両方とも前のリビジョン 前のリビジョン 次のリビジョン | 前のリビジョン最新のリビジョン両方とも次のリビジョン |
linux:podman:simple-container-registry [2024/03/21 07:44] – [レジストリ構築] ともやん | linux:podman:simple-container-registry [2024/03/21 09:31] – [レジストリ構築] ともやん |
---|
<font color="#FF8700"><b>$</b></font> <font color="#26A269"><u style="text-decoration-style:single">sudo</u></font> <font color="#26A269">openssl</font> req <font color="#A347BA">-newkey</font> rsa:4096 <font color="#A347BA">-nodes</font> <font color="#A347BA">-sha256</font> <font color="#A347BA">-keyout</font> <u style="text-decoration-style:single">/var/lib/registry/certs/domain.key</u> \ | <font color="#FF8700"><b>$</b></font> <font color="#26A269"><u style="text-decoration-style:single">sudo</u></font> <font color="#26A269">openssl</font> req <font color="#A347BA">-newkey</font> rsa:4096 <font color="#A347BA">-nodes</font> <font color="#A347BA">-sha256</font> <font color="#A347BA">-keyout</font> <u style="text-decoration-style:single">/var/lib/registry/certs/domain.key</u> \ |
<font color="#A347BA">-x509</font> <font color="#A347BA">-days</font> 365 <font color="#A347BA">-out</font> <u style="text-decoration-style:single">/var/lib/registry/certs/domain.crt</u> \ | <font color="#A347BA">-x509</font> <font color="#A347BA">-days</font> 365 <font color="#A347BA">-out</font> <u style="text-decoration-style:single">/var/lib/registry/certs/domain.crt</u> \ |
<font color="#A347BA">-subj</font> <font color="#A2734C">"/CN=wicked-beat,wicked-beat.fireball.local"</font> \ | <font color="#A347BA">-subj</font> <font color="#A2734C">"/CN=localhost,wicked-beat,wicked-beat.fireball.local"</font> \ |
<font color="#A347BA">-addext</font> <font color="#A2734C">"subjectAltName=DNS:wicked-beat,DNS:wicked-beat.fireball.local"</font> | <font color="#A347BA">-addext</font> <font color="#A2734C">"subjectAltName=DNS:localhost,DNS:wicked-beat,DNS:wicked-beat.fireball.local"</font> |
</pre></html></WRAP> | </pre></html></WRAP> |
<WRAP color_result><html><pre>..+..........+..+......+.+.........+...........+......+....+.....+.........+.+++++++++++++++++++++++++++++++++++++++++++++*......+.+..+.......+......+..+...+....+..................+..+...+.+.........+..+.........+....+...+..+.+....................+.+......+..+.......+...........+...+.+.....+......+++++++++++++++++++++++++++++++++++++++++++++*...+............+...+++++ | <WRAP color_result><html><pre>..+..........+..+......+.+.........+...........+......+....+.....+.........+.+++++++++++++++++++++++++++++++++++++++++++++*......+.+..+.......+......+..+...+....+..................+..+...+.+.........+..+.........+....+...+..+.+....................+.+......+..+.......+...........+...+.+.....+......+++++++++++++++++++++++++++++++++++++++++++++*...+............+...+++++ |
26:86:56:c8:1a:fa:0c:32:13:7b:87:54:10:de:66:12:98:f5:b6:28 | 26:86:56:c8:1a:fa:0c:32:13:7b:87:54:10:de:66:12:98:f5:b6:28 |
Signature Algorithm: sha256WithRSAEncryption | Signature Algorithm: sha256WithRSAEncryption |
Issuer: CN = "wicked-beat,wicked-beat.fireball.local" | Issuer: CN = "localhost,wicked-beat,wicked-beat.fireball.local" |
Validity | Validity |
Not Before: Mar 20 20:16:18 2024 GMT | Not Before: Mar 20 20:16:18 2024 GMT |
Not After : Mar 20 20:16:18 2025 GMT | Not After : Mar 20 20:16:18 2025 GMT |
Subject: CN = "wicked-beat,wicked-beat.fireball.local" | Subject: CN = "localhost,wicked-beat,wicked-beat.fireball.local" |
Subject Public Key Info: | Subject Public Key Info: |
Public Key Algorithm: rsaEncryption | Public Key Algorithm: rsaEncryption |
CA:TRUE | CA:TRUE |
