If you are looking for a web based UI for your private docker registry setup, then one of the promising opensource option is Portus. It’s an open source authorization service and user interface for docker private registry from SuSE. More details on Portus can be found here – http://suse.github.io/Portus/
Recently, as part of an effort to have a docker environment with registry service, build service and orchestration on RedHat Linux running on OpenPower servers, I experimented with Portus as a possible UI for docker private registry. In this article, let us see how to setup Portus on an OpenPower server running RHEL 7.1 LE.
Build and Install Mariadb
The mysql/mariadb version that is shipped with RHEL is not compatible with Portus so a recent version needs to be build. Please follow the instructions below to build mariadb on RHEL 7.1 LE.
# yum install git tar gcc-c++ bison ncurses-devel ncurses-libs cmake zlib-devel # git clone https://github.com/MariaDB/server.git ~/mariadb # cd ~/mariadb # git checkout -b mariadb-10.1.9 mariadb-10.1.9 # mkdir build # cd build # cmake -DRPM=el7 ../ # make package
This will build the following packages:
MariaDB-10.1.9-el7-ppc64le-client.rpm MariaDB-10.1.9-el7-ppc64le-devel.rpm MariaDB-10.1.9-el7-ppc64le-test.rpm MariaDB-10.1.9-el7-ppc64le-common.rpm MariaDB-10.1.9-el7-ppc64le-server.rpm MariaDB-10.1.9-el7-ppc64le-connect-engine.rpm MariaDB-10.1.9-el7-ppc64le-shared.rpm
Install the packages
# yum install -y MariaDB-10.1.9-el7-ppc64le*.rpm
Start the service
# service mysql restart
# yum install ruby ruby-devel rubygem-bundler
Node.js for Linux on Power Systems can be downloaded from the following link – https://www.ibm.com/developerworks/web/nodesdk/version4.html
As of this writing, the downloaded filename is – ibm-22.214.171.124-node-v4.2.1-linux-ppcle64.bin
Follow these steps to start the installation:
# chmod +x ibm-126.96.36.199-node-v4.2.1-linux-ppcle64.bin # ./ibm-188.8.131.52-node-v4.2.1-linux-ppcle64.bin
Rest of the installation process is self-explanatory. The default installation folder is /root/ibm/node.
After installation, you’ll be required to add Node.js location into the system path. Following are the steps:
# cat > /etc/profile.d/node-path.sh<<EOF export PATH=$PATH:/root/ibm/node/bin EOF # chmod +x /etc/profile.d/node-path.sh # source /etc/profile.d/node-path.sh
Clone the source code and install the dependent ruby gems
# git clone https://github.com/SUSE/Portus.git ~/Portus # cd ~/Portus # bundle config build.nokogiri --use-system-libraries # bundle install
We’ll use ‘screen’ to run the Portus application in detachable windows
# yum install screen
Create Portus initial configuration
# bundle exec rake db:create # bundle exec rake db:migrate # bundle exec rake db:seed
Create a new screen session
# screen -S puma
Start ‘puma’ (ruby webserver) in the new screen session
# puma -b tcp://0.0.0.0:3000 -w 3
The Portus application is now available on http://IP_ADDRESS_PORTUS_SERVER:3000
Docker Private Registry Setup for use with Portus
Copy portus certificate to the server running registry service. The portus certificate can be found in the following location:
This needs to be copied to the registry server under /var/lib/registry
Modify /etc/registry/config.yml using the template below for use with Portus
version: 0.1 loglevel: debug storage: filesystem: rootdirectory: /var/lib/registry delete: enabled: true http: addr: 0.0.0.0:5000 debug: addr: 0.0.0.0:5001 auth: token: realm: http://IP_ADDRESS_PORTUS_SERVER:3000/v2/token service: IP_ADDRESS_REGISTRY_SERVER:5000 issuer: portus.test.lan rootcertbundle: /var/lib/registry/portus.crt notifications: endpoints: - name: portus url: http://IP_ADDRESS_PORTUS_SERVER:3000/v2/webhooks/events timeout: 500ms threshold: 5 backoff: 1s
Configure Portus Catalog Service
Catalog service is used to sync everything from the private registry to Portus. The job is set to automatically execute every 10 minutes, but this can be changed with the CATALOG_CRON environment variable.
This environment variable takes value in the following format: .<hours/minutes/seconds>
This is part of the Portus application and hence needs to be run on the same machine having Portus installed.
Create a new screen session for the catalog service:
# screen -S catalog
Run the catalog service:
# cd ~/Portus # CATALOG_CRON="5.minutes" bundle exec crono
Access the Portus application at the following URI http://IP_ADDRESS_PORTUS_SERVER:3000
Initially it’ll ask to create an admin account. Enter the relevant details and you’ll be all set to use the UI to view the images, create users for working with the registry and so on.
Note that you need to first create users in Portus to be able to login and push images to the private registry.