Learn to Install Project Quay on Podman

0
0
Send lab feedback

Learn to Install Project Quay on Podman

Introduction

Project Quay is an open-source repository used to store and manage artifacts such as containers for use on cloud native platforms. Project Quay also offers additional functionality such as (in no particular order):

  • Registry - High availability
  • Security - Vulnerability scanning, Logging & Auditing, Notifications & Alerts
  • Access Control - Role-based access control (RBAC)
  • Integration - OAuth support
  • Build Automation - Git/GitHub/GitLab integration

It can be deployed on either a Kubernetes cluster using an Operator, or as a standalone container or high availability cluster on Podman.

Objectives

This lab shows how to install and run Project Quay on Podman and then confirm it is working. The main steps described are outlined below:

  • Install Project Quay on Podman
  • Verify basic Quay functionality works

Note: The steps provided do not include how to configure the registry using certificates. Therefore its recommended for non-production purposes or an internal/air-gapped environment.

Requirements

  • A system with Oracle Linux installed
  • Podman installed (the 'container-tools' package)
  • Access to the Internet

Setup the Lab Environment

Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.

  1. Open a terminal and connect via ssh to the ol-server instance if not already connected.

    ssh oracle@<ip_address_of_instance>

(Optional) Confirm Podman Works

The container-tools package in Oracle Linux provides the latest versions of Podman, Buildah, Skopeo, and associated dependencies.

  1. Check the version of Podman.

    podman -v
  2. Confirm the Podman CLI is working.

    podman run quay.io/podman/hello

    Example Output:

    [oracle@ol-server ~]$ podman run quay.io/podman/hello
    Trying to pull quay.io/podman/hello:latest...
    Getting image source signatures
    Copying blob f82b04e85914 done  
    Copying config dbd85e09a1 done  
    Writing manifest to image destination
    Storing signatures
    !... Hello Podman World ...!
    
             .--"--.           
           / -     - \         
          / (O)   (O) \        
       ~~~| -=(,Y,)=- |         
        .---. /`  \   |~~      
     ~/  o  o \~~~~.----. ~~   
      | =(X)= |~  / (O (O) \   
       ~~~~~~~  ~| =(Y_)=-  |   
      ~~~~    ~~~|   U      |~~ 
    
    Project:   https://github.com/containers/podman
    Website:   https://podman.io
    Documents: https://docs.podman.io
    Twitter:   @Podman_io

Configure Networking

Set Firewall Rules

Edit the system's firewall rules to open the ports required by Project Quay.

  1. Update Firewall Rules

    sudo firewall-cmd --permanent --add-port=80/tcp
    sudo firewall-cmd --permanent --add-port=443/tcp
    sudo firewall-cmd --permanent --add-port=5432/tcp
    sudo firewall-cmd --permanent --add-port=6379/tcp
    sudo firewall-cmd --reload
    

    Example Output:

    [oracle@ol-server ~]$ sudo firewall-cmd --permanent --add-port=80/tcp
    success
    [oracle@ol-server ~]$ sudo firewall-cmd --permanent --add-port=443/tcp
    success
    [oracle@ol-server ~]$ sudo firewall-cmd --permanent --add-port=5432/tcp
    success
    [oracle@ol-server ~]$ sudo firewall-cmd --permanent --add-port=6379/tcp
    success
    [oracle@ol-server ~]$ sudo firewall-cmd --reload
    success

    Here is a list of how each port is used:

    • Ports 80 and 443: Used by the Quay container
    • Port 5432: Used by the PostgreSQL container
    • Port 6379: Used by the Redis container

Setup Host File

Several ways exist to configure the networking used by the Project Quay containers to ensure they can communicate together, for details refer to the Project Quay documentation .

One of these options is to ensure the hostname of the Oracle Linux system is resolvable. This has already been completed in the provided free lab environment by adding the ol-server short hostname and FQDN hostname to the hosts file along with the associated IP address.

  1. Check the current content of the /etc/hosts file.

    cat /etc/hosts

    Example Output:

    [oracle@ol-server ~]$ cat /etc/hosts
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    10.0.0.150 ol-server.pub.linuxvirt.oraclevcn.com ol-server

(Optional) Install the PostgreSQL Client

This step allows accessing the PostgreSQL database from the command-line outside the container. This step is not required to configure and setup the container.

  1. Install the PostgreSQL client.

    sudo dnf -y install postgresql

Setup the Project Quay Datastore

Project Quay uses a database for storing metadata. Using Postgres is the default option and used in this tutorial. Users can also use MySQL as an alternative, but that is outside this lab's scope.

