User Container Images

For the PROVISION environment, machines need access to the work container images that will be deployed for users.
Three modes are available: Online, Proxy, Offline.
Choose only one mode and define the variables before running the final installation command.

General Principles

The registry variables are read by the reemo-provision Ansible role.

  • REGISTRY_URL: registry URL (e.g., registry.reemo.io)

  • REGISTRY_ENV: the prefix allowing the Ansible role to build image names in the format **REGISTRY_ENV**chromium

  • REGISTRY_USERNAME: username provided by Reemo support

  • REGISTRY_PASSWORD: password provided by Reemo support

Example resulting image: registry.reemo.io/reemosbchromium:latest

Tip

Check disk space on each node. Image loading may require several GB of free space.

Online Mode

All machines connect directly to the Reemo registry.

Requirements

  • HTTPS access open to registry.reemo.io:443.

  • Credentials provided by Reemo support.

Minimal Inventory

all:
    vars:
        REGISTRY_URL: "registry.reemo.io"
        REGISTRY_ENV: "reemosb"
        REGISTRY_USERNAME: "user"
        REGISTRY_PASSWORD: "password"

Quick Checks

Verify the registry login (from a node):

docker login registry.reemo.io

Verify the prefix being used (example):

docker pull registry.reemo.io/reemosbchromium:latest

Confirm the image is present locally:

docker image ls

Proxy Mode

Nodes access the registry through an HTTP/HTTPS proxy.

Use the same inventory configuration as in Online mode.

To declare the proxy in the Docker service:

  • Add the following line to the [Service] section of /usr/lib/systemd/system/docker.service

EnvironmentFile=/etc/default/docker

  • Create the file /etc/default/docker and fill in the following information:

http_proxy="http://< Proxy server IP >:< Proxy service port >"
https_proxy="http://< Proxy server IP >:< Proxy service port >"

  • On the proxy, allow access to the following URLs:

registry.reemo.io
registry-auth.reemo.io

Offline Mode

A bridge machine with Internet access retrieves the images, then you preload them elsewhere (nodes or private registry).

Scenario A: Distributed Tarballs

On the bridge machine:

docker login registry.reemo.io
docker pull registry.reemo.io/reemosbchrome:latest
docker save registry.reemo.io/reemosbchrome:latest > /tmp/reemosbchrome_latest.tar

Transfer the .tar files to the nodes, then load them on the node:

docker load < reemosbchrome_latest.tar

Scenario B: Intermediate Private Registry

The bridge machine pulls from registry.reemo.io then pushes to your private registry.

On the nodes, configure:

REGISTRY_URL: "<your_private_registry>"
REGISTRY_ENV: "<your_namespace>"
REGISTRY_USERNAME: "<user_if_required>"
REGISTRY_PASSWORD: "<password_if_required>"

You can then run the installation in Online mode against your private registry.