Docker registries are places where container images are stored. There’s a public Docker registry available referred to as Docker index or hub, but you can also set up private registries to store your own containers.
Use the public Docker index
When a Docker container is running, it is referred to as a container. When a container is stored in a registry or on your local system, it is referred to as an image. So to use a Linux analogy a Docker image is a command that is sitting in the filesystem waiting to run, and a Docker container is like a process in that it is a running an instance of an image.
They’re literally thousands of Docker containers stored on the Docker index that are available for you to use. However this includes just a handful of official base images that you might want to use as a basis of your own containers.
Container images are available from the Docker index in several different ways:
- on the web: Docker hub registry
- the docker command itself.
But however you decide to search the index what you will find includes base container images from different Linux distributions that you can use to run directly or build your own applications. Linux distributions include Ubuntu, Fedora, Gentoo, CentOS and others. There are also container images available from the Docker index that were built specifically to deliver a particular application: for example container images for the WordPress blogging tool, for MongoDB and PostgreSQL databases.
Create private Docker registries
Setting up a private Docker registry makes it so you can share your images with people working on your project without exposing your work to the outside world. The software package it provides a basic Docker registry called docker-registry and it’s pretty much the same package name in every distribution that I’ve seen. Once it’s in place you can push images to and from your repository. Now I’m going to show you how to install and setup docker-registry in Fedora.
The first command I’m going to run is to install the Docker registry package:
yum install docker-registry
Now let’s take a look at the contents of the docker-registry package and I’m going to run the command:
rpm -ql docker-registry | less
We can see that the documentation for this package is located in /usr/share/doc/docker-registry/. There is also the file /usr/lib/systemd/system/docker-registry.service which is how systemd is going to start and stop this service. In the /var/lib/docker-registry/ directory all the images you pull and push will be stored. Almost all the other files are basically the Python scripts that are used to create the registry, you don’t really need to know about them. But the main things that were interested here are the /etc/docker-registry.yml file and the /etc/sysconfig/docker-registry file, which are configuration files that you need with the registry.
The /etc/docker-registry.yml file has some configuration information that is set for the service to run. In particular we have log level, we can see that log messages of information level or higher are going to be sent to the journaling service. You can also see here that the end point is set by default to index.docker.io. So further down into the file, we won’t go into that in detail, but you can actually configure different kinds of storage to use as the backend for your Docker registry service.
The /etc/sysconfig/docker-registry file just basically tells the daemon process a few things it needs to do. For example, it says there’s a configuration file at /etc/docker-registry.yml, so that gets pulled in, you can see it’s running local and you can see that it’s listening on all network interfaces on the local system and it’s going to be listening on port 5000, and last thing in this file is that they’re basically 4 Docker registry workers that are going to be launched on this system.
Once the registry is installed we want to enable the service, so to do that we can enable it with:
systemctl enable docker-registry
so now every time the system comes up, the Docker registries system service is going to run and then systemctl start docker-registry to start the service immediately.
To check the status, run systemctl status docker-registry. This will show you if the service is enabled, if it is active, the launched worker processes and information about log messages associated with the service.
So now that the service is running, let’s take a look and make sure that we can see the port, by running netstat -tupln | grep 5000. And there you can see that port 5000 is being run, it’s basically shows that is a Python script, that’s the Docker registry service listening on that port.
Now other things we want to do here and make sure that that port is going to be open to the outside world. For this I will run the command:
firewall-cmd –zone=public –add-port=5000/tcp –permanent
This will open the port 5000/tcp to the public and will make the docker registry service accessible from the outside.
Now that the Docker registry is running and accessible to the outside world, next what I want to do is start pulling and pushing images to and from my private registry.
Push and pull Docker images
You can explicitly push and pull Docker images to and from public and private Docker registries with the docker pull and docker push commands.
Pull commands are also built in when you build or run containers so the container doesn’t have to actually be pull to your system before you run docker build and docker run commands.
When you pull an image from a repository it is stored on your local system in the /var/lib/docker directory so make sure you have enough space there to meet your needs. Also there are techniques for cleaning out or simply not saving as many images on your local system. That you will want to do to keep your local storage from filling up. But on that later on this article.
Keep in mind that the default repository for pulling images is the docker.io index except with Red Hat Enterprise Linux which first tries to pull an image you request from the Red Hat customer portal. Currently doker.io is the default registry for any push command you run.
To pull an image from the Docker index, you could type:
docker pull fedora
With this command I’m asking for any image that is associated with the name fedora. When all the images are found (can be multiple images associated with the same name), it will download them and pull dependent layers.
Once the pull is completed you can take a look and see what we download to our local system. You can do that with the docker images command. If you pulled Fedora, this will show you that you actually downloaded multiple images with the name Fedora, but different tags. For each image, it shows also the virtual size, this may not be the total real space as images can share some components and an image may not be consuming that total amount of space that you see there just by downloading the Fedora image. The image ID is truncated, it is the short version of the full ID, but it is good enough to use with commands.
Let’s now try to put a Fedora image downloaded from Docker index onto our local registry. First we have to tag it:
docker tag fedora:latest localhost:5000/acme/fedora
This will take the Fedora latest container image and tag it with localhost:5000/acme/fedora. What this says is that this particular container is destined to go into the local registry on localhost, port 5000, user acme created this one and it’s going to be called fedora. So now with that done, we can just simply go ahead and push it to local registry because the push command knows that when it has that kind of form of address: localhost:5000/acme/fedora, it knows to push it to the local registry to that address.
Now what I can do next is to remove that one:
docker rmi localhost:5000/acme/fedora
This command will untag the image, but the image will still be there but in another form. Now if I wanted to get it later I could do:
docker pull localhost:5000/acme/fedora
and I can get it back that way as well.