  1. Create the a directory for the database container data storage.

    sudo mkdir -p /var/lib/pgsql/data
  2. Set the correct permissions on the data storage.

    sudo chmod 0755 /var/lib/pgsql/data
    sudo setfacl -m u:26:-wx /var/lib/pgsql/data
  3. Define the environment variables.

    These define the Postgres variables that will be used to start the Postgres container.

    export POSTGRESQL_CONTAINER_NAME=postgres
    export POSTGRESQL_DB=quay
    export POSTGRESQL_USER=quayuser
    export POSTGRESQL_PASSWORD=quay-test
    

    Note: These variable are used to define the following

    • POSTGRESQL_CONTAINER_NAME refers to the name used by the Postgres container.

    • POSTGRESSQL_DB, POSTGRES_USER and POSTGRES_PASSWORD refer to Postgres specfic values.

  4. Start the Postgres container specifying details such as the User Name, Password, Database name, Port # and the Volume mount point for the database datastore.

    sudo podman run --detach --name ${POSTGRESQL_CONTAINER_NAME} \
       --env POSTGRES_USER=${POSTGRESQL_USER} \
       --env POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD} \
       --env POSTGRES_DB=${POSTGRESQL_DB} \
       --publish 5432:5432 \
       --volume /var/lib/pgsql/data:/var/lib/postgresql/data:Z \
       docker.io/library/postgres:latest

    NOTE: The :Z at the end of the -volume setting enables this storage volume to work with SELinux enabled. SELinux is enabled by default on Oracle Linux.

Add the Trigram Module to PostgreSQL

(Optional) Use the PostgreSQL Client

These steps are only possible if the Postgres client packages were installed in the above optional step. Skip this optional step if those packages were not installed.

  1. Connect to the database.

    psql -h $(hostname -i) quay quayuser

    The Password for user quayuser: is quay-test, as defined in the export and container creation above.

  2. Create the trigram module.

    CREATE EXTENSION IF NOT EXISTS pg_trgm;

    Example Output:

    quay=# CREATE EXTENSION IF NOT EXISTS pg_trgm;
    CREATE EXTENSION
  3. Exit the PostgreSQL client by typing \q and then the RETURN key.

    \q

    Example Output:

    quay=# \q                                     
    [oracle@ol-server ~]$

Run Directly in the Container

  1. Create the trigram module.

    sudo podman exec -it postgres /bin/bash -c 'echo "CREATE EXTENSION IF NOT EXISTS pg_trgm" | psql -d quay -U quayuser'

    Example Output:

    [oracle@ol-server ~]$ sudo podman exec -it postgres /bin/bash -c 'echo "CREATE EXTENSION IF NOT EXISTS pg_trgm" | psql -d quay -U quayuser'
    CREATE EXTENSION

Verify the PostgreSQL Container Status

  1. Confirm the database has started.

    sudo podman ps

    Example Output:

    [oracle@ol-server ~]$ sudo podman ps
    CONTAINER ID  IMAGE                             COMMAND               CREATED         STATUS             PORTS                   NAMES
    1ec4a57b792d  docker.io/library/postgres:10.12  postgres              27 minutes ago  Up 26 minutes ago  0.0.0.0:5432->5432/tcp  postgresql
  2. Check the container logs.

    sudo podman logs -f postgres

    Note: Use CTRL+C to return to the command prompt.

    Example Output:

    PostgreSQL init process complete; ready for start up.
    
    2023-02-01 16:11:49.512 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
    2023-02-01 16:11:49.512 UTC [1] LOG:  listening on IPv6 address "::", port 5432
    2023-02-01 16:11:49.514 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
    2023-02-01 16:11:49.524 UTC [64] LOG:  database system was shut down at 2023-02-01 16:11:49 UTC
    2023-02-01 16:11:49.528 UTC [1] LOG:  database system is ready to accept connections
  3. Confirm the IP address for the Postgres container. Make a note of it because it is required later.

    sudo podman inspect -f "{{.NetworkSettings.IPAddress}}" postgres

    Example Output:

    [oracle@ol-server ~]$ sudo podman inspect -f "{{.NetworkSettings.IPAddress}}" postgres
    10.88.0.2

    An alternative way to achieve this is shown below.

    sudo podman inspect postgres | grep IPAddress

    Example Output:

    [oracle@ol-server ~]$ sudo podman inspect postgres | grep IPAddress
                "IPAddress": "10.88.0.2",
                             "IPAddress": "10.88.0.2",

    Note: The name postgres used here matches the name used in the --name variable used in the previous Podman command to create the PostgreSQL container.

