OCNE: Steps To Configure Local Private Container Registry For Oracle Cloud Native Environment Offline Installation/Upgrades
(Doc ID 2969413.1)
Last updated on AUGUST 22, 2023
Applies to:
Oracle Cloud Native Environment (OCNE) - Version 1.5 and laterInformation in this document applies to any platform.
Goal
This document provides detailed steps on how to setup and configure Local Private Container Registry for Oracle Cloud Native Environment (OCNE) product offline installation/upgrades.
As part of procedure mentioned in this Note, we create and use self signed certs and use them in podman container to download the container registry images.
NOTE: Configuration steps in this MOS note are specifically for mirroring container registry images which are needed for OCNE product installation/upgrades. Middleware and other Application container registry images are NOT downloaded with the steps mentioned in this MOS Note.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| STEP 1: Install Podman on Private Registry Host |
| STEP 2: Validate Podman is installed on Private Registry Host |
| STEP 3: Install oracle-olcne-release-el8 package on Private Registry Host |
| STEP 4: Make sure latest OCNE version is enabled and disable old versions on Private Registry Host |
| 4(a) Enable latest OCNE version repos |
| 4(b) Disable old OCNE version |
| STEP 5: Install OLCNE utils package |
| STEP 6: Verify that registry-image-helper.sh file is installed |
| STEP 7: Generate Self Signed Certificates on Private Registry Host |
| 7(a) Create /root/openssl directory for generating and storing self signed certs |
| 7(b) Generate rootCA Private key |
| 7(c) Generare rootCA cert |
| 7(d) Create openssl.cnf file |
| 7(e) Generate Private Key |
| 7(f) Generate CSR request for Private Key |
| 7(g) Self Sign the CSR request |
| STEP 8: Create registry configuration directories on Private Registry Host |
| STEP 9: Copy domain.key & domain.crt SSL certs and keys to registry configuration directories on Private Registry Host |
| STEP 10: Create directories to store Registry Images on Private Registry Host |
| STEP 11: Update /etc/containers/storage.conf file to point to newly created registry images storage directories on Private Registry Host |
| STEP 12: Update /etc/containers/registries.conf file to add Insecure Hosts on Private Registry Host |
| STEP 13: Start Podman Instance on Port 5000 using Self Signed Certs on Private Registry Host |
| STEP 14: Validate podman instance is running on Private Registry Host |
| STEP 15: Create Script to download Container registry Images from Oracle Container Registry to local Podman instance running on Private Registry Host |
| 15(a) Create /u01/local-registry/script & /u01/local-registry/logs directories to store script and capture registry mirrors download logging |
| 15(b) Create ocne_local_container_registry_mirror_sync.sh shell script under /u01/local-registry/script directory |
| 15(c) Give 755 permissions to /u01/local-registry/script/ocne_local_container_registry_mirror_sync.sh script |
| STEP 16: Execute ocne_local_container_registry_mirror_sync.sh script to download all container registry images locally to Private Registry Host |
| STEP 17: Verify that the Podman downloaded all the registries locally on Private Registry Host |