Chapter 2. Getting started with Red Hat Quay

The Red Hat Quay registry can be deployed for non-production purposes on a single machine (either physical or virtual) with the following specifications.

2.1. Prerequisites

  • Red Hat Enterprise Linux (RHEL): Obtain the latest Red Hat Enterprise Linux 8 server media from the Downloads page and follow the installation instructions available in the Product Documentation for Red Hat Enterprise Linux 8.
  • Valid Red Hat Subscription: Configure a valid Red Hat Enterprise Linux 8 server subscription.
  • CPUs: Two or more virtual CPUs
  • RAM: 4GB or more
  • Disk space: The required disk space depends on the storage needs for the registry. Approximately 30GB of disk space should be enough for a test system, broken down as follows:

    • At least 10GB of disk space for the operating system (Red Hat Enterprise Linux Server).
    • At least 10GB of disk space for docker storage (to run 3 containers)
    • At least 10GB of disk space for Quay local storage (CEPH or other local storage might require more memory)

More information on sizing can be found at Quay 3.x Sizing Guidlines.

2.1.1. Using podman

This document uses podman for creating and deploying containers. If you do not have podman installed on your system, you should be able to use the equivalent docker commands. For more information on podman and related technologies, see Building, running, and managing Linux containers on Red Hat Enterprise Linux 8.

2.2. Configuring the RHEL server

2.2.1. Install and register Red Hat Enterprise Linux server

Install the latest RHEL 8 server. You can do a minimal install (shell access only) or Server plus GUI (if you want a desktop). Register and subscribe your RHEL server system as described in How to register and subscribe a system…​. The following commands register your system and list available subscriptions. Choose an available RHEL server subscription, attach to its pool ID and upgrade to the latest software:


# subscription-manager register --username=<user_name> --password=<password>
# subscription-manager refresh
# subscription-manager list --available
# subscription-manager attach --pool=<pool_id>
# yum update -y

2.2.2. Installing podman

Install podman, if it is not already present on your system:

$ sudo yum install -y podman

Alternatively, you can install the container-tools module, which pulls in the full set of container software packages:

$ sudo yum module install -y container-tools

2.2.3. Registry authentication

Set up authentication to, so that you can pull the quay container, as described in Red Hat Container Registry Authentication. Note that this differs from earlier Red Hat Quay releases where the images were hosted on

For example, you can log in to the registry:

$ sudo podman login
Username: <username>
Password: <password>

2.2.4. Firewall configuration

If you have a firewall running on your system, to access the Red Hat Quay config tool (port 8443) and application (ports 8080 and 443) outside of the local system, run the following commands (add --zone=<yourzone> for each command to open ports on a particular zone):

# firewall-cmd --permanent --add-port=8443/tcp
# firewall-cmd --permanent --add-port=8080/tcp
# firewall-cmd --permanent --add-port=443/tcp
# firewall-cmd --reload

2.2.5. IP addressing and naming services

There are a number of ways to configure the component containers in Red Hat Quay so that they can talk to each other:

  • Using the IP addresses for the containers: You can determine the IP address for containers with podman inspect and then use these values in the configuration tool when specifying the connection strings, for example:

    $ sudo podman inspect -f "{{.NetworkSettings.IPAddress}}" postgresql-quay

    This approach is susceptible to host restarts, as the IP addresses for the containers will change after a reboot.

  • Using a naming service: If you want your deployment to survive container restarts, which typically result in changed IP addresses, you can implement a naming service. For example, the dnsname plugin is used to allow containers to resolve each other by name.
  • Using the host network: You can use the podman run command with the --net=host option and then use container ports on the host when specifying the addresses in the configuration. This option is susceptible to port conflicts when two containers want to use the same port, and as a result it is not recommended.
  • Configuring port mapping: You can use port mappings to expose ports on the host and then use these ports in combination with the host IP address or host name.

This document uses port mapping in the subsequent examples, and assumes a static IP address for your host system. In this example, quay-server has the IP address

$ cat /etc/hosts
...   quay-server
ComponentPort mappingAddress


-p 8080:8080


Postgres for Quay

-p 5432:5432



-p 6379:6379


Postgres for Clair V4

-p 5433:5432


Clair V4

-p 8081:8080


2.3. Configuring the database

Quay requires a database for storing metadata and Postgres is recommended, especially for highly available configurations. Alternatively, you can use MySQL with a similar approach to configuration as described below for Postgres.

2.3.1. Setting up Postgres

In this proof-of-concept scenario, you will use a directory on the local file system to persist database data.

  • In the installation folder, denoted here by the variable $QUAY, create a directory for the database data and set the permissions appropriately:

    $ mkdir -p $QUAY/postgres-quay
    $ setfacl -m u:26:-wx $QUAY/postgres-quay
  • Use podman to run the Postgres container, specifying the username, password, database name and port, together with the volume definition for database data:

    $ sudo podman run -d --rm --name postgresql-quay \
      -e POSTGRESQL_USER=quayuser \
      -e POSTGRESQL_PASSWORD=quaypass \
      -e POSTGRESQL_ADMIN_PASSWORD=adminpass \
      -p 5432:5432 \
      -v $QUAY/postgres-quay:/var/lib/pgsql/data:Z \
  • Ensure that the Postgres pg_trgm module is installed, as it is required by Quay:

    $ sudo podman exec -it postgresql-quay /bin/bash -c 'echo "CREATE EXTENSION IF NOT EXISTS pg_trgm" | psql -d quay -U postgres'

2.4. Configuring Redis

Redis ia a key-value store, used by Quay for live builder logs and the Red Hat Quay tutorial.