Setup Redis

Redis is required by Project Quay to store ephemeral information.

  1. Create the a directory for the Redis containers data storage.

    sudo mkdir -p /var/lib/redis
  2. Set the permissions.

    sudo chmod 0755 /var/lib/redis
  3. Start the Redis container.

    sudo podman run --detach --name redis \
                    --restart=always \
                    --publish 6379:6379 \
                    --privileged=true \
                    --volume /var/lib/redis:/var/lib/redis:Z \
                    docker.io/library/redis:latest
    
  4. Confirm the Redis container is running.

    sudo podman ps
  5. Check the Redis container's logs.

    sudo podman logs -f redis

    Note: Use CTRL+C to return to the command prompt.

  6. Confirm the IP address for the Redis container. Make a note of it because it is required later.

    sudo podman inspect -f "{{.NetworkSettings.IPAddress}}" redis

Configure Project Quay

Project Quay includes a tool to provide the details to setup the PostgreSQL database and generate the Quay configuration files. The configuration tool itself is web-based and the Quay configuration files are generated as a tar/zipped YAML file, that needs to be expanded after being moved in place.

  1. Launch the Project Quay ConfigTool.

    sudo podman run -d --name quay-config -p 80:8080 -p 443:8443 quay.io/projectquay/quay config secret-pass

    Example Output:

    [oracle@ol-server ~]$ sudo podman run -d --name quay-config -p 80:8080 -p 443:8443 quay.io/projectquay/quay config secret-pass
    Trying to pull quay.io/projectquay/quay:latest...
    Getting image source signatures
    Copying blob ec924a250552 done  
    Copying blob fd07da1562ac done  
    Copying blob 3550ee360766 done  
    Copying blob b68865894b50 done  
    Copying blob ff46f0c54d73 done  
    Copying blob 88956768f1ec done  
    Copying blob 644b12ae1636 done  
    Copying blob 9661ced91a5f done  
    Copying config c1a4397f6e done  
    Writing manifest to image destination
    Storing signatures
    cc84cafcc5bdc41dacc86c22ba7d0d52d2bf02c0b1fca9aa59879942c7669f13
  2. Right-click on the Luna Desktop and select Open Terminal Here.

  3. In the newly opened terminal, configure an SSH tunnel.

    ssh -L 8080:localhost:80 oracle@<ip_address_of_ol-server>

    Example Output:

    [luna.user@lunabox ~]$ ssh -L 8080:localhost:80 oracle@129.159.195.234
    Activate the web console with: systemctl enable --now cockpit.socket
    
    Last login: Tue Feb  7 18:56:30 2023 from 138.1.16.50

    Where 8080 is the port opened on the Luna Desktop to port 80 on the host. Port 80 is the externally mapped port for the Project Quay container.

  4. From the Luna Desktop, open a new browser session and enter the url of the Project Quay ConfigTool.

    http://localhost:8080

    Example Output:

    pgadmin-login

  5. Log in to the Quay Configuration editor using the provided values.

    • Username - quayconfig
    • Password - secret-pass (Note: This matches the last parameter passed when starting the Quay config container.)

    Example Output:

    pgadmin-login

Enter Quay Configuration Information

The following steps involve entering new details whilst others use some of the information collected/noted in the earlier steps whilst setting up Postgres, Redis, etc.

  1. If not already visible after logging in, scroll down to the 'Basic Configuration' section. Notice there are several fields that can be populated.

    • Registry Title, Registry Title Short, Enterprise Logo URL and Contact Information

    For the purposes of this Lab/Tutorial no changes will be made.

    Example Output:

    pgadmin-login

  2. Scroll down to the Server Configuration section, enter the server's hostname (as seen earlier in the /etc/hosts file).

    • Server Hostname : ol-server.pub.linuxvirt.oraclevcn.com

    Example Output:

    pgadmin-login

  3. Next, scroll down to the section called: Database.

    Example Output:

    pgadmin-login

  4. Click on the drop-down box next to the field called Database Type. Two options are listed - MySQL and Postgres, select Postgres.

    Note: The reason for selecting Postgres is to allow the option to select the Clair scanning tool at a later date, because the Clair scanning tool does not work with a MySQL Quay database.

