Page MenuHomePhabricator

Set up experimental Docker registry in integration project
Closed, ResolvedPublic

Description

In order to experiment with a theoretical PipelineLib/Blubber driven MediaWiki container image pipeline, we'll need a Docker registry to which we can publish scratch-based "distribution" images of built MediaWiki components. (See discussion in T259817: Sketch MediaWiki production image composition and workflows.)

The registry should allow read/write (pull/push) from our integration agents and should allow public read access.


{{done}}

Setup

Did the usual integration project puppetmaster switch over.

sudo rm -rf /var/lib/puppet/ssl && sudo puppet agent -tv

Set the following puppet classes and hiera data in Horizon.

docker
profile::labs::lvm::srv
docker::configuration::settings:
  data-root: /srv/docker
docker::package_name: docker.io
docker::version: latest

Did some tweaking after the initial puppet run.

sudo puppet agent -tv            # apply new classes/hiera
sudo systemctl restart docker    # just to be sure data-root change took effect
sudo usermod -aG docker dduvall  # give me docker socket access

Created a new Docker volume to persist registry files locally.

docker volume create registry

Created a htpasswd file to restrict registry access.

docker run --rm -it --volume registry:/registry \
  --entrypoint htpasswd httpd:2.4 \
  -cB /registry/users.htpasswd integration-registry

Spun up a daemonized Docker container to run the registry.

docker run -d --name registry --restart always \
  --volume registry:/var/lib/registry \
  -p 80:5000 \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Integration Docker Registry" \
  -e "REGISTRY_AUTH_HTPASSWD_PATH=/var/lib/registry/users.htpasswd" \
  registry:2

Created a new web proxy in Horizon.

Hostname
: integration-docker-registry
Domain
: wmcloud.org
Backend instance
: integration-docker-registry-1003 (or whichever)
Backend port
: 80

Using it

Add a basic auth entry for yourself (requires project admin access).

On integration-docker-registry-1003:

sudo docker run --rm -it \
  --volume registry:/registry \
  --entrypoint htpasswd httpd:2.4 -cB /registry/users.htpasswd [your username]

Locally (where you have a working docker cli):

docker login integration-docker-registry.wmcloud.org

# build something and push/pull it
docker build -t integration-docker-registry.wmcloud.org/foo:v1
docker push integration-docker-registry.wmcloud.org/foo:v1
docker pull integration-docker-registry.wmcloud.org/foo:v1

Event Timeline

dduvall created this task.Sep 9 2020, 6:13 PM
dduvall removed dduvall as the assignee of this task.Sep 17 2020, 7:39 PM
dduvall claimed this task.Oct 7 2020, 5:57 PM
dduvall triaged this task as Medium priority.
dduvall closed this task as Resolved.Oct 9 2020, 8:19 PM
dduvall updated the task description. (Show Details)