carbajgu
Mission Specialist
Mission Specialist
  • 1,832 Views

how to work with prefix in a container registry?

Hello all!

I ran a local registry container and configure a prefix for that. But I am not able to work with that. What am i doing wrong/ or missing?

 sudo podman run -d -p 5000:5000 --name tmpregistry docker.io/library/registry:latest

and configured:

tail -n 5 /etc/containers/registries.conf

[[registry]]
prefix = "tmpregistry.com"
location = "localhost:5000"
insecure = true

sudo systemctl restart podman

Test #1:

[carbajgu@hostone ~]$ curl localhost:5000/v2/_catalog
{"repositories":[]}
[carbajgu@hostone ~]$ curl http://localhost:5000/v2/_catalog
{"repositories":[]}

Test #2:

[carbajgu@hostone ~]$ curl tmpregistry.com/v2/_catalog
[carbajgu@hostone ~]$ curl http://tmpregistry.com/v2/_catalog
[carbajgu@hostone ~]$ curl http://tmpregistry.com:5000/v2/_catalog
^C

why this Test #2 is not working?

BR/

Labels (2)
11 Replies
Chetan_Tiwary_
Moderator
Moderator
  • 1,329 Views

Hello @carbajgu !

I think that the lookup prefix for a registry must match a DNS name / domain : I think you can configure any valid host - but it is not required - use the localhost and if you really want to have a host of your preferred prefix - use a valid host name bcz for curl it is a http url and any random URL wont fetch you the same result :

Chetan_Tiwary__0-1710279316175.png

https://www.redhat.com/sysadmin/manage-container-registries 

https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md 

carbajgu
Mission Specialist
Mission Specialist
  • 1,301 Views

Thank you Chetan_Tiwary_!

So, i renamed my vm:

[root@server1 ~]# hostnamectl hostname
server1.example.com

modify /etc/hosts:

[root@server1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 server1 server1.example.com
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

resolv.conf was updated itself with example.com

[root@server1 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search openstacklocal example.com
nameserver 107.250.140.2

set a matching prefix:

[root@server1 ~]# tail -n4 /etc/containers/registries.conf
[[registry]]
prefix="server1.example.com"
location="localhost:5000"
insecure=true
[root@server1 ~]#

restart podman

[root@server1 ~]# systemctl restart podman

So, it works...

[root@server1 ~]# curl http://server1.example.com:5000/v2/_catalog
{"repositories":[]}

It wont fail this way, but. In your example your hostname is "workstation" and your registry url is "tmpregistry.lab.example.com". 

What is missing in my configuration? Looks like prefix entry is useless since the hostname is resolved through the /etc/hosts. Appreciate you to share the parameters you set in your example. Name of the container does not care, right?

 

0 Kudos
Mostafa1
Flight Engineer
Flight Engineer
  • 1,319 Views

It looks like you're trying to access the registry using the prefix tmpregistry.com that you configured in registries.conf. However, the prefix configuration in registries.conf is used for resolving the registry location, not for accessing it via HTTP requests.

Here's what you need to do:

Access the registry using the configured prefix: When you configure a prefix in registries.conf, it is used by container tools like Podman or Docker to resolve the registry location. You don't need to use the prefix in your HTTP requests.

Access the registry using the registry's hostname and port: Since you configured the registry with localhost:5000 as the location, you should access it using localhost:5000 in your HTTP requests.

Let's update your tests:

Test:

curl localhost:5000/v2/_catalog
This should work fine because you are accessing the registry directly using its hostname and port.


You don't need to use the prefix tmpregistry.com in your HTTP requests. It's only used by container tools like Podman to resolve the registry location.

weekim
Cadet
Cadet
  • 1,312 Views

Working with prefixes in a container registry allows for better organization and management of container images, especially in environments with multiple projects or teams. Here's how you can effectively work with prefixes in a container registry:

Naming Convention: Define a clear and consistent naming convention for prefixes. This convention should reflect the project, team, or environment associated with the container images. For example, you might use project names, team names, or environment names as prefixes.

Image Tagging: Combine prefixes with image tags to provide additional context and versioning information. For example, you might use a combination of prefixes and tags to represent different versions or stages of an image within a specific project or team.

Prefix Usage: Use prefixes to organize and categorize container images within your registry. Each image can be assigned a prefix to indicate its affiliation with a specific project, team, or environment. This helps in quickly identifying and managing related images.

Automation: Integrate prefix handling into your automation workflows. Tools like Docker, Kubernetes, or CI/CD pipelines can be configured to automatically apply prefixes to container images based on predefined rules or metadata.

Access Control: Leverage prefixes to implement access control policies within your container registry. You can assign permissions based on prefixes to restrict or grant access to specific images for different teams or individuals.

Documentation: Document your prefix conventions and usage guidelines to ensure consistency and facilitate collaboration among teams. This documentation should cover how prefixes are assigned, their meaning, and any associated policies or procedures.

PeterSzabo
Mission Specialist
Mission Specialist
  • 1,287 Views

Your curl test tries to resolve the parameter as domain name and connects to it. It does not care about your container configuration, it is just a plain http client, like a browser. 

ericbos
Flight Engineer
Flight Engineer
  • 1,258 Views

Thanks all, this was helpful

Best regards, Eric

0 Kudos
judzhu
Cadet
Cadet
  • 1,221 Views

Make that tmpregistry.com is actually resolvable to your local environment.

```

vi /etc/hosts

 

# add a line like this 

127.0.0.1 tmpregistry.com

 

# save and exit, test with ping or dig

dig tmpregistry.com

# It should show from 127.0.0.1

# run your test2 once again

curl http://tmpregistry.com:5000/v2/_catalog

```

0 Kudos
  • 1,197 Views

For this enable DNS service on the conatiner image and add dns entry for domain name in /etc/hosts file of the host machine

0 Kudos
napapornt
Mission Specialist
Mission Specialist
  • 1,160 Views

Certainly! Let’s troubleshoot the issue with the prefix configuration in your container registry.

Prefix Usage:
A prefix allows you to organize and categorize container images within your registry. Each image can be assigned a prefix to indicate its affiliation with a specific project, team, or environment. This helps in quickly identifying and managing related images1.
Your Configuration:
You’ve set up a local registry container using Podman and configured a prefix in
/etc/containers/registries.conf.
The prefix you’ve defined is "tmpregistry.com" with the location as "localhost:5000" and insecure set to true.
Test #1:
When you query the registry directly using localhost:5000, it returns an empty repository list. This indicates that the registry is running and reachable.
Test #2:
In Test #2, you tried accessing the registry using the prefix "tmpregistry.com".
However, it seems that the prefix-based access is not working as expected.
Possible Issues:
DNS Resolution: Ensure that the hostname "tmpregistry.com" resolves to the correct IP address. You can check this using nslookup tmpregistry.com.
Hosts File: Check if you have any custom entries in your /etc/hosts file that might affect name resolution.
Firewall Rules: Verify that there are no firewall rules blocking access to the registry.
Container Registry Configuration: Double-check the registry configuration to ensure that the prefix is correctly set.
Registry Restart: After making changes to the configuration, restart the registry container to apply the new settings.
Test #2 Resolution:
To troubleshoot further, try the following:
Use curl with the full URL including the port:
curl http://localhost:5000/v2/_catalog
If this works, it confirms that the registry is accessible directly via the port.
If not, investigate the registry logs for any errors or warnings related to the prefix configuration.
Remember to verify the DNS resolution, network connectivity, and any additional configuration specific to your environment. If you encounter any specific error messages, share them for further analysis.

0 Kudos
Join the discussion
You must log in to join this conversation.