action #160376
openFix container registry on AWS
Added by ph03nix about 2 months ago. Updated 3 days ago.
100%
Description
Our container registry instance throws HTTP 500 errors since this morning. We need to fix it.
Updated by rbranco about 2 months ago
- Priority changed from Urgent to High
- % Done changed from 0 to 50
Main issue solved.
TODO:
- Refine script.
Updated by rbranco about 1 month ago
Also check:
- Vulnerability to DOS when using docker registry listing tools. (Also investigate docker search)
- Firewall in place on AWS.
Updated by rbranco 18 days ago · Edited
- Status changed from Feedback to In Progress
Reopening.
This time I could prepopulate the mirror with all 4 arches without hitting rate limits using my credentials. Which is weird because the document states that authenticated free users only have twice the limit.
Updated by ph03nix 17 days ago · Edited
I could setup a toy setup using the https://registry.suse.com/repositories/suse-registry image:
# /etc/registry/config.yml
---
version: 0.1
log:
level: info
storage:
filesystem:
rootdirectory: /var/lib/docker-registry
delete:
enabled: true
http:
addr: 0.0.0.0:5000
proxy:
remoteurl: https://registry-1.docker.io
ttl: 168h
and
podman run --detach --replace -p 5000:5000 --name registry \
-v /etc/registry/config.yml:/etc/registry/config.yml:Z,ro \
-v /var/lib/docker-registry:/var/lib/docker-registry:Z \
registry.suse.com/suse/registry
This works as a pull-through cache, ~however still anyone is allowed to push to this instance, which is bad~. No that is not allowed, this should work as it is.
Updated by ph03nix 4 days ago
- Status changed from In Progress to Feedback
- % Done changed from 50 to 100
I deployed the podman
container to our registry instance. It works for now: https://duck-norris.qe.suse.de/tests/14687
Maybe some test runs need to be restarted, but for now it seems to work. Please report any issues back here or directly to me.
Updated by ph03nix 3 days ago
https://gitlab.suse.de/qac/bazaar contains now the ansible playbook for setting up the registry instance.