Assisted Cloud

Podman registry setup cmds

by

Dhinesh Kumar
in

1) yum install httpd-tools
2) sudo dnf install -y podman
3) mkdir -p /opt/registry/{auth,certs,data}
4) cd /opt/registry/
4) ls -lrt
5) htpasswd -bBc /opt/registry/auth/htpasswd registryuser registryuserpassword
6) cd /opt/registry/auth/htpasswd
7) openssl req -x509 -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key -out /opt/registry/certs/domain.crt -days 365 -subj “/CN=subdomain.domain.com” -addext “subjectAltName = DNS:subdomain.domain.com,IP:173.212.251.245”
8) cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
9) update-ca-trust
10) trust list | grep -i “subdomain.domain.com”
11) podman run –name myregistry -p 5000:5000 -v /opt/registry/data:/var/lib/registry:z -v /opt/registry/auth:/auth:z -e “REGISTRY_AUTH=htpasswd” -e “REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm” -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/registry/certs:/certs:z -e “REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt” -e “REGISTRY_HTTP_TLS_KEY=/certs/domain.key” -e REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED=true -d docker.io/library/registry:latest
12) podman ps -a
13) curl -u registryuser https://subdomain.domain.com:5000/v2/_catalog
14) openssl s_client -connect subdomain.domain.com:5000 -servername subdomain.domain.com
15) podman login subdomain.domain.com:5000
16) podman logout subdomain.domain.com:5000
17) Download the pullsecret from https://console.redhat.com/openshift/downloads and copy to /opt/registry/auth
18) pwd
19) ls -lrt
20) vi pull-secret.json
cat pull-secret.json
21) podman login subdomain.domain.com:5000 –authfile /opt/registry/auth/pull-secret.json
22) cat /opt/registry/auth/pull-secret.json
23) export OCP_RELEASE=4.14.42
export LOCAL_REPOSITORY=’ocp4/openshift4test’
export PRODUCT_REPO=’openshift-release-dev’
export LOCAL_SECRET_JSON=’/opt/registry/auth/pull-secret.json’
export RELEASE_NAME=”ocp-release”
export ARCHITECTURE=x86_64
24)check the variables in “echo $OCP_RELEASE” like this
25) podman pull –authfile $LOCAL_SECRET_JSON\quay.io/$PRODUCT_REPO/$RELEASE_NAME:$OCP_RELEASE-$ARCHITECTURE
26)podman tag quay.io/$PRODUCT_REPO/$RELEASE_NAME:$OCP_RELEASE-$ARCHITECTURE \
27)subdomain.domain.com:5000/$LOCAL_REPOSITORY/$RELEASE_NAME:$OCP_RELEASE-$ARCHITECTURE
28)subdomain.domain.com:5000/$LOCAL_REPOSITORY/$RELEASE_NAME:$OCP_RELEASE-$ARCHITECTURE
29)curl -u registryuser https://subdomain.domain.com:5000/v2/_catalog
30)curl -u registryuser https://subdomain.domain.com:5000/v2/ocp4/openshift4test/ocp-release/tags/list
31)curl -u registryuser https://subdomain.domain.com:5000/v2/ocp4/openshift4test/ocp-release/manifests/4.14.42-x86_64
32)