<b class=DiYE>X509v3 Subject Alternative Name: | <b class=DiYE>X509v3 Subject Alternative Name: |
DNS:wicked-beat, DNS:wicked-beat.fireball.local</b> | DNS:localhost, DNS:wicked-beat, DNS:wicked-beat.fireball.local</b> |
Signature Algorithm: sha256WithRSAEncryption | Signature Algorithm: sha256WithRSAEncryption |
Signature Value: | Signature Value: |
</pre></html></WRAP> | </pre></html></WRAP> |
<WRAP color_result><html><pre> | <WRAP color_result><html><pre> |
label: <font color="#C01C28"><b>wicked-beat</b></font>,<font color="#C01C28"><b>wicked-beat</b></font>.fireball.local | label: localhost,<font color="#C01C28"><b>wicked-beat</b></font>,<font color="#C01C28"><b>wicked-beat</b></font>.fireball.local |
</pre></html></WRAP> | </pre></html></WRAP> |
</WRAP> | </WRAP> |
</WRAP> | </WRAP> |
| |
===== レジストリの起動 ===== | ===== レジストリの起動/停止 ===== |
| レジストリの起動🤔\\ |
<WRAP color_term> | <WRAP color_term> |
<WRAP color_command><html><pre> | <WRAP color_command><html><pre> |
<font color="#FF8700"><b>$</b></font> <font color="#26A269"><u style="text-decoration-style:single">sudo</u></font> <font color="#26A269">podman</font> run <font color="#A347BA">-d</font> <font color="#A347BA">--restart</font> always <font color="#A347BA">--name</font> registry \ | <font color="#FF8700"><b>$</b></font> <font color="#26A269"><u style="text-decoration-style:single">sudo</u></font> <font color="#26A269">podman</font> run <font color="#A347BA">-d</font> <font color="#A347BA">--restart</font> always <font color="#A347BA">--name</font> registry \ |
<font color="#A347BA">-p</font> 5000:5000 \ | <font color="#A347BA">-p</font> 5000:5000 \ |
<font color="#A347BA">-v</font> /var/lib/registry/data:/var/lib/registry:z \ | <font color="#A347BA">-v</font> /var/lib/registry/data:/var/lib/registry:z \ |
<font color="#A347BA">-v</font> /var/lib/registry/auth:/auth:z \ | <font color="#A347BA">-v</font> /var/lib/registry/auth:/auth:z \ |
<font color="#A347BA">-e</font> <font color="#A2734C">"REGISTRY_AUTH=htpasswd"</font> \ | <font color="#A347BA">-e</font> <font color="#A2734C">'REGISTRY_AUTH=htpasswd'</font> \ |
<font color="#A347BA">-e</font> <font color="#A2734C">"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"</font> \ | <font color="#A347BA">-e</font> <font color="#A2734C">'REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm'</font> \ |
<font color="#A347BA">-e</font> REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ | <font color="#A347BA">-e</font> REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ |
<font color="#A347BA">-v</font> /var/lib/registry/certs:/certs:z \ | <font color="#A347BA">-v</font> /var/lib/registry/certs:/certs:z \ |
<font color="#A347BA">-e</font> <font color="#A2734C">"REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt"</font> \ | <font color="#A347BA">-e</font> <font color="#A2734C">'REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt'</font> \ |
<font color="#A347BA">-e</font> <font color="#A2734C">"REGISTRY_HTTP_TLS_KEY=/certs/domain.key"</font> \ | <font color="#A347BA">-e</font> <font color="#A2734C">'REGISTRY_HTTP_TLS_KEY=/certs/domain.key'</font> \ |
<font color="#A347BA">-e</font> REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED=true \ | <font color="#A347BA">-e</font> REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED=true \ |
| <font color="#A347BA">-e</font> REGISTRY_STORAGE_DELETE_ENABLED=true \ |
docker.io/library/registry:2.8.3 | docker.io/library/registry:2.8.3 |
</pre></html></WRAP> | </pre></html></WRAP> |
</WRAP> | </WRAP> |