2.4.1. Setting up Redis

Use podman to run the Redis container, specifying the port and password:

$ sudo podman run -d --rm --name redis \
  -p 6379:6379 \
  -e REDIS_PASSWORD=strongpassword \

2.5. Configuring Red Hat Quay

Before running the Red Hat Quay service, you need to generate a configuration file containing details of all the components, including registry settings, and database and Redis connection parameters. To generate the configuration file, you run the quay container in config mode, specifying a password (in this instance, secret) for the quayconfig user:

$ sudo podman run --rm -it --name quay_config -p 8080:8080 config secret

Use your browser to access the user interface for the configuration tool at http://quay-server:8080 (assuming you have configured the quay-server hostname in your hosts file). Login with the username quayconfig and password secret (or whatever value you specified in the podman run command above).

2.5.1. Red Hat Quay setup

In the configuration editor, you enter details for the following:

  • Basic configuration
  • Server configuration
  • Database
  • Redis Basic configuration

In the basic configuration setting, complete the registry title and the registry short title fields (or you can use the default values, if they are specified). Server configuration

Specify the HTTP host and port, for the location where the registry will be accessible on the network, in this instance, quay-server:8080. Database

In the database section, specify connection details for the database that Red Hat Quay uses to store metadata. If you have followed the instructions in this document for deploying a proof-of-concept system, the following values would be entered:

  • Database Type: Postgres
  • Database Server: quay-server:5432
  • Username: quayuser
  • Password: quaypass
  • Database Name: quay Redis

The Redis key-value store is used to store real-time events and build logs. If you have followed the instructions in this document for deploying a proof-of-concept system, the following values would be specified:

  • Redis Hostname: quay-server
  • Redis port: 6379 (default)

2.5.2. Validate and download configuration

When all required fields have been set, validate your settings by choosing the Validate Configuration Changes button. If any errors are reported, continue editing your configuration until all required fields are valid and Red Hat Quay can connect to your database and Redis servers.

Once your configuration is valid, download the configuration file and then stop the quay container that is running the configuration editor.

2.6. Deploying Red Hat Quay

2.6.1. Prerequisites

  • Your Quay database and Redis servers are running.
  • You have generated a valid configuration bundle.
  • You have stopped the Quay container that you used to run the configuration editor.

2.6.2. Prepare config folder

Unpack the configuration bundle so that Quay can use it, for example:

$ mkdir $QUAY/config
$ cp ~/Downloads/quay-config.tar.gz $QUAY/config
$ cd $QUAY/config
$ tar xvf quay-config.tar.gz

2.6.3. Prepare local storage for image data

In this proof-of-concept deployment, use the local file system to store the registry images:

$ mkdir $QUAY/storage
$ setfacl -m u:1001:-wx $QUAY/storage

2.6.4. Deploy the Red Hat Quay registry

Use podman to run the quay container, specifying the appropriate volumes for your configuration data and local storage for image data:

$ sudo podman run -d --rm -p 8080:8080  \
   --name=quay \
   -v $QUAY/config:/conf/stack:Z \
   -v $QUAY/storage:/datastorage:Z \

2.7. Using Red Hat Quay

Use your browser to access the user interface for the Red Hat Quay registry at quay-server:8080 (assuming you have configured the quay-server hostname in your hosts file). Select 'Create User' and add a user, for example, quayadmin with a password password.

You can now use the user interface to create new organizations and repositories, and to search and browse existing repositories. Alternatively, you can use the command line interface to interact with the registry and to pull and push images.

From the command line, log in to the registry:

$ sudo podman login --tls-verify=false quay-server:8080
Username: quayadmin
Login Succeeded!

2.7.1. Push and pull images

To test pushing and pulling images from the Red Hat Quay registry, first pull a sample image from an external registry:

$ sudo podman pull busybox
Trying to pull
Getting image source signatures
Copying blob 4c892f00285e done
Copying config 22667f5368 done
Writing manifest to image destination
Storing signatures

Use the podman images command to see the local copy:

$ sudo podman images
REPOSITORY                          TAG      IMAGE ID       CREATED         SIZE           latest   22667f53682a   14 hours ago    1.45 MB

Tag this image, in preparation for pushing it to the Red Hat Quay registry:

$ sudo podman tag quay-server:8080/quayadmin/busybox:test

Now push the image to the Red Hat Quay registry:

$ sudo podman push --tls-verify=false quay-server:8080/quayadmin/busybox:test
Getting image source signatures
Copying blob 6b245f040973 done
Copying config 22667f5368 done
Writing manifest to image destination
Storing signatures

At this point, you can use your browser to see the tagged image in your repository. To test access to the image from the command line, first delete the local copy of the image:

$ sudo podman rmi quay-server:8080/quayadmin/busybox:test
Untagged: quay-server:8080/quayadmin/busybox:test

Now pull the image again, this time from your Red Hat Quay registry:

$ sudo podman pull --tls-verify=false quay-server:8080/quayadmin/busybox:test
Trying to pull quay-server:8080/quayadmin/busybox:test...
Getting image source signatures
Copying blob 6ef22a7134ba [--------------------------------------] 0.0b / 0.0b
Copying config 22667f5368 done
Writing manifest to image destination
Storing signatures