ssh node1-0.example.redhatgov.ioTable of Contents
During this module you will configure both nodes to host secure container registries.
The registry software runs in a container and listens on port 5000. Configuring the
registry consists of generating a self-signed SSL certificate and running the
container. Two simple bash scripts are provided to do this. Once the registries are
configured and running, the curl command can be used to test basic connectivity.
Configuring the registries
Node 1
Login to node1-0.example.redhatgov.io (from the bastion) and configure the registry. Do this as a regular (non-root) user.
You’ll be asked to confirm the key fingerprint, the first time that you login. Please answer yes.
The authenticity of host 'node1-0.example.redhatgov.io (10.0.2.88)' can't be established. ECDSA key fingerprint is SHA256:t019FDEhEgp1uhivEZy1gwqaNaXM75tOem4MHpmLRaw. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'node1-0.example.redhatgov.io,10.0.2.88' (ECDSA) to the list of known hosts. Last login: Tue Jan 12 02:10:26 2021 from 10.0.2.245 [ec2-user@ip-10-0-2-88 ~]$
Confirm that the FQDN variable is set to node1-0.example.redhatgov.io in the myserver.cnf file.
cd $HOME/files/nodes/registry-files/gen-certs
grep ^FQDN myserver.cnfFQDN=node1-0.example.redhatgov.io
Run the
gen-cert.sh script to generate an SSL certificate.sh ./gen-cert.shGenerating a RSA private key ........................................................++++ .......................................++++ writing new private key to 'myserver.key' ----- Signature ok subject=C = CH, O = Summit, CN = node1-0.example.redhatgov.io Getting Private key Certificate: Data: Version: 1 (0x0) Serial Number: 66:eb:dd:c8:21:f5:38:ef:22:16:79:d0:ba:34:2c:f9:4b:1b:7d:6f Signature Algorithm: sha256WithRSAEncryption Issuer: C = CH, O = Summit, CN = node1-0.example.redhatgov.io Validity Not Before: Apr 7 19:12:30 2020 GMT Not After : Sep 28 19:12:30 2025 GMT
Now move up one directory and run the run-registry.sh script to start the registry container.
cd ..
loginctl enable-linger
sh ./run-registry.shAdding password for user redhat 750ef695e4b66b00919e725bc2559db6ec2f9407e1f31358686b4339017c2ed5 Give the registry a minute or so to start then ... curl --user user:password -k https://localhost:5000/v2/_catalog
Testing the registries
Use curl to test that the registry service is running:
curl --user redhat:redhat https://node1-0.example.redhatgov.io:5000/v2/_catalog{"repositories":[]}
Logout from node1:
exitNode 2
Login to node2-0.example.redhatgov.io (from the bastion) and configure the registry. Do this as a regular (non-root) user.
ssh node2-0.example.redhatgov.ioYou’ll be asked to confirm the key fingerprint, the first time that you login. Please answer yes.
The authenticity of host 'jajcs.node2.0.rhnaps.io (10.0.2.88)' can't be established. ECDSA key fingerprint is SHA256:t019FDEhEgp1uhivEZy1gwqaNaXM75tOem4MHpmLRaw. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'jajcs.node2.0.rhnaps.io,10.0.2.88' (ECDSA) to the list of known hosts. Last login: Tue Jan 12 02:10:26 2021 from 10.0.2.245 [ec2-user@ip-10-0-2-88 ~]$
Confirm that the FQDN variable is set to node2-0.example.redhatgov.io in the myserver.cnf file.
cd $HOME/files/nodes/registry-files/gen-certs
grep ^FQDN myserver.cnfFQDN=node2-0.example.redhatgov.io
Run the
gen-cert.sh script to generate an SSL certificate.sh ./gen-cert.shGenerating a RSA private key ........................................................++++ .......................................++++ writing new private key to 'myserver.key' ----- Signature ok subject=C = CH, O = Summit, CN = node2-0.example.redhatgov.io Getting Private key Certificate: Data: Version: 1 (0x0) Serial Number: 66:eb:dd:c8:21:f5:38:ef:22:16:79:d0:ba:34:2c:f9:4b:1b:7d:6f Signature Algorithm: sha256WithRSAEncryption Issuer: C = CH, O = Summit, CN = node2-0.example.redhatgov.io Validity Not Before: Apr 7 19:12:30 2020 GMT Not After : Sep 28 19:12:30 2025 GMT
Now move up one directory and run the run-registry.sh script to start the registry container.
cd ..
loginctl enable-linger
sh ./run-registry.shAdding password for user redhat 750ef695e4b66b00919e725bc2559db6ec2f9407e1f31358686b4339017c2ed5 Give the registry a minute or so to start then ... curl --user user:password -k https://localhost:5000/v2/_catalog
Testing the registries
Use curl to test that the registry service is running:
curl --user redhat:redhat https://node2-0.example.redhatgov.io:5000/v2/_catalog{"repositories":[]}
Logout from node2:
exitConfiguring and testing the bastion
Now try to curl the registries from the bastion using the fully-qualified domain name:
curl --user redhat:redhat https://node1-0.example.redhatgov.io:5000/v2/_catalog{"repositories":[]}
curl --user redhat:redhat https://node2-0.example.redhatgov.io:5000/v2/_catalog{"repositories":[]}
Now that the registries have been configured, the remainder of the commands will be run on the bastion.
×
Workshop Details
| Domain |
|
|
| Workshop | ||
| Student ID |
Workshop Details
| Domain |
|
|
| Workshop | ||
| Student ID |