    Example Output:

    pgadmin-login

  5. The Postgres specific fields are now displayed, enter the details to enable Postgres to be accessed.

    • Database Server : Choose either - a) Enter the $HOSTNAME or FQDN as entered in the /etc/hosts file (which must resolve using DNS) or b) Use the container IP address noted in an earlier step (for example - 10.88.0.2)
    • Username : quayuser
    • Password : quay-test
    • Database Name : quay

    **Note: All of these values MUST match those used when starting the Postgres container (see earlier), but otherwise are fully user configurable.

    Example Output:

    pgadmin-login

  6. Continue scrolling down to the Redis section, enter the IP address returned during the startup of the Redis container earlier.

    • Redis Hostname - Choose either - a) Enter the $HOSTNAME or FQDN as entered in the /etc/hosts file (which must resolve using DNS) or b) Use the container IP address noted in an earlier step (for example - 10.88.0.3)

    Example Output:

    pgadmin-login

  7. Notice that at the bottom of the browser screen there is a floating dialogue box called Validate Configuration Changes.

    Example Output:

    pgadmin-login

  8. Click on it to confirm that the minimum requirements for the Project Quay server to work have been met.

    Example Output:

    pgadmin-login

  9. Click on the button to Download the configuration file. Confirm the file (quay-config.tar.gz) has been downloaded.

    NOTE: In the Lab environment the generated configuration file is saved to the ~/Downloads directory on the Luna Desktop not on the server where the Quay repository is being configured).

    Example Output:

    pgadmin-login

  10. Right-click on the Luna Desktop and select Open Terminal Here. In the newly opened terminal confirm the configuration file has downloaded.

    ls -lsa ~/Downloads

    Example Output:

    [luna.user@lunabox Desktop]$ ls -lsa ~/Downloads
    total 12
    0 drwx------. 2 luna.user luna.user   32 Feb  8 11:59 .
    8 drwx------. 1 luna.user luna.user 4096 Feb  8 11:59 ..
    4 -rw-rw-r--. 1 luna.user luna.user 1214 Feb  8 11:59 quay-config.tar.gz
  11. Move the file from the Luna Desktop machine to the ol-server machine where Project Quay is being configured and installed.

    scp ~/Downloads/quay-config.tar.gz oracle@<ip_address_of_ol-server>:~

    IMPORTANT: Take care not to remove the :~ at the end of the above command. If it is removed nothing will be copied to the ol-server instance.

    Example output:

    [luna.user@lunabox Downloads]$ scp quay-config.tar.gz oracle@129.159.195.234:~
    quay-config.tar.gz                            100% 1214    64.1KB/s   00:00
  12. Close the active terminal window used to copy the quay-config.tar.gz file by typing exit.

  13. Switch to the terminal window used to open the SSH tunnel.

  14. Close the SSH tunnel by typing CTRL-C. The SSH tunnel session should be terminated. Keep the terminal window itself open - it will be required once again in upcoming steps.

    NOTE: Closing the SSH tunnel session is required because the container session being connected to has been closed.

  15. Switch to the original terminal window that is still logged on to ol-server, and check the quay-config.tar.gz file shows in the oracle users home directory.

    ls ~

    Example Output:

    [oracle@ol-server ~]$ ls ~
    quay-config.tar.gz
  16. Stop the Project Quay configuration container process.

    sudo podman stop quay-config

    Example Output:

    [oracle@ol-server config]$ sudo podman stop quay-config
    WARN[0010] StopSignal SIGTERM failed to stop container quay-config in 10 seconds, resorting to SIGKILL 
    quay-config
  17. Confirm the quay-config container has stopped.

    sudo podman ps

Prepare to Start Quay

The actual location for the Project Quay /config and /storage directories can be altered as needed as long as the correct permissions are applied and it is accesible.

  1. Using the original terminal window connected to ol-server, create a location to hold the Project Quay configuration.

    mkdir -p ~/quay/config
  2. Create a location where Project Quay can store its artefacts.

    mkdir -p ~/quay/storage
  3. Expand the Gzipped Tar file into the Quay configuration directory.

    tar -xzvf quay-config.tar.gz -C ~/quay/config/
  4. Confirm the YAML configuration file exists.

    cat ~/quay/config/config.yaml
  5. Grant root 'Read' access to the Project Quay config directory.

    sudo setfacl -R -m u:1001:r ~/quay/config
  6. Grant root 'Read', 'Write' and 'Execute' access to the Project Quay storage directory.

