Sepia Lab Wiki

User Tools

Site Tools

Trace:
services:docker-mirror

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
services:docker-mirror [2020/11/18 14:21]
djgalloway 		services:docker-mirror [2021/01/20 15:48]
djgalloway [Setup Commands]
Line 28: Line 28:
 # Then used parts of https://​medium.com/​@ifeanyiigili/​how-to-setup-a-private-docker-registry-with-a-self-sign-certificate-43a7407a1613 # Then used parts of https://​medium.com/​@ifeanyiigili/​how-to-setup-a-private-docker-registry-with-a-self-sign-certificate-43a7407a1613
 mkdir /lrc/certs mkdir /lrc/certs
-openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /​lrc/​certs/​domain.key -x509 -out /​lrc/​certs/​domain.crt+openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /​lrc/​certs/​domain.key -x509 -days 3650 -addext "​subjectAltName = DNS:​docker-mirror.front.sepia.ceph.com" ​-out /​lrc/​certs/​domain.crt
  
 docker run -d --restart=always -p 5000:5000 --name registry-mirror -e REGISTRY_HTTP_TLS_CERTIFICATE=/​var/​lib/​registry/​certs/​domain.crt -e REGISTRY_HTTP_TLS_KEY=/​var/​lib/​registry/​certs/​domain.key -v /​lrc:/​var/​lib/​registry registry:2 /​var/​lib/​registry/​config.yml docker run -d --restart=always -p 5000:5000 --name registry-mirror -e REGISTRY_HTTP_TLS_CERTIFICATE=/​var/​lib/​registry/​certs/​domain.crt -e REGISTRY_HTTP_TLS_KEY=/​var/​lib/​registry/​certs/​domain.key -v /​lrc:/​var/​lib/​registry registry:2 /​var/​lib/​registry/​config.yml
Line 39: Line 39:
 # Example using grafana # Example using grafana
 podman pull --tls-verify=false docker-mirror.front.sepia.ceph.com:​5000/​grafana/​grafana podman pull --tls-verify=false docker-mirror.front.sepia.ceph.com:​5000/​grafana/​grafana
 +</​code>​
 +
 +Or you can also now just run the [[https://​github.com/​ceph/​ceph-cm-ansible/​tree/​master/​roles/​container-host|container-host role]] which will configure ''​podman''​ and/or ''​docker''​ to use our mirror for docker.io.
 +
 +===== Admin Tasks =====
 +==== Renewing the SSL certiciate ====
 +The first time I created the cert, I accidentally left the date out so the cert was only good for a month. ​ The second cert is good for 5 years.
 +
 +  - ''​%%root@docker-mirror:​~#​ openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /​lrc/​certs/​domain.key -x509 -days 3650 -out /​lrc/​certs/​domain.crt%%''​
 +  - Copy the contents of ''/​lrc/​certs/​domain.crt''​ and update ''​container_mirror_cert''​ in https://​github.com/​ceph/​ceph-sepia-secrets/​blob/​master/​ansible/​inventory/​group_vars/​all.yml
 +  - Run ''​ansible-playbook container-host.yml''​ against the appropriate hosts.
 +  - ''​%%root@docker-mirror:​~#​ docker stop registry-mirror;​ docker rm registry-mirror;​ docker run -d --restart=always -p 5000:5000 --name registry-mirror -e REGISTRY_HTTP_TLS_CERTIFICATE=/​var/​lib/​registry/​certs/​domain.crt -e REGISTRY_HTTP_TLS_KEY=/​var/​lib/​registry/​certs/​domain.key -v /​lrc:/​var/​lib/​registry registry:2 /​var/​lib/​registry/​config.yml;​ docker logs -f registry-mirror%%''​
 +
 +===== Other Notes =====
 +The mirror logs in to dockerhub using my personal API key.  I just have a personal account but docker-mirror was getting rate-limited when anonymous.
 +
 +<​code>​
 +root@docker-mirror:​~#​ cat /​lrc/​config.yml ​
 +version: 0.1
 +log:
 +  fields:
 +    service: registry
 +storage:
 +  cache:
 +    blobdescriptor:​ inmemory
 +  filesystem:
 +    rootdirectory:​ /​var/​lib/​registry
 +http:
 +  addr: :5000
 +  headers:
 +    X-Content-Type-Options:​ [nosniff]
 +health:
 +   ​storagedriver:​
 +    enabled: true
 +    interval: 10s
 +    threshold: 3
 +proxy:
 +  remoteurl: https://​registry-1.docker.io
 +  username: XXXXX
 +  password: XXXXX
 </​code>​ </​code>​
services/docker-mirror.txt ยท Last modified: 2021/01/20 15:50 by djgalloway

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki