Docker Registry
At docker.sapsailing.com there is a Docker registry running which mainly holds two repositories:
- sapsailing
- sapjvm8
The sapsailing repository holds the images built, in particular, by the latest master branch build.
See the corresponding Hudson Job Configuration.
The files responsible for building the docker images can be found in the Git repository under
/docker/Dockerfile.tpl which is a template patched with a specific release of the SAP
Sailing Analytics using the /docker/makeImageForLatestRelease script.
The Docker registry is run based on the registry and docker-registry-ui Docker images
tied together by a docker-compose file found at sapsailing.com:/var/log/old/cache/docker/registry/docker-compose.yml.
The compose file launches a registry and a web UI for the registry. This works hand in hand with a corresponding
Apache httpd configuration found at sapsailing.com:/etc/httpd/conf.d/006-docker-registry.conf which maps
docker.sapsailing.com:80 to port 5000 on which the docker-registry-ui container is listening.
The actual Docker registry listens on port 5001 on sapsailing.com. This is additionally exposed by the Apache
reverse proxy server through docker-registry.sapsailing.com forwarding all /v2 traffic to the
registry container listening on port 5001.
Both, the external UI and registry access through the Apache httpd reverse proxy require basic authentication
based on the /etc/httpd/conf/passwd.git password file. To add a user to it, use the htpasswd command
on sapsailing.com as user root, e.g., as follows:
htpasswd /etc/httpd/conf/passwd.git the_new_userThe actual registry configuration is found in sapsailing.com:/var/log/old/cache/docker/registry/registry-config.yml.
It is mapped in the docker-compose.yml file using a corresponding volume specification.
For reference, here goes the docker-compose.yml file:
version: '3.7'
services:
registry:
image: registry:latest
ports:
- 5001:5001
volumes:
- /var/log/old/cache/docker/registry:/var/lib/registry
- /var/log/old/cache/docker/registry/registry-config.yml:/etc/docker/registry/config.yml
networks:
- registry-ui-net
restart: unless-stopped
ui:
image: joxit/docker-registry-ui:latest
ports:
- 5000:80
environment:
- REGISTRY_TITLE=SAP Sailing Analytics Docker Registry
- NGINX_PROXY_PASS_URL=http://registry:5001
# - REGISTRY_URL=http://registry:5001
- SINGLE_REGISTRY=true
- DELETE_IMAGES=true
depends_on:
- registry
networks:
- registry-ui-net
restart: unless-stopped
networks:
registry-ui-net:The registry-config.yml file currently looks like this:
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5001
headers:
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Expose-Headers: ['Docker-Content-Digest']
The Hudson build slave AWS image (AMI) has a set of valid credentials in the hudson user's account to
push to the registry.
Garbage-Collecting Unused Content
To run a garbage collection in the registry, try this:
docker exec -it registry-registry-1 registry garbage-collect /etc/docker/registry/config.ymlThis process is automated by adding the line
0 7 2 * * export PATH=/bin:/usr/bin:/usr/local/bin; docker exec -it registry-registry-1 registry garbage-collect /etc/docker/registry/config.ymlto /root/crontab and running crontab crontab as the root user. See also crontab -l for whether this has already been set up.
If you want to delete an entire repository, e.g., because you pushed images under an incorrect repository tag, try this:
docker exec -it registry-registry-1 rm -rf /var/lib/registry/docker/registry/v2/repositories/{your-repository-name}