stand_alone_registry.adoc

Installing a Stand-alone Registry

• Overview
• Minimum Hardware Requirements
• Supported System Topologies
• Host Preparation
• Installation Methods
  • Advanced Installation for Stand-alone Registries

Overview

{product-title} is a fully-featured platform-as-a-service (PaaS) enterprise solution that includes an embedded container registry. However, it can alternatively be installed as a stand-alone container registry to run on-premise or in the cloud.

The stand-alone registry from {product-title} provides the following capabilities:

• A user-focused registry web console.

• Secured traffic by default, served via TLS.

• Global identity provider authentication.

• A project namespace model to enable teams to collaborate through role-based access control (RBAC) authorization.

• A Kubernetes-based cluster to manage services.

• An image abstraction called image streams to enhance image management.

Minimum Hardware Requirements

Installing {product-title} as a stand-alone registry has the following hardware requirements:

• Physical or virtual system, or an instance running on a public or private IaaS.

• NetworkManager 1.0 or later

• 2 vCPU.

• Minimum 16 GB RAM.

• Minimum 15 GB hard disk space for the file system containing /var/.

• An additional minimum 15 GB unallocated space to be used for Docker’s storage back end; see Configuring Docker Storage for details.

Important

{product-title} only supports servers with x86_64 architecture.

Note	Meeting the /var/ file system sizing requirements in RHEL Atomic Host requires making changes to the default configuration. See Managing Storage in Red Hat Enterprise Linux Atomic Host for instructions on configuring this during or after installation.

Supported System Topologies

The following system topologies are supported when running {product-title} as a stand-alone registry:

All-in-one	A single host that includes the master, node, etcd, and registry components.
Multiple Masters (Highly-Available)	Three hosts with all components included on each (master, node, etcd, and registry), with the masters configured for native high-availability.

Host Preparation

Before installing a stand-alone registry, all of the same steps detailed in the Host Preparation topic for installing a full {product-title} PaaS must be performed. This includes registering and subscribing the host(s) to the proper repositories, installing or updating certain packages, and setting up Docker and its storage requirements.

Follow the steps in the Host Preparation topic, then continue to Installation Methods.

Installation Methods

Advanced Installation for Stand-alone Registries

When using the advanced installation method to install a stand-alone registry, use the same steps for installing a full {product-title} PaaS using Ansible described in the full Advanced Installation topic. The main difference is that you must set deployment_subtype=registry in the inventory file within the [OSEv3:vars] section for the playbooks to follow the registry installation path.

See the following example inventory files for the different supported system topologies:

Example 1. All-in-one Stand-alone Registry Inventory File

# Create an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root

# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true

deployment_type=openshift-enterprise
deployment_subtype=registry (1)

# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

# host group for masters
[masters]
registry.example.com

# host group for nodes, includes region info
[nodes]
registry.example.com openshift_schedulable=true openshift_node_labels="{'region': 'infra', 'zone': 'default'}" (2)

1. Set deployment_subtype=registry to ensure installation of the stand-alone registry.

2. Set openshift_schedulable=true on the node entry to make the single node schedulable for pod placement.

Example 2. Multiple Masters (Highly-Available) Stand-alone Registry Inventory File

# Create an OSEv3 group that contains the master, nodes, etcd, and lb groups.
# The lb group lets Ansible configure HAProxy as the load balancing solution.
# Comment lb out if your load balancer is pre-configured.
[OSEv3:children]
masters
nodes
etcd
lb

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=openshift-enterprise
deployment_subtype=registry (1)

# Uncomment the following to enable htpasswd authentication; defaults to
# DenyAllPasswordIdentityProvider.
#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

# Native high availability cluster method with optional load balancer.
# If no lb group is defined installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
# balancer is present.
openshift_master_cluster_method=native
openshift_master_cluster_hostname=openshift-cluster.example.com
openshift_master_cluster_public_hostname=openshift-cluster.example.com

# apply updated node defaults
openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}

# override the default controller lease ttl
#osm_controller_lease_ttl=30

# enable ntp on masters to ensure proper failover
openshift_clock_enabled=true

# host group for masters
[masters]
master1.example.com
master2.example.com
master3.example.com

# host group for etcd
[etcd]
etcd1.example.com
etcd2.example.com
etcd3.example.com

# Specify load balancer host
[lb]
lb.example.com

# host group for nodes, includes region info
[nodes]
master[1:3].example.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
node1.example.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}"
node2.example.com openshift_node_labels="{'region': 'primary', 'zone': 'west'}"

1. Setting deployment_subtype=registry ensures installation of the stand-alone registry.

After you have configured Ansible by defining an inventory file in /etc/ansible/hosts, you can run the advanced installation using the following playbook:

# ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml

Note	For more detailed usage information on the advanced installation method, including a comprehensive list of available Ansible variables, see the full topic at Advanced Installation.