User Container Images¶

For the PROVISION environment, machines need access to the work container images that will be deployed for users.  
Three modes are available: Online, Proxy, Offline.  
Choose only one mode and define the variables before running the final installation command.

General Principles¶

The registry variables are read by the reemo-provision Ansible role.

REGISTRY_URL: registry URL (e.g., registry.reemo.io)
REGISTRY_ENV: the prefix allowing the Ansible role to build image names in the format **REGISTRY_ENV**chromium
REGISTRY_USERNAME: username provided by Reemo support
REGISTRY_PASSWORD: password provided by Reemo support

Example resulting image: registry.reemo.io/reemosbchromium:latest

Optimization: Image Preloading (Warmup)¶

To avoid a loading delay during a user’s first connection, the Provision environment preloads certain images. By default, the reemosbchromium image is preloaded automatically (["registry.reemo.io/reemosbchromium"]).

However, if you want to preload additional images (such as reemosbssh) or if you are using a private registry, you can override this variable:

PROVISION_IMAGE_WARMUP: List (Array) of complete images to preload on the provisioning servers.

Tip

Check disk space on each node. Image loading may require several GB of free space.

Online Mode¶

All machines connect directly to the Reemo registry.

Requirements¶

HTTPS access open to registry.reemo.io:443.
Credentials provided by Reemo support.

Minimal Inventory¶

all:
    vars:
        REGISTRY_URL: "registry.reemo.io"
        REGISTRY_ENV: "reemosb"
        REGISTRY_USERNAME: "user"
        REGISTRY_PASSWORD: "password"

Quick Checks¶

Verify the registry login (from a node):

docker login registry.reemo.io

Verify the prefix being used (example):

docker pull registry.reemo.io/reemosbchromium:latest

Confirm the image is present locally:

docker image ls

Proxy Mode¶

Nodes access the registry through an HTTP/HTTPS proxy.

Use the same inventory configuration as in Online mode.

To declare the proxy in the Docker service:

Add the following line to the [Service] section of /usr/lib/systemd/system/docker.service

EnvironmentFile=/etc/default/docker

Create the file /etc/default/docker and fill in the following information:

http_proxy="http://< Proxy server IP >:< Proxy service port >"
https_proxy="http://< Proxy server IP >:< Proxy service port >"

On the proxy, allow access to the following URLs:

registry.reemo.io
registry-auth.reemo.io

Offline Mode¶

A bridge machine with Internet access retrieves the images, then you preload them elsewhere (nodes or private registry).

Scenario A: Distributed Tarballs¶

On the bridge machine:

docker login registry.reemo.io
docker pull registry.reemo.io/reemosbchrome:latest
docker save registry.reemo.io/reemosbchrome:latest > /tmp/reemosbchrome_latest.tar

Transfer the .tar files to the nodes, then load them on the node:

docker load < reemosbchrome_latest.tar

Scenario B: Intermediate Private Registry¶

The bridge machine pulls from registry.reemo.io then pushes to your private registry.

On the nodes, configure:

REGISTRY_URL: "<your_private_registry>"
REGISTRY_ENV: "<your_namespace>"
REGISTRY_USERNAME: "<user_if_required>"
REGISTRY_PASSWORD: "<password_if_required>"

You can then run the installation in Online mode against your private registry.