Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Server 15

4 Storing Images

Prior to creating your own images, you should decide where you will store the images. The easiest solution is to push these images to the Docker Hub. By default, all images pushed to the Docker Hub are public. This is probably fine as long as this does not violate your company's policy and your images do not contain sensitive data or proprietary software.

If you need to restrict access to your Docker images, there are two options:

  • Get a subscription on Docker Hub that unlocks the feature to create private repositories.

    Run an on-site Docker registry where to store all the Docker images used by your organization or company and combine them with Portus to secure the registry.

This chapter describes how to set up an on-site Docker registry and how to combine it with Portus.

4.1 What is a Docker Registry?

The Docker Registry is an open-source project created by Docker Inc. It allows the storage and retrieval of Docker images. By running a local instance of the Docker registry it is possible to completely avoid usage of Docker Hub.

Docker Registry is also used by Docker Hub. However, Docker Hub, as seen from the user perspective, is made of the following parts at least:

  • The user interface (UI): The part that is accessed by users with their browser. The UI provides a nice and intuitive way to browse the contents of Docker Hub either manually or by using a search feature. It also allows to create organizations made by different users.

    This component is closed-source.

  • The authentication component: This is used to protect the images stored inside of Docker Hub. It validates all push, pull and search requests.

    This component is closed-source.

  • The storage back-end: This is where Docker images are sent and downloaded from. It is provided by Docker Registry.

    This component is open-source.

4.2 Installing and Setting Up Docker Registry

  1. Install the docker-distribution-registry package:

    tux > sudo zypper install docker-distribution-registry
  2. To automatically start the Docker registry at boot time:

    tux > sudo systemctl enable registry
  3. Start the Docker Registry:

    tux > sudo systemctl start registry

The Docker registry configuration is defined inside of /etc/registry/config.yml.

With the default configuration the registry listens on ports 5000 and stores the Docker images under /var/lib/docker-registry.

Note: Incompatible Versions of Docker and Docker Registry

Docker registry version 2.3 is not compatible with Docker versions older than 1.10, because v2 manifests were only introduced with Docker 1.10. As Docker and Docker registry can be installed on different boxes, the versions might be incompatible. If you experience communication errors between Docker and Docker registry, update both to the latest versions.

For more details about Docker registry and its configuration, see the official documentation at: https://docs.docker.com/registry/.

4.3 Limitations

The Docker registry has two major limitations:

  • It lacks any form of authentication. That means everybody with access to the Docker Registry can push and pull images to it. That also includes the possibility to overwrite already existing images.

  • There is no way to see which images have been pushed to the Docker Registry. You need to manually take notes of what is being stored inside of it. There is also no search functionality, which makes collaboration harder.

4.4 Portus

Portus is an authentication service and user interface for the Docker registry. It is an open source project created by SUSE to address all the limitations faced by the local instances of Docker registry.

By combining Portus and Docker registry, it is possible to have a secure and enterprise ready on-premise version of the Docker Hub.

Portus is accessible in SLE 15 through the Containers module. To install Portus, use the following command:

tux > sudo zypper in portus

To configure Portus, follow these steps:

  1. First of all, you should install Portus's dependencies if you have not already. This is thoroughly documented here: http://port.us.org/docs/setups/1_rpm_packages.html#portus-dependencies. This document will help you to get through the installation process, and it will also warn you about some of the common pitfalls.

  2. After installing Portus and its dependencies, you need to configure your instance. The initial setup of Portus is explained here: http://port.us.org/docs/setups/1_rpm_packages.html#initial-setup. When you are done with portusctl, you should modify some configurable values before using Portus. This is thoroughly explained in this documentation page: http://port.us.org/docs/Configuring-Portus.html.

  3. To apply the configuration changes, restart Apache (this is required after each configuration change).

  4. Finally, when entering Portus for the first time, you will be required to enter some information about your installed registry. For details, see: http://port.us.org/docs/setups/1_rpm_packages#the-default-installation.html.

  5. The Portus setup is now complete and you can start using Portus.

For more information about Portus, see: http://port.us.org/.

Print this page