[Satellite 6] How to create Internal docker registry on Red Hat Satellite 6 using SSL and Non-SSL methods.

Solution Verified - Updated -

Environment

  • Red Hat Satellite 6
  • Red Hat Enterprise Linux 7

Issue

  • How to create Internal docker registry on Red Hat Satellite 6 using SSL and Non-SSL methods.

Resolution

  • Create Docker Product, Docker Repository on Red Hat Satellite 6
- Create Custom Product and Custom Repository with type as 'docker'
- Sync docker images from Upstream registry ie- 'registry.access.redhat.com' OR 'https://registry-1.docker.io'
- This would show Published At URL like 'satellite.example.com:5000/default_organization-docker_product-docker_repo'.
where satellite.example.com = Satellite Server HostName , default_organization = Organization Name, docker_product = Product Name, docker_repo  = Repository Name
- Once sync is done,  Click on `Manager Docker Manifests` or `Manage Docker Images` and note the Tag ID.
Eg:- 6.7-32
  • Building Custom Images using Red Hat Satellite 6 as Docker Registry Server
- Install docker packages on Red Hat Satellite Server available in `rhel-7-server-extras-rpms`
- On Satellite cli, create Dockerfile under any directory and write the sample code as below:-
vi Dockerfile
FROM localhost:5000/default_organization-docker_product-docker_repo:6.7-32
RUN touch /usr/local/bin/hello
RUN echo "Hi, Welcome to Docker, World !!!" >> /usr/local/bin/hello
RUN chmod 777 /usr/local/bin/hello

- # docker build -t <IMAGE NAME> .           >>>>>>        Note:- build must be performed where Dockerfile is written.
- # docker images
  • On Docker Client.
# mkdir -p /etc/docker/certs.d/<Satellite registry Server Name>:5000
# scp root@satellite.example.com:/etc/pki/tls/certs/self.crt /etc/docker/certs.d/docker.example.com\:5000/ca.crt   >>>> docker.example.com is RHEL docker client and satellite.example.com is Red Hat Satellite Registry Server.
# systemctl restart docker.
  • On Docker Client, test SSL Registry.
# docker pull satellite.example.com:5000/<IMAGE>/<TAG ID>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

8 Comments

The above document is incomplete. Please provide more detail. When using for a real environment, there are missing steps and details.

Red hat should include this in the RHEL documentation as this will change for each minor release. For instance, this does not work for RHEL 7.5

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/content_management_guide/managing_ostree_content

Also /etc/sysconfig/docker is no longer valid for registry configuration -> /etc/containers/registries.conf

About topic: "* On Docker Client." (with SSL)

The following steps worked for me:

  1. mkdir -vp /etc/docker/certs.d/satsix.example.com:5000/

  2. curl -k https://satsix.example.com/pub/katello-server-ca.crt -o /etc/docker/certs.d/satsix.example.com:5000/ca.crt

Check:

docker pull satsix.example.com:5000/myorg-rhcc-rhgs3_rhgs-server-rhel7

docker pull satsix.example.com:5000/myorg-rhcc-rhel7

I did try all above but with no luck, now I get "Error response from daemon: Unexpected status code 404" any help I did add both SSL and insecure in both files /etc/containers/registries.conf and /etc/sysconfig/docker and did try @Cláudio Domingos steps and am still getting the error

Is not necessary setup /etc/container/registries.conf or /etc/sysconfig/docker.

Ensure only "10.1. Importing Container Images from the Red Hat Container Catalog" is applied, so create new repositories in to Satellite according to instructions "Red Hat Container Catalog" website.

Summary:

  1. Apply topic 10.1 from URL: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/content_management_guide/managing_container_images

  2. Perform steps 3 and 4 from URL: https://access.redhat.com/containers/?tab=images&platform=satellite#/registry.access.redhat.com/rhel7

  3. In client, executes "* On Docker Client." (with SSL), after that, finally:

docker pull satsix.example.com:5000/myorg-rhcc-rhel7

I would like to have in disconnected openshift a way to mirror/cache registry.redhat.io. so, Docker-Distribution does provide pass-through and allows mirroring via the proxy directive, I set this to point upstream to registry.redhat.io, however, setting a node, by configuring daemon.json under /etc/docker to point to the set docker-distribution in the other node, does not work, it returns 404. I would like to see more documentation or tutorial with a full setup that can work for openshift disconnected nodes

Unfortunately, the docker-distribution registry server can only proxy/mirror Docker Hub. This caveat can be found in the upstream documentation:

https://docs.docker.com/registry/recipes/mirror/#gotcha