User Tools

Site Tools



This is a VM in RHEV that is a caching mirror for We were being rate-limited by (

I was originally going to create an Ansible playbook to set this up but it was easy enough it wasn't worth the time.

Setup Commands

## On reesi001
ceph auth add client.containers mds 'allow rw path=/containers' mon 'allow r' osd 'allow rw pool=data'
ceph auth get client.containers
# Copy the key output

## On
wget -q -O- '' | sudo apt-key add -
apt update
apt install ceph-common
mkdir /lrc
echo ",,    /lrc/           ceph    name=containers,secretfile=/etc/ceph/secret,_netdev 0 2" >> /etc/fstab
echo "KEY_FROM_REESI001" > /etc/ceph/secret 
mount -a
apt install
docker run -it --rm --entrypoint cat registry:2 /etc/docker/registry/config.yml > /lrc/config.yml
# Used example from

# Then used parts of
mkdir /lrc/certs
openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /lrc/certs/domain.key -x509 -out /lrc/certs/domain.crt

docker run -d --restart=always -p 5000:5000 --name registry-mirror -e REGISTRY_HTTP_TLS_CERTIFICATE=/var/lib/registry/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/var/lib/registry/certs/domain.key -v /lrc:/var/lib/registry registry:2 /var/lib/registry/config.yml

Super simple.

Using the mirror

# Example using grafana
podman pull --tls-verify=false
services/docker-mirror.txt · Last modified: 2020/11/18 14:21 by djgalloway