How to create Internal docker registry on Red Hat Satellite 6 using SSL and Non-SSL methods?

Solution Verified - Updated -

Environment

  • Red Hat Satellite 6
  • Red Hat Enterprise Linux 7

Issue

  • How to create Internal docker registry on Red Hat Satellite 6 using SSL and Non-SSL methods?

Resolution

  • Create Docker Product, Docker Repository on Red Hat Satellite 6

    • Create Custom Product and Custom Repository with type as 'docker'

    • Sync docker images from Upstream registry ie- 'registry.access.redhat.com' OR 'https://registry-1.docker.io'

    • This would show Published At URL like 'satellite.example.com:5000/default_organization-docker_product-docker_repo'.
      where satellite.example.com = Satellite Server HostName , default_organization = Organization Name, docker_product = Product Name, docker_repo = Repository Name

    • Once sync is done, Click on Manager Docker Manifests or Manage Docker Images and note the Tag ID.
      Eg:- 6.7-32

  • Building Custom Images using Red Hat Satellite 6 as Docker Registry Server

    • Install docker packages on Red Hat Satellite Server available in rhel-7-server-extras-rpms

    • On Satellite cli, create Dockerfile under any directory and write the sample code as below:-

      # vi Dockerfile
FROM localhost:5000/default_organization-docker_product-docker_repo:6.7-32
RUN touch /usr/local/bin/hello
RUN echo "Hi, Welcome to Docker, World !!!" >> /usr/local/bin/hello
RUN chmod 777 /usr/local/bin/hello

      # docker build -t <IMAGE NAME> .           >>>>>>        Note:- build must be performed where Dockerfile is written.
# docker images

  • On Docker Client.

    # mkdir -p /etc/docker/certs.d/<Satellite registry Server Name>:5000
# scp root@satellite.example.com:/etc/pki/tls/certs/self.crt /etc/docker/certs.d/docker.example.com\:5000/ca.crt   >>>> docker.example.com is RHEL docker client and satellite.example.com is Red Hat Satellite Registry Server.
# systemctl restart docker.

  • On Docker Client, test SSL Registry.

    # docker pull satellite.example.com:5000/<IMAGE>:<TAG ID>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

10 Comments

Log in to comment
AD Community Member 29 points
11 July 2018 1:22 PM

The above document is incomplete. Please provide more detail. When using for a real environment, there are missing steps and details.

DW Community Member 44 points
28 September 2018 3:27 PM

Red hat should include this in the RHEL documentation as this will change for each minor release. For instance, this does not work for RHEL 7.5

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/content_management_guide/managing_ostree_content

CR Active Contributor 178 points
10 December 2018 8:42 AM

Also /etc/sysconfig/docker is no longer valid for registry configuration -> /etc/containers/registries.conf

CD Community Member 24 points
15 January 2019 4:18 PM

About topic: "* On Docker Client." (with SSL)

The following steps worked for me:

  1. mkdir -vp /etc/docker/certs.d/satsix.example.com:5000/

  2. curl -k https://satsix.example.com/pub/katello-server-ca.crt -o /etc/docker/certs.d/satsix.example.com:5000/ca.crt

Check:

docker pull satsix.example.com:5000/myorg-rhcc-rhgs3_rhgs-server-rhel7

docker pull satsix.example.com:5000/myorg-rhcc-rhel7

my Newbie 7 points
23 January 2019 7:13 AM

I did try all above but with no luck, now I get "Error response from daemon: Unexpected status code 404" any help I did add both SSL and insecure in both files /etc/containers/registries.conf and /etc/sysconfig/docker and did try @Cláudio Domingos steps and am still getting the error

CD Community Member 24 points
23 January 2019 4:11 PM

Is not necessary setup /etc/container/registries.conf or /etc/sysconfig/docker.

Ensure only "10.1. Importing Container Images from the Red Hat Container Catalog" is applied, so create new repositories in to Satellite according to instructions "Red Hat Container Catalog" website.

Summary:

  1. Apply topic 10.1 from URL: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/content_management_guide/managing_container_images

  2. Perform steps 3 and 4 from URL: https://access.redhat.com/containers/?tab=images&platform=satellite#/registry.access.redhat.com/rhel7

  3. In client, executes "* On Docker Client." (with SSL), after that, finally:

docker pull satsix.example.com:5000/myorg-rhcc-rhel7

Walid Shaari's picture Guru 1357 points
7 March 2019 6:49 PM

I would like to have in disconnected openshift a way to mirror/cache registry.redhat.io. so, Docker-Distribution does provide pass-through and allows mirroring via the proxy directive, I set this to point upstream to registry.redhat.io, however, setting a node, by configuring daemon.json under /etc/docker to point to the set docker-distribution in the other node, does not work, it returns 404. I would like to see more documentation or tutorial with a full setup that can work for openshift disconnected nodes

DO Red Hat Expert 999 points
18 March 2019 4:33 PM

Unfortunately, the docker-distribution registry server can only proxy/mirror Docker Hub. This caveat can be found in the upstream documentation:

https://docs.docker.com/registry/recipes/mirror/#gotcha

JF Community Member 26 points
29 January 2021 3:44 PM

Can we push image to satellite server 6.8?

JF Community Member 26 points
29 January 2021 3:45 PM

BTW, I applied this article. It works great!