My Oracle Support Banner

OCNE: Steps To Configure Local Private Container Registry For Oracle Cloud Native Environment Offline Installation/Upgrades (Doc ID 2969413.1)

Last updated on AUGUST 22, 2023

Applies to:

Oracle Cloud Native Environment (OCNE) - Version 1.5 and later
Information in this document applies to any platform.


This document provides detailed steps on how to setup and configure Local Private Container Registry for Oracle Cloud Native Environment (OCNE) product offline installation/upgrades.

As part of procedure mentioned in this Note, we create and use self signed certs and use them in podman container to download the container registry images.

NOTE: Configuration steps in this MOS note are specifically for mirroring container registry images which are needed for OCNE product installation/upgrades. Middleware and other Application container registry images are NOT downloaded with the steps mentioned in this MOS Note.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 STEP 1: Install Podman on Private Registry Host
 STEP 2: Validate Podman is installed on Private Registry Host
 STEP 3: Install oracle-olcne-release-el8 package on Private Registry Host
 STEP 4: Make sure latest OCNE version is enabled and disable old versions on Private Registry Host
 4(a) Enable latest OCNE version repos
 4(b) Disable old OCNE version
 STEP 5: Install OLCNE utils package
 STEP 6: Verify that file is installed
 STEP 7: Generate Self Signed Certificates on Private Registry Host
 7(a) Create /root/openssl directory for generating and storing self signed certs
 7(b) Generate rootCA Private key
 7(c) Generare rootCA cert
 7(d) Create openssl.cnf file
 7(e) Generate Private Key
 7(f) Generate CSR request for Private Key
 7(g) Self Sign the CSR request
 STEP 8: Create registry configuration directories on Private Registry Host
 STEP 9: Copy domain.key & domain.crt SSL certs and keys to registry configuration directories on Private Registry Host
 STEP 10: Create directories to store Registry Images on Private Registry Host
 STEP 11: Update /etc/containers/storage.conf file to point to newly created registry images storage directories on Private Registry Host
 STEP 12: Update /etc/containers/registries.conf file to add Insecure Hosts on Private Registry Host
 STEP 13: Start Podman Instance on Port 5000 using Self Signed Certs on Private Registry Host
 STEP 14: Validate podman instance is running on Private Registry Host
 STEP 15: Create Script to download Container registry Images from Oracle Container Registry to local Podman instance running on Private Registry Host
 15(a) Create /u01/local-registry/script & /u01/local-registry/logs directories to store script and capture registry mirrors download logging
 15(b) Create shell script under /u01/local-registry/script directory
 15(c) Give 755 permissions to /u01/local-registry/script/ script
 STEP 16: Execute script to download all container registry images locally to Private Registry Host
 STEP 17: Verify that the Podman downloaded all the registries locally on Private Registry Host

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.