation hub.
- Navigate to Container Registry.
- Locate the container in the container repository list.
Chapter 4. Setting up your container repository
You can setup your container repository to add a description, include a README, add groups who can access the repository, and tag images.
4.1. Prerequisites
- You have permissions to change the repository.
4.2. Adding a README to your container repository
Add a README to your container repository to provide instructions to your users for how to work with the container. Automation hub container repositories support Markdown for creating a README. By default, the README will be empty.
Prerequisites
- You have permissions to change containers.
Procedure
- Navigate to Execution Environments.
- Select your container repository.
- On the Detail tab, click Add.
- In the Raw Markdown text field, enter your README text in Markdown.
- Click Save when finished.
Once you add a README, you can edit it at any time by clicking Edit and repeating steps 4 and 5.
4.3. Providing access to your container repository
Provide access to your container repository to users who need to work the images. Adding a group allows you to modify the permissions the group can have to the container repository. You can use this option to extend or restrict permissions based on what the group is assigned.
Prerequisites
- You have change container namespace permissions.
Procedure
- Navigate to Execution Environments.
- Select your container repository.
- Click Edit at the top right of your window.
Under Groups with access, select a group or groups to grant access to.
- Optional: Add or remove permissions for a specific group using the drop down under that group name.
- Click Save.
4.4. Tagging container images
Tag images to add an additional name to images stored in your automation hub container repository. If no tag is added to an image, automation hub defaults to latest
for the name.
Prerequisites
- You have change image tags permissions.
Procedure
- Navigate to Execution Environments.
- Select your container repository.
- Click the Images tab.
- Click , then click Manage tags.
Add a new tag in the text field and click Add.
- Optional: Remove current tags by clicking the x on any of the tags for that image.
- Click Save.
Verification
- Click the Activity tab and review the latest changes.
Chapter 5. Pulling images from a container repository
Pull images from the automation hub container registry to make a copy to your local machine. Automation hub provides the podman pull
command for each latest
image in the container repository. You can copy and paste this command into your terminal, or use podman pull
to copy an image based on an image tag.
5.1. Prerequisites
- You can view and pull from private containers.
5.2. Pulling an image
You can pull images from the automation hub container registry to make a copy to your local machine. Automation hub provides the podman pull
command for each latest
image in the container repository.
Prerequisites
- You can view and pull images from a private container.
Procedure
- Navigate to Execution Environments.
- Select your container repository.
- In the Pull this image entry, click Copy to clipboard.
- Paste and run the command in your terminal.
Verification
-
Run
podman images
to view images on your local machine.
5.3. Additional resources
- See the Podman documentation for options to use when pulling images.