Setup Portus on OpenPower Servers

If you are looking for a web based UI for your private docker registry setup, then one of the promising opensource option is Portus.  It’s an open source authorization service and user interface for docker private registry from SuSE. More details on Portus can be found here – http://suse.github.io/Portus/

Recently, as part of an effort to have a docker environment with registry service, build service and orchestration on RedHat Linux running on OpenPower servers, I experimented with Portus as a possible UI for docker private registry. In this article, let us see how to setup Portus on an OpenPower server running RHEL 7.1 LE.

Setup Pre-requisites

Build and Install Mariadb

The mysql/mariadb version that is shipped with RHEL is not compatible with Portus so a recent version needs to be build. Please follow the instructions below to build mariadb on RHEL 7.1 LE.

# yum install git tar gcc-c++ bison ncurses-devel ncurses-libs cmake zlib-devel 
# git clone https://github.com/MariaDB/server.git ~/mariadb
# cd ~/mariadb
# git checkout -b mariadb-10.1.9 mariadb-10.1.9 
# mkdir build
# cd build
# cmake -DRPM=el7 ../
# make package 

This will build the following packages:

MariaDB-10.1.9-el7-ppc64le-client.rpm
MariaDB-10.1.9-el7-ppc64le-devel.rpm
MariaDB-10.1.9-el7-ppc64le-test.rpm
MariaDB-10.1.9-el7-ppc64le-common.rpm
MariaDB-10.1.9-el7-ppc64le-server.rpm
MariaDB-10.1.9-el7-ppc64le-connect-engine.rpm
MariaDB-10.1.9-el7-ppc64le-shared.rpm

Install the packages

# yum install -y MariaDB-10.1.9-el7-ppc64le*.rpm

Start the service

# service mysql restart

Install Ruby

# yum install ruby ruby-devel rubygem-bundler

Install Node.js

Node.js for Linux on Power Systems can be downloaded from the following link – https://www.ibm.com/developerworks/web/nodesdk/version4.html

As of this writing, the downloaded filename is – ibm-4.2.1.0-node-v4.2.1-linux-ppcle64.bin
Follow these steps to start the installation:

# chmod +x ibm-4.2.1.0-node-v4.2.1-linux-ppcle64.bin
# ./ibm-4.2.1.0-node-v4.2.1-linux-ppcle64.bin

Rest of the installation process is self-explanatory. The default installation folder is /root/ibm/node.
After installation, you’ll be required to add Node.js location into the system path. Following are the steps:

# cat > /etc/profile.d/node-path.sh<<EOF
export PATH=$PATH:/root/ibm/node/bin
EOF
# chmod +x /etc/profile.d/node-path.sh
# source /etc/profile.d/node-path.sh

Setup Portus

Clone the source code and install the dependent ruby gems

# git clone https://github.com/SUSE/Portus.git ~/Portus
# cd ~/Portus 
# bundle config build.nokogiri --use-system-libraries
# bundle install

Executing Portus

We’ll use ‘screen’ to run the Portus application in detachable windows

Install ‘screen’

# yum install screen

Configure Portus
Create Portus initial configuration

# bundle exec rake db:create
# bundle exec rake db:migrate
# bundle exec rake db:seed 

Start Portus
Create a new screen session

# screen -S puma 

Start ‘puma’ (ruby webserver) in the new screen session

# puma -b tcp://0.0.0.0:3000 -w 3 

The Portus application is now available on http://IP_ADDRESS_PORTUS_SERVER:3000

Docker Private Registry Setup for use with Portus
Copy portus certificate to the server running registry service. The portus certificate can be found in the following location:
~/Portus/docker/registry/portus.crt
This needs to be copied to the registry server under /var/lib/registry
Modify /etc/registry/config.yml using the template below for use with Portus

version: 0.1
loglevel: debug
storage:
  filesystem:
	rootdirectory: /var/lib/registry
  delete:
	enabled: true
http:
  addr: 0.0.0.0:5000
  debug:
	addr: 0.0.0.0:5001
auth:
  token:
	realm: http://IP_ADDRESS_PORTUS_SERVER:3000/v2/token
	service: IP_ADDRESS_REGISTRY_SERVER:5000
	issuer: portus.test.lan
	rootcertbundle: /var/lib/registry/portus.crt 
notifications:
  endpoints:
	- name: portus
	  url: http://IP_ADDRESS_PORTUS_SERVER:3000/v2/webhooks/events 
	  timeout: 500ms
	  threshold: 5
	  backoff: 1s

Configure Portus Catalog Service
Catalog service is used to sync everything from the private registry to Portus. The job is set to automatically execute every 10 minutes, but this can be changed with the CATALOG_CRON environment variable.
This environment variable takes value in the following format: .<hours/minutes/seconds>
This is part of the Portus application and hence needs to be run on the same machine having Portus installed.

Create a new screen session for the catalog service:

# screen -S catalog

Run the catalog service:

	# cd ~/Portus
	# CATALOG_CRON="5.minutes" bundle exec crono 

Access the Portus application at the following URI http://IP_ADDRESS_PORTUS_SERVER:3000
Initially it’ll ask to create an admin account. Enter the relevant details and you’ll be all set to use the UI to view the images, create users for working with the registry and so on.
Note that you need to first create users in Portus to be able to login and push images to the private registry.

Pradipta Kumar Banerjee

I'm a Cloud and Linux/ OpenSource enthusiast, with 16 years of industry experience at IBM. You can find more details about me here - Linkedin

You may also like...