    sudo setfacl -R -m u:1001:rwx ~/quay/storage

Start Project Quay

  1. Start the Project Quay server.

    sudo podman run --name quay --restart=always --publish 443:8443 --publish 80:8080 --privileged=true --volume ~/quay/config:/conf/stack:Z --volume ~/quay/storage:/datastorage:Z --detach quay.io/projectquay/quay:latest
  2. Confirm it started.

    sudo podman ps
  3. Check the Project Quay logs - this can take upto 15-20 minutes to complete the first time Project Quay starts.

    sudo podman logs -f quay
  4. Switch to the terminal window previously used to configure an SSH tunnel, and open the SSH tunnel again.

    ssh -L 8080:localhost:80 oracle@<ip_address_of_ol-server>

    Example Output:

    [luna.user@lunabox ~]$ ssh -L 8080:localhost:80 oracle@129.159.195.234
    Activate the web console with: systemctl enable --now cockpit.socket
    
    Last login: Tue Feb  7 18:56:30 2023 from 138.1.16.50
  5. On the Luna Desktop, open a new Browser window and connect to the Project Quay Registry login screen.

    http://localhost:8080

    Example Output:

    pgadmin-login

    Note: If the browser window returns an error message (often indicating an inability to load config), it means that the Project Quay server is still configuring itself for this initial startup. Please wait and retry in a few minutes.

Create New Project Quay User and Login

  1. The first thing to do is to create a new user. At the Quay Login screen click on the link (below the Username & Password fields) called Create Account.

    Example Output:

    pgadmin-login

  2. The Create New Account page is displayed, enter the following information.

    • Username - This will be the username displayed within the Quay Registry.
    • E-mail Address - This should be a valid email address (not used in this Lab for verification)
    • Password - Enter a password (must be a minimum of 8 characters long)

    Note: If any of the fields display a red background it means an unexpected, or invalid, value has been entered. A green background indicates the entered values are valid.

    Example Output:

    pgadmin-login

    Important: How to create a super user is documented here . A super user is a normal user that has been granted extended privileges, which includes the ability to perform the following actions.

    • Manage Users
    • Manage Organizations
    • Query Usage logs
    • View the Change log
  3. Once all of the entry fields have a green background (see previous screenshot), click on the Create Account button. Project Quay creates the new account and logs in automatically.

    (Optional) Decide whether to save the username and password values based on either personal choice or Company Policy.

    Example Output:

    pgadmin-login

  4. Project Quay is running and the first user is logged in.

    Example Output:

    pgadmin-login

Create a New Project Quay Registry Repository

A repository in Project Quay is usually named the same as the container image that will be stored (_'pushed') to it once setup. This makes it much clearer to locate container images from this locally hosted container registry afterwards. However for the purposes of the Lab steps there is no requirement to comply with this, hence why the screenshots show the repository name as being test01.

  1. Click on the Create New Repository link (top right-hand side of the screen), the Create New Repository screen is displayed.

    Example Output:

    pgadmin-login

  2. Complete the required values. These are shown below.

    • Repository Name - Repository names must match [a-z0-9][.a-z0-9_-](/[a-z0-9][.a-z0-9_-])* (Note: Capital letters are invalid)
    • Repostory Description - This is optional.
    • Choose to either make the Repository Public or Private depending upon the intended purpose.

    Note: Both the Repository Description and Public/Private settings can be altered at a later time

    Example Output:

    pgadmin-login

  3. Click on the button to create the new repository. This will display showing either Create Private Repository or Create_Public_Repository, depending upon which repository type was selected in the previous step.

    Example Output:

    pgadmin-login

  4. The newly created repository is displayed.

    Example Output:

    pgadmin-login

    At this point the Project Quay Registry has been started, a new user created and logged in. Finally a new repository has been created within the Container Registry. The next step is to return to the command line and upload a container to this newly created container registry.

Using Project Quay

These steps demonstrate pulling an image from an external registry, then tagging the image, logging on to the newly created Project Quay Registry, before finally pushing the image into the newly created test01 repository.

Note: Because this install of Project Quay has not been configured using SSL Certificates the Login and Push operations need an extra flag (--tls-verify=false) to be used, otherwise they would fail. In a production environment the --tls-verify=false flag should NOT be used.

