Installing the registry¶
Warning
Fleshing out this documentation is a work in progress.
Installing SSL certificates¶
Certificates are provided by LetsEncrypt and are expected to have been generated prior to the installation. The certificate and key file paths are expected to have a specific format so that OpenShift doesn’t overwrite existing files when copying them into it’s directories:
yum -y install git
# Retrieve letsencrypt and run it
git clone https://github.com/letsencrypt/letsencrypt
Now you can either:
- production: generate the SSL certificates with ./letsencrypt.sh
- development: generate a CA and some dummy certificates with ./mock-certs.sh
Installing OpenShift Standalone Registry¶
To install OpenShift Standalone Registry on localhost
as root:
Set up local key-based authentication:
# We'll be connecting on localhost over ssh, setup keypair authentication
ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
ssh-keyscan -H registry.rdoproject.org >>~/.ssh/known_hosts
Install dependencies:
yum install -y python-setuptools python-devel libffi-devel openssl-devel redhat-rpm-config git gcc
easy_install pip
pip install tox
Export oauth application credentials for github authentication:
export RDO_GITHUB_CLIENT_ID=oauth_client_id
export RDO_GITHUB_CLIENT_SECRET=oauth_client_secret
Note
/var/lib/docker will be set up on a separate block device with
docker-storage-setup. If you do not provide the
host_preparation_docker_disk
variable for the host-preparation
playbook, a loopback device will be generated with test purposes and
the playbook will warn you about it.
Note
The server stores an OpenShift persistent volume for the Docker
registry on the local filesystem in /openshift_volumes
.
If you expect a high volume of data, you should re-mount this
directory on a large partition or volume prior to installation.
Note
ansible_ssh_user MUST be provided for the openshift-ansible
playbook, it is required by tasks such as
openshift_master_certificates : Lookup default group for ansible_ssh_user
.
Retrieve and run rdo-container-registry and openshift-ansible playbooks:
git clone https://github.com/rdo-infra/rdo-container-registry
cd rdo-container-registry
tox -e ansible-playbook -- -i hosts -e "host_preparation_docker_disk=/dev/vdb" host-preparation.yml
# Note: https://github.com/openshift/openshift-ansible/issues/5812
# Glean configures "NM_CONTROLLED=no" in the ifcfg-eth0 file
tox -e ansible-playbook -- -i hosts openshift-ansible/playbooks/byo/openshift-node/network_manager.yml -e "ansible_ssh_user=${USER}"
tox -e ansible-playbook -- -i hosts openshift-ansible/playbooks/byo/config.yml -e "ansible_ssh_user=${USER}"