Support Docker private registry for Rancher agents and system containers [#924]

I’ve seen that on 0.34 beta there is this feature, but i cannot understand to use that;

can someone help me on this?

We’ve created documentation on how to get set up Rancher using a private registry.

hi to all;

it’s like 11 days that i’m still unable to configure a private registry with rancher; documentation is not talking about basic principles of interaction between rancher and private registry, and also there isn’t a FAQ section that will help us a lot.

Here some questions for you, making an example with this structure:

n.1 rancher server 
n.5 rancher hosts
  1. where private registry should be configured?
  2. can rancher build insecure registry itself?
  3. what to do in case of an insecure registry?
  4. rancher registry section is asking for both email and username; what should i put there?

Thanks in advance

I think you’re conflating two separate features. The new feature in 0.34 allows you to manually copy the images Rancher itself requires (such as rancher/agent) to a local registry so that it can be used in a situation where the hosts have no access to the Internet to download them from normal DockerHub. That’s the documentation you linked to.

Running your own containers from your own images a registry that is not DockerHub is not new, and is documented here.

  1. Assuming you mean the 2nd feature, user icon menu in the upper-right corner -> Registries.

  2. No, Rancher does not include a registry. There are images from other people you can run to do this.

  3. Described in the docs. The docker daemon on each host must be configured to allow insecure.

  4. Whatever you would put in when logging in to the registry with docker login. Most private registries won’t care what email you provide but those are the 3 fields Docker asks for to login to a registry.

1 Like

Vincent. How do I configure the hosts to allow insecure registries. I know how to set this for for Docker Machine, and how to manually set up /etc/default/docker. But I’d rather configure Rancher to set up the hosts for me. Is this possible?

No, Rancher does not manage the docker daemon itself or its configuration.

Just to clear, are you saying that I can’t even pass through flags to docker machine?

Specifically, I’d like to pass the same options docker-machine for every host, so I don’t need anything dynamic. Initially, I want to pass in “–engine-insecure-registry” and maybe a couple of “–engine-opt key=value”.

I"m a little worried about mucking around on the hosts, because I don’t want to mess up anything Rancher depends upon. At least, I’d like your recommendation on what I can and cannot mess with on the hosts, and a suggested process for doing things like re-configuring the docker daemon on the hosts, if there is anything special. For example it may just be, 1. edit /etc/default/docker, 2. service docker restart. But if there is some thing more I need to do for Rancher, please, let me know.

If Rancher doesn’t facilitate any changes to the base configuration to Docker Machine, then consider this an enhancement idea. :smile:

What I meant is the rancher agent runs on top of an arbitrary docker daemon. For probably much the same reason you don’t want to touch it, we don’t want to be in the business of trying to parse init scripts and defaults files for the infinite possibilities the OS and install methods might have to change settings for the docker daemon itself.

For hosts through docker-machine though, I do think it is reasonable to add support for the --engine options on create. It is not currently in our API, but I expect would be straightforward (@wlan0). There is not any way to edit those options after create though in docker-machine, as far as I’m aware.

the ability to pass engine options through to Docker Machine doesn’t seem to be in v40. Any idea when this feature will be added. I’m not pressing, I just want to know if it’s on the “todo” list.

@ebishop I haven’t seen anything in GitHub related to what you’re asking. Would you mind opening up an issue for it? This will put it on our radar when planning out releases.