User Tools

Site Tools


services:docker-mirror

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
services:docker-mirror [2020/11/12 00:37]
djgalloway [Setup Commands]
services:docker-mirror [2020/12/14 17:50]
djgalloway [Other Notes]
Line 4: Line 4:
  
 I was originally going to create an Ansible playbook to set this up but it was easy enough it wasn't worth the time. I was originally going to create an Ansible playbook to set this up but it was easy enough it wasn't worth the time.
 +
 +https://​docs.docker.com/​registry/​recipes/​mirror/​
  
 ===== Setup Commands ===== ===== Setup Commands =====
Line 37: Line 39:
 # Example using grafana # Example using grafana
 podman pull --tls-verify=false docker-mirror.front.sepia.ceph.com:​5000/​grafana/​grafana podman pull --tls-verify=false docker-mirror.front.sepia.ceph.com:​5000/​grafana/​grafana
 +</​code>​
 +
 +Or you can also now just run the [[https://​github.com/​ceph/​ceph-cm-ansible/​tree/​master/​roles/​container-host|container-host role]] which will configure ''​podman''​ and/or ''​docker''​ to use our mirror for docker.io.
 +
 +===== Admin Tasks =====
 +==== Renewing the SSL certiciate ====
 +The first time I created the cert, I accidentally left the date out so the cert was only good for a month. ​ The second cert is good for 5 years.
 +
 +  - ''​%%root@docker-mirror:​~#​ openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /​lrc/​certs/​domain.key -x509 -days 3650 -out /​lrc/​certs/​domain.crt%%''​
 +  - Copy the contents of ''/​lrc/​certs/​domain.crt''​ and update ''​container_mirror_cert''​ in https://​github.com/​ceph/​ceph-sepia-secrets/​blob/​master/​ansible/​inventory/​group_vars/​all.yml
 +  - Run ''​ansible-playbook container-host.yml''​ against the appropriate hosts.
 +  - ''​%%root@docker-mirror:​~#​ docker stop registry-mirror;​ docker rm registry-mirror;​ docker run -d --restart=always -p 5000:5000 --name registry-mirror -e REGISTRY_HTTP_TLS_CERTIFICATE=/​var/​lib/​registry/​certs/​domain.crt -e REGISTRY_HTTP_TLS_KEY=/​var/​lib/​registry/​certs/​domain.key -v /​lrc:/​var/​lib/​registry registry:2 /​var/​lib/​registry/​config.yml;​ docker logs -f registry-mirror%%''​
 +
 +===== Other Notes =====
 +The mirror logs in to dockerhub using my personal API key.  I just have a personal account but docker-mirror was getting rate-limited when anonymous.
 +
 +<​code>​
 +root@docker-mirror:​~#​ cat /​lrc/​config.yml ​
 +version: 0.1
 +log:
 +  fields:
 +    service: registry
 +storage:
 +  cache:
 +    blobdescriptor:​ inmemory
 +  filesystem:
 +    rootdirectory:​ /​var/​lib/​registry
 +http:
 +  addr: :5000
 +  headers:
 +    X-Content-Type-Options:​ [nosniff]
 +health:
 +   ​storagedriver:​
 +    enabled: true
 +    interval: 10s
 +    threshold: 3
 +proxy:
 +  remoteurl: https://​registry-1.docker.io
 +  username: XXXXX
 +  password: XXXXX
 </​code>​ </​code>​
services/docker-mirror.txt ยท Last modified: 2021/01/20 15:50 by djgalloway