[[https://hub.docker.com/_/registry/tags|registry Tags | Docker Hub]] で最新バージョンを確認できる🤔\\ | [[https://hub.docker.com/_/registry/tags|registry Tags | Docker Hub]] で最新バージョンを確認できる🤔\\ |
| |
| レジストリを停止する場合...🤔\\ |
| <WRAP color_term> |
| <WRAP color_command><html><pre> |
| <font color="#FF8700"><b>$</b></font> <font color="#26A269"><u style="text-decoration-style:single">sudo</u></font> <font color="#26A269">sh</font> <font color="#A347BA">-c</font> <font color="#A2734C">'podman stop registry && podman rm registry'</font> |
| </pre></html></WRAP> |
| </WRAP> |
| |
レジストリへのアクセス確認🤔\\ | レジストリへのアクセス確認🤔\\ |
Enter host password for user 'tomoyan': | Enter host password for user 'tomoyan': |
{"repositories":[]} | {"repositories":[]} |
| </pre></html></WRAP> |
| <WRAP color_result><html><pre> |
| registry |
| registry |
</pre></html></WRAP> | </pre></html></WRAP> |
</WRAP> | </WRAP> |
</WRAP> | </WRAP> |
| |
| プッシュする🤔\\ |
| <WRAP color_term> |
| <WRAP color_command><html><pre> |
| <font color="#FF8700"><b>$</b></font> <font color="#26A269">podman</font> push localhost/haruo_podman:0.01 wicked-beat:5000/haruo_podman:v0.01 |
| </pre></html></WRAP> |
| <WRAP color_result><html><pre> |
| Getting image source signatures |
| Copying blob 10650e391d43 done | |
| Copying blob aacbd0b4169c done | |
| Copying blob 80f811a7d4fe done | |
| Copying blob 53f86715cdba done | |
| Copying blob eb2eb8ccdc68 done | |
| Copying config f291a9bf30 done | |
| Writing manifest to image destination |
| </pre></html></WRAP> |
| </WRAP> |
| |
| プッシュされた内容を確認する🤔\\ |
| <WRAP color_term> |
| <WRAP color_command><html><pre> |
| <font color="#FF8700"><b>$</b></font> <font color="#26A269">podman</font> search wicked-beat:5000/ |
| </pre></html></WRAP> |
| <WRAP color_result><html><pre> |
| NAME DESCRIPTION |
| wicked-beat:5000/haruo_podman |
| </pre></html></WRAP> |
| </WRAP> |
| |
| 削除してみる🤔\\ |
| <WRAP color_term> |
| <WRAP color_command><html><pre> |
| <font color="#FF8700"><b>$</b></font> <font color="#26A269">skopeo</font> <font color="#A347BA">--debug</font> delete docker://wicked-beat:5000/haruo_podman:v0.01 |
| </pre></html></WRAP> |
| <WRAP color_result><html><pre> |
| <font color="#D0CFCC">DEBU</font>[0000] Using registries.d directory /etc/containers/registries.d |
| <font color="#D0CFCC">DEBU</font>[0000] Loading registries configuration "/etc/containers/registries.conf" |
| <font color="#D0CFCC">DEBU</font>[0000] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf" |
| <font color="#D0CFCC">DEBU</font>[0000] Found credentials for wicked-beat:5000/haruo_podman in credential helper containers-auth.json in file /run/user/1000/containers/auth.json |
| <font color="#D0CFCC">DEBU</font>[0000] No signature storage configuration found for wicked-beat:5000/haruo_podman:v0.01, using built-in default file:///home/tomoyan/.local/share/containers/sigstore |
| <font color="#D0CFCC">DEBU</font>[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/wicked-beat:5000 |
| <font color="#D0CFCC">DEBU</font>[0000] GET https://wicked-beat:5000/v2/ |
| <font color="#D0CFCC">DEBU</font>[0000] Ping https://wicked-beat:5000/v2/ status 401 |
| <font color="#D0CFCC">DEBU</font>[0000] GET https://wicked-beat:5000/v2/haruo_podman/manifests/v0.01 |
| <font color="#D0CFCC">DEBU</font>[0000] DELETE https://wicked-beat:5000/v2/haruo_podman/manifests/sha256:f652ef85a8862285775a01c6dd279c35debd0b581c41e209875c3ab1d3ceacd7 |
| <font color="#D0CFCC">DEBU</font>[0000] Deleting /home/tomoyan/.local/share/containers/sigstore/haruo_podman@sha256=f652ef85a8862285775a01c6dd279c35debd0b581c41e209875c3ab1d3ceacd7/signature-1 |
