User Container Images

For the PROVISION environment, machines need access to the work container images that will be deployed for users.

Three modes are available: Online, Proxy, Offline.

Choose only one mode and define the variables before running the final installation command.

General Principles

The registry variables are read by the reemo-provision Ansible role.

• REGISTRY_URL: registry URL (e.g., registry.reemo.io)

• REGISTRY_ENV: the prefix allowing the Ansible role to build image names in the format REGISTRY_ENV chromium

• REGISTRY_USERNAME: username provided by Reemo support

• REGISTRY_PASSWORD: password provided by Reemo support

Example resulting image: registry.reemo.io/reemosbchromium:latest

Note

Optimization: The Ansible role lets you finely customize Docker image preloading (Relay, Provisioning, and air-gapped modes). To configure your own variables, refer directly to the dedicated section at the bottom of the page: Image Preloading (Image Warmup).

Tip

Check disk space on each node. Image loading may require several GB of free space.

Online Mode

All machines connect directly to the Reemo registry.

Requirements

• HTTPS access open to registry.reemo.io:443.

• Credentials provided by Reemo support.

Minimal Inventory

all:
    vars:
        REGISTRY_URL: "registry.reemo.io"
        REGISTRY_ENV: "reemosb"
        REGISTRY_USERNAME: "user"
        REGISTRY_PASSWORD: "password"

Quick Checks

Verify the registry login (from a node):

docker login registry.reemo.io

Verify the prefix being used (example):

docker pull registry.reemo.io/reemosbchromium:latest

Confirm the image is present locally:

docker image ls

Proxy Mode

Nodes access the registry through an HTTP/HTTPS proxy.

Use the same inventory configuration as in Online mode.

To declare the proxy in the Docker service:

• Add the following line to the [Service] section of /usr/lib/systemd/system/docker.service

EnvironmentFile=/etc/default/docker

• Create the file /etc/default/docker and fill in the following information:

http_proxy="http://< Proxy server IP >:< Proxy service port >"
https_proxy="http://< Proxy server IP >:< Proxy service port >"

• On the proxy, allow access to the following URLs:

registry.reemo.io
registry-auth.reemo.io

Offline Mode

A bridge machine with Internet access retrieves the images, then you preload them elsewhere (nodes or private registry).

Scenario A: Distributed Tarballs

On the bridge machine:

docker login registry.reemo.io
docker pull registry.reemo.io/reemosbchrome:latest
docker save registry.reemo.io/reemosbchrome:latest > /tmp/reemosbchrome_latest.tar

Transfer the .tar files to the nodes, then load them on the node:

docker load < reemosbchrome_latest.tar

Scenario B: Intermediate Private Registry

The bridge machine pulls from registry.reemo.io then pushes to your private registry.

On the nodes, configure:

REGISTRY_URL: "<your_private_registry>"
REGISTRY_ENV: "<your_namespace>"
REGISTRY_USERNAME: "<user_if_required>"
REGISTRY_PASSWORD: "<password_if_required>"

You can then run the installation in Online mode against your private registry.

Image Preloading (Image Warmup)

The Ansible role can preload (pull) Docker images before deployment to speed up container startup times and preserve bandwidth during critical phases.

Note

Preloading automatically disables if LOAD_IMAGE: true (typical for air-gapped configurations using local archives).

PROVISION_IMAGE_WARMUP

List of images to preload for isolated provisioning sessions.

Default value:

PROVISION_IMAGE_WARMUP:
  - "registry.reemo.io/reemosbchromium"

Dynamic Targeting Logic: Unlike a fixed group, the role inspects the host’s groups to detect its provisioning prefix (provision, provision1, provision2, etc.) and applies the following rule:

• If the <prefix>_worker group exists and contains hosts: only these worker nodes perform the preloading.

• Otherwise (no worker defined): nodes in the <prefix>_manager group handle the preloading.

This ensures that the warmup runs exclusively on the machines that will actually spin up the containers (whether you are using a small Manager-only topology or a distributed architecture).

Override Examples

Override these variables in your group_vars or host_vars to manage rollback versions, or a private mirror with pinned image versions:

# group_vars/provision_worker.yml
PROVISION_IMAGE_WARMUP:
  - "registry.company.local/reemosbchromium:2.8.0" # Internal mirror + pinned version
  - "registry.reemo.io/reemosbfirefox:2.8.0"       # Alternative sandbox

LOAD_IMAGE

To completely disable image preloading (typically for air-gapped environments without Internet access):

LOAD_IMAGE: true

By default, this variable is set to false.

Ansible Tags

Use Ansible tags to preload images ahead of a deployment without replaying the entire playbook or modifying the rest of the configuration.

# Preload Provisioning components only
ansible-playbook site.yml --tags provision_image_warmup

# Run the entire warmup
ansible-playbook site.yml --tags provision_image_warmup