Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Server 15 SP1

3 Storing Images Edit source

Prior to creating your own images, you should decide where you will store the images. The easiest solution is to push these images to the Docker Hub. By default, all images pushed to the Docker Hub are public. This is probably fine as long as this does not violate your company's policy and your images do not contain sensitive data or proprietary software.

If you need to restrict access to your Docker images, there are two options:

  • Get a subscription on Docker Hub that unlocks the feature to create private repositories.

  • Run an on-site Docker Registry where to store all the Docker images used by your organization or company and combine them with Portus to secure the registry.

This chapter describes the second option, how to set up an on-site Docker Registry and how to combine it with Portus.

3.1 What is Docker Registry? Edit source

The Docker Registry is an open-source project created by Docker Inc. It allows the storage and retrieval of Docker images. By running a local instance of the Docker Registry it is possible to completely avoid usage of Docker Hub.

Docker Registry is also used by Docker Hub. However, Docker Hub, as seen from the user perspective, is made of the following parts at least:

  • The user interface (UI): The part that is accessed by users with their browser. The UI provides a nice and intuitive way to browse the contents of Docker Hub either manually or by using a search feature. It also allows to create organizations made by different users.

    This component is closed-source.

  • The authentication component: This is used to protect the images stored inside of Docker Hub. It validates all push, pull and search requests.

    This component is closed-source.

  • The storage back-end: This is where Docker images are sent and downloaded from. It is provided by Docker Registry.

    This component is open-source.

3.2 Installing and Setting Up Docker Registry Edit source

  1. Install the docker-distribution-registry package. This package is in SUSE PackageHub. If you have not enabled PackageHub, run the following commands to enable it:

    tux > sudo SUSEConnect --product PackageHub/15.1/x86_64
    tux > sudo zypper refresh

    Then install docker-distribution-registry:

    tux > sudo zypper install docker-distribution-registry
  2. To automatically start the Docker Registry at boot time:

    tux > sudo systemctl enable registry
  3. Start the Docker Registry:

    tux > sudo systemctl start registry

The Docker Registry configuration is defined inside of /etc/registry/config.yml.

With the default configuration the registry listens on ports 5000 and stores the Docker images under /var/lib/docker-registry.

Note
Note: Incompatible Versions of Docker Open Source Engine and Docker Registry

Docker Registry 2.3 is not compatible with Docker Open Source Engine versions older than 1.10, because v2 manifests were only introduced with Docker Open Source Engine 1.10. As Docker Open Source Engine and Docker Registry can be installed on different boxes, the versions might be incompatible. If you experience communication errors between Docker Open Source Engine and Docker Registry, update both to the latest versions.

For more details about Docker Registry and its configuration, see the official documentation at: https://docs.docker.com/registry/.

3.3 Limitations Edit source

The Docker Registry has two major limitations:

  • It lacks any form of authentication. That means everybody with access to the Docker Registry can push and pull images to it. That also includes the possibility to overwrite already existing images.

  • There is no way to see which images have been pushed to the Docker Registry. You need to manually take notes of what is being stored inside of it. There is also no search functionality, which makes collaboration harder. These limitations are resolved by installing Portus.

3.4 Portus Edit source

Portus is an authentication service and user interface for the Docker Registry. It is an open source project created by SUSE to address all the limitations faced by the local instances of Docker Registry. By combining Portus and Docker Registry, it is possible to have a secure and enterprise ready on-premise version of the Docker Hub.

Portus is available for SLES customers as a Docker image from SUSE Container Registry. For example, to pull the 2.4.0 tag, run the following command:

tux > docker pull registry.suse.com/sles12/portus:2.4.0

Note that this pulls a SLES12-based image, and it is valid for SUSE Linux Enterprise 15 systems (and any Docker environment).

In addition to the official version of the Portus image from SUSE Container Registry, there is a community version that can be found on Docker Hub. However, as a SLES customer, we strongly suggest you use the official Portus image instead. The Portus image for SLES customers has the same code as the one from the community. Therefore, the setup instructions from http://port.us.org/docs/deploy.html apply for both images.

Print this page