| </pre></html></WRAP> |
| </WRAP> |
| |
| 削除しても消えないが、配布には使える🤪\\ |
| <WRAP color_term> |
| <WRAP color_command><html><pre> |
| <font color="#FF8700"><b>$</b></font> <font color="#26A269">podman</font> search wicked-beat:5000/ |
| </pre></html></WRAP> |
| <WRAP color_result><html><pre> |
| NAME DESCRIPTION |
| wicked-beat:5000/haruo_podman |
| </pre></html></WRAP> |
| </WRAP> |
| |
| プッシュしたら二度と消せない🤪\\ |
| コンテナ起動時に REGISTRY_STORAGE_DELETE_ENABLED=true も指定してるし、docker v2 API で DELETE も実行している🤔\\ |
| <WRAP color_term> |
| <WRAP color_command><html><pre> |
| <font color="#FF8700"><b>$</b></font> <font color="#26A269">skopeo</font> <font color="#A347BA">--debug</font> delete docker://wicked-beat:5000/haruo_podman:v0.01 |
| </pre></html></WRAP> |
| <WRAP color_result><html><pre> |
| <font color="#D0CFCC">DEBU</font>[0000] Using registries.d directory /etc/containers/registries.d |
| <font color="#D0CFCC">DEBU</font>[0000] Loading registries configuration "/etc/containers/registries.conf" |
| <font color="#D0CFCC">DEBU</font>[0000] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf" |
| <font color="#D0CFCC">DEBU</font>[0000] Found credentials for wicked-beat:5000/haruo_podman in credential helper containers-auth.json in file /run/user/1000/containers/auth.json |
| <font color="#D0CFCC">DEBU</font>[0000] No signature storage configuration found for wicked-beat:5000/haruo_podman:v0.01, using built-in default file:///home/tomoyan/.local/share/containers/sigstore |
| <font color="#D0CFCC">DEBU</font>[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/wicked-beat:5000 |
| <font color="#D0CFCC">DEBU</font>[0000] GET https://wicked-beat:5000/v2/ |
| <font color="#D0CFCC">DEBU</font>[0000] Ping https://wicked-beat:5000/v2/ status 401 |
| <font color="#D0CFCC">DEBU</font>[0000] GET https://wicked-beat:5000/v2/haruo_podman/manifests/v0.01 |
| <font color="#C01C28">FATA</font>[0000] Unable to delete wicked-beat:5000/haruo_podman:v0.01. Image may not exist or is not stored with a v2 Schema in a v2 registry |
| </pre></html></WRAP> |
| </WRAP> |
| |
===== 参考文献 ===== | ===== 参考文献 ===== |
[[https://www.redhat.com/sysadmin/simple-container-registry|How to implement a simple personal/private Linux container image registry for internal use | Enable Sysadmin]] [[gtr>https://www.redhat.com/sysadmin/simple-container-registry|翻訳]]\\ | [[https://www.redhat.com/sysadmin/simple-container-registry|How to implement a simple personal/private Linux container image registry for internal use | Enable Sysadmin]] [[gtr>https://www.redhat.com/sysadmin/simple-container-registry|翻訳]]\\ |
[[https://thenewstack.io/tutorial-host-a-local-podman-image-registry/|Tutorial: Host a Local Podman Image Registry - The New Stack]] [[gtr>https://thenewstack.io/tutorial-host-a-local-podman-image-registry/|翻訳]]\\ | [[https://thenewstack.io/tutorial-host-a-local-podman-image-registry/|Tutorial: Host a Local Podman Image Registry - The New Stack]] [[gtr>https://thenewstack.io/tutorial-host-a-local-podman-image-registry/|翻訳]]\\ |
| |
| [[git>quay/quay|quay/quay: Build, Store, and Distribute your Applications and Containers]]\\ |
| [[https://github.com/quay/quay/blob/master/docs/quick-local-deployment.md|quay/docs/quick-local-deployment.md at master · quay/quay]]\\ |
| [[https://access.redhat.com/docum.entation/ja-jp/red_hat_quay/2.9/html-single/deploy_red_hat_quay_-_basic/index|Deploy Red Hat Quay - Basic Red Hat Quay 2.9 | Red Hat Customer Portal]] [[gtr>https://access.redhat.com/documentation/ja-jp/red_hat_quay/2.9/html-single/deploy_red_hat_quay_-_basic/index|翻訳]]\\ |
| |