Build Private Cloud with OpenStack Kolla-ansible Step by Step Guide 1.0 -Part 3 Prepare Docker Registry
Index
Part 3 Prepare Docker Registry
Part 5-Ceph Cluster Troubleshooting
Part 6-Deploy Openstack with Kolla-ansible
Part 7-Openstack Cluster Post Installation
Setup local registry on openstack-staging machine
We’re using private subnet, so we have to setup private registry on staging machine in order for other nodes to featch image.
Generate docker config.yml file
docker run -it --rm --entrypoint cat registry:2.6 /etc/docker/registry/config.yml > config.yml
Add proxy remoteurl: https://registry-1.docker.io into the config file
root@openstack-staging:/home/kevin# cat config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://registry-1.docker.io
username: your-account
password: 0ae16c72-fdc5-4715-936d-abcdefghijk01
run docker registry proxy
docker run -d --restart=always -p 4000:5000 --name docker-registry-proxy -v `pwd`/config.yml:/etc/docker/registry/config.yml registry:2.6
lastly, we need “registry-mirrors”: [“http://<your-registry-url>:4000"] in the docker client machine, so that when client pull images it will go through proxy, client pull directly not with local registry prefix.
root@ems-la4-compute21:~# cat /etc/docker/daemon.json
{
"bridge": "none",
"insecure-registries": [
"<your-registry-url>:4000"
],
"ip-forward": false,
"registry-mirrors": ["http://<your-registry-url>:4000"],
"iptables": false,
"log-opts": {
"max-file": "5",
"max-size": "50m"
}
}
If you see some errors here like “registry: received unexpected HTTP status: 500 Internal Server Error”
The solution is to change/add the following to config.yml on the registry server:
validation:
disabled: true
or Simply run registry:2.6 instead of registry:2. Seems this validation error has been introduced somewhere in 2.7.
Login docker on each nodes
Because we’re using insecure connections, we need setup our docker configuration file on each node
cat > /etc/docker/daemon.json <<EOF
{
"bridge": "none",
"insecure-registries": [
"192.168.0.9:4000"
],
"ip-forward": false,
"registry-mirrors": ["http://<your-registry-url>:4000"],
"iptables": false,
"log-opts": {
"max-file": "5",
"max-size": "50m"
}
}
EOF
restart docker service and login into local registry
root@openstack-controller02:~# systemctl restart docker
root@openstack-controller02:~# docker login 192.168.0.9:4000
Username: test (can be anything but not empty)
Password: test (can be anything but not empty)
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
Now, we have complete docker registry setup.