Running a local container registry for Execution Environments
After building an execution environment container image, you can push it to a registry and use on your other machines with ansible-navigator or in Ansible AWX/Automation controller jobs.
If you’re unfamiliar with the technology, please take a look at the Getting started with Execution Environments guide.
This wiki post will show you how to set up a basic local container registry for your execution environments as a systemd unit run on behalf of a non-root user.
The shell commands were made on Fedora 33 (yeah, you’re right, I need to update it one day).
Setting up a registry server
We assume you are logged in to your machine as a non-root user with the sudo permission.
1. Install the required packages:
sudo dnf install -y podman httpd-tools
2. Create directories on the host system which will be later mounted in the container running your registry:
mkdir -p ~/registry/{auth,data}
3. Generate a file containing credentials for accessing the registry:
htpasswd -bBc ~/registry/auth/htpasswd myuser mypassword
In the command above, myuser and mypassword can be replaced with any value you want to use as credentials to log in to to the registry.
4. Create a directory to store a systemd unit for the registry container you are about to create and change your location to the directory:
mkdir -p ~/.config/systemd/user && cd ~/.config/systemd/user
5. Run the registry container:
podman run -d --rm --name myregistry -p 5000:5000 \
-v ~/registry/data:/var/lib/registry:z \
-v ~/registry/auth:/auth:ro,z \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
docker.io/library/registry:latest
6. Generate a systemd unit file based on the running myregistry container you created in the previous step:
podman generate systemd --name myregistry --files --new
7. Stop the myregistry container:
podman stop myregistry
8. Reload systemd and start your registry container as a systemd unit:
systemctl --user daemon-reload
systemctl --user enable --now container-myregistry.service
systemctl --user status container-myregistry.service
loginctl enable-linger
From now on, your registry container will start automatically after system reboot on behalf of your current regular user.
9. Open port 5000 in your firewall:
sudo firewall-cmd --add-port=5000/tcp --permanent
sudo firewall-cmd --reload
10. Reboot your machine and check if systemd has started the unit:
systemctl --user status container-myregistry.service
11. Check the container is running:
podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
31ef59550685 docker.io/library/registry:latest /etc/docker/regis... 2 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp myregistry
Your registry now is available by using the myregistry:5000 URL.
Pushing your container image to the registry
1. Log in to your machine where you built your execution environment.
2. Make sure myregistry is resolvable by DNS or the /etc/hosts file from your client to the IP address of your registry machine.
3. Create the registries.conf file and put the following content in it:
mkdir -p ~/.config/containers/
cat > ~/.config/containers/registries.conf<<EOF
[[registry]]
location="myregistry:5000"
insecure=true
EOF
4. Log in to the registry:
podman login myregistry:5000
The command will ask you a login and password. Use those you passed to the htpasswd command when setting up the registry.
5. We assume, you have the following execution environment built locally:
podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/my_ee latest 1d39f6a0fbeb 2 weeks ago 388 MB
6. Add tags associated with the registry to the image:
podman tag localhost/my_ee myregistry:5000/my_ee:1.0
podman tag localhost/my_ee myregistry:5000/my_ee:latest
7. Push the execution environments to the registry:
podman push myregistry:5000/my_ee:1.0
podman push myregistry:5000/my_ee:latest
8. List the tags for the image available in the registry:
podman search --list-tags myregistry:5000/my_ee
NAME TAG
myregistry:5000/my_ee 1.0
myregistry:5000/my_ee latest
Now you can similarly log in to the registry from your other machines and run the execution environment with ansible-navigator or in your Ansible AWX/Automation Controller jobs.
Thanks for reading 