  1. Open a terminal and connect via ssh to the ol-server instance if not already connected.

    ssh oracle@<ip_address_of_ol-server>
  2. Pull an image that is to be stored on the locally hosted Project Quay Registry.

    podman pull quay.io/operator-framework/operatorhubio:v4

    Example Output:

    podman pull quay.io/operator-framework/operatorhubio:v4
    Trying to pull quay.io/operator-framework/operatorhubio:v4...
    Getting image source signatures
    Copying blob de07aeb713d7 done  
    Copying blob ef32bf2cb8c7 done  
    Copying blob bf5952930446 done  
    Copying blob 84807cd1a858 done  
    Copying blob 1e60e070fb81 done  
    Copying blob a42b61b64a1a done  
    Copying blob 4002c47008f9 done  
    Copying blob 44e6bcd92ca9 done  
    Copying blob f8baa3854da1 done  
    Copying blob c0ea348411ae done  
    Copying config 11fa238eb3 done  
    Writing manifest to image destination
    Storing signatures
    11fa238eb3e3aa3262cafd975a9ca787e4f0832cd369ce3d1cb1c9c70573f4be
  3. Tag the downloaded image with details of the destination (the newly created Project Quay Registry). The tag used can be any value preferred - in this example it is 'latest".

    podman tag quay.io/operator-framework/operatorhubio:v4 ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest

    Where user01 is the name of your username in the registry, and test01 is the name of the registry.

  4. Login to the newly created Project Quay Registry and the repository just created.

    podman login --tls-verify=false ol-server.pub.linuxvirt.oraclevcn.com/user01/test01

    Note: Use the Username and Password values used when creating the Project Quay user in the previous steps.

    Example Output:

    [oracle@ol-server ~]$ podman login --tls-verify=false ol-server.pub.linuxvirt.oraclevcn.com/user01/test01
    Username: user01
    Password: 
    Login Succeeded!
  5. Push the image to the newly created Project Quay Registry.

    podman push --tls-verify=false quay.io/operator-framework/operatorhubio:v4 ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest

    Example Output:

    podman push --tls-verify=false quay.io/operator-framework/operatorhubio:v4 ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest
    Getting image source signatures
    Copying blob 8d46fa734840 done  
    Copying blob c5350d986805 done  
    Copying blob 274132c050df done  
    Copying blob d0f104dc0a1f done  
    Copying blob 9d51489878a0 done  
    Copying blob ed6469d35467 done  
    Copying blob fa152f521d35 done  
    Copying blob b277d564135b done  
    Copying blob 5764184699a3 done  
    Copying blob 15d6d3b2e9e6 done  
    Copying config 76a6ea4d80 done  
    Writing manifest to image destination
    Storing signatures
  6. Return to the browser window and navigate to the Repository Tags section of the previously created user-1/test01 repository, the 'tagged' image is listed.

    Example Output:

    pgadmin-login

  7. Before being able to test whether it is possible to retrieve the image from the local Project Quay Registry, it is neccessary to delete the local copy.

    podman rmi ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest

    Example Output:

    [oracle@ol-server config]$ podman rmi ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest
    Untagged: ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest
  8. Next pull the image, but this time from the locally hosted Project Quay Registry.

    podman pull --tls-verify=false ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest

    Example Output:

    [oracle@ol-server config]$ podman pull --tls-verify=false ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest
    Trying to pull ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest...
    Getting image source signatures
    Copying blob eacf9093f015 done  
    Copying blob d204dcb236ad done 
    Copying blob fcbc1d0b6248 done  
    Copying blob 5dd584b7c36d done  
    Copying blob 7940dd7814b2 done  
    Copying blob a06d838fcfaf done  
    Copying blob a783f1b4704a done  
    Copying blob 8875926a3ee5 done  
    Copying blob 622c87e26f84 done  
    Copying blob 2ec61b0ec8cf done  
    Copying config 76a6ea4d80 done  
    Writing manifest to image destination
    Storing signatures
    76a6ea4d8064c26288fd07db817a683ca476b8ca64de07a2568e7acf53c78ded

    This confirms that the local Project Quay Registry is able to store, and then serve, Container images stored within it's own Repositories.

Next Steps

This completes this Lab demonstrating how to install and run a Project Quay Registry on Podman. However Project Quay has many more features and abilities which were outside of the scope of this Lab such as shown below.

  • Can be deployed for high Availability (via Podman or Kubernetes)
  • Can be deployed on Kubernetes via an Operator or Helm
  • Can be integrated with OAuth & Email systems
  • Support for Repository mirroring
  • Clair-based image security scanning can be enabled
  • Support for Dockerfile builds

More details can be located in the Project Quay Documentation.

In the meantime, many thanks for taking the time to try this Lab.

SSR