Docker Remote Registry
Continuing the blog series on my trysts with docker, in this installment we will look into the details of how to set up a docker remote registry. Hope now you have an idea on how to get Docker up and running , if not go ahead and read the first part of my blog series here
Now that we have docker engine up and running, and few containers spinned up in it we might very well think about a centralized docker image repository. Of course we have Docker hub, and you could save your images there. But what if you want to have a bit more privacy and would like to save all your hard work in house?That is where Docker remote registry comes in handy.
Docker remote registry can be set up in a local machine for centralized storage of docker images. You can pull and push images just like you do in Docker hub.It allows centralized collaboration of people working on docker containers in your firm. For eg: a developer working on a project can save the current status of his container as an image and push it to the remote registry . His fellow team mate could download the image and spin up and container and continue the work. This is just one of the use cases, the functionality is somewhat similar to an SVN repository. However, one major drawback I noticed was the lack of a search/list functionality.
Here is how you can set it up:
Server side configuration:
To start with, you will need a certificate for connecting to the remote registry. Lets create one using openssl in the machine where you plan to set up your docker remote registry:
mkdir -p certs && openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout /certs/domain.key \
-x509 -days 365 -out /certs/domain.crt
This command will create a domain.key and domain.crt file and store it in /certs . The domain.crt file is required for the client side configuration
During the certificate creation process, it would ask for a domain name. You can give the name as your server hostname or any other name that you find suitable. For this example , lets assume that the name is "dockerregistry.com" . If you have a DNS in your network dockeregistry.com should point to the IP of the machine where the registry is hosted, so that docker engines can connect to it. Otherwise you will have to create an entry in the hostfile pointing dockerregistry.com to your registry server IP.
Docker registry in this case will be running from within a docker container. To get it up and running, use the following command:
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
This command will download the registry image and run it as a docker container exposing registry at port 5000 of the host. You can check the status by running the "docker ps" command
Client side configuration:
To clarify the terminology, client means the docker engine which will connect to the docker remote registry.If you want to connect to the docker remote registry from another machine that has docker engine installed, some prerequisite configurations should be in place.
Remember the domain.crt file we created using ssl during the server side configuration? You need to copy it over to the client machine to the following location: /etc/docker/certs.d/dockerregistry.com:5000/ca.crt
Note: You will have to create the certs.d and the dockerregistry.com sub folders at /etc/docker , it will not be present by default
Restart the docker engine and we are good to go!!
Now lets see how we can use the remote registry to store your images.First, lets start with pulling an image from the docker hub
docker pull ubuntu
You could very well create an image of your own from a container that you are working on using the commit command. For eg:
docker commit <container name> <new-image-name>
for eg: docker commit ubuntuvm ubuntu-image
Please note that the images that you create using the process is stored locally and is accessible only from your local docker engine. It will be listed once you run the "docker images" command locally. However once you commit it to registry, it can be pulled by other docker engines in your network.
In the next step, lets tag the image that we created using commit or pulled from docker hub
docker tag ubuntu myregistrydomain.com:5000/ubuntu-reg
Push the image to the registry, and we are done!!
docker push myregistrydomain.com:5000/ubuntu-reg
Now if you want to pull the docker image from another docker engine in your network, you could do that using the following command provided the domain.crt file is copied over to the machine.
docker pull myregistrydomain.com:5000/ubuntu-reg