Thursday, 18 February 2016

Adding private insecure registry to Rancher nodes

Quick post before I forget - there's quite a few people asking how to get insecure docker registry running on RancherOS node. Here's what worked well for me.

First thing that helps a lot is to have some DNS entry for your registry - remember you will use this hostname quite often, so better set it up now than use IP addresses going forward.
As I run my own internal DNS server with local zones, I have created registry.rancher.lan entry and pointed to the node running registry container.

All of my nodes were already up and running, so I didn't use cloud-config.yml file for that and had to stick to ssh to get it working, but there's nothing to stop you from adding it right there for node installation time. The ssh process is super simple - please note entire command is a single line:

$ sudo ros config set rancher.docker.args "[daemon, --log-opt, max-size=25m, --log-opt, max-file=2, -s, overlay, -G, docker, -H, unix:///var/run/docker.sock, --userland-proxy=false, --insecure-registry=registry.rancher.lan:5000]"
I've marked in bold the key element. Be aware, the syntax is quite sensitive if you use quotes. I had multiple crashes on boot because single quote was converted to python(ish) three single quotes, which of course didn't parse well going forward. Clearly the config tool tries to be smart, so please, let it be and remove quotes in parameters passed in the array.

Finally, reboot and off you go - the node will now find and correctly use the images hosted in your own registry.