Selection_047In my POC environment, I designed and implemented the docker infrastructure that is displayed as above. It combines two major parts: private docker registry host and docker host.

How it works? The work flow is pretty straight forward. I will explain it step by step, and also add some notes that I have taken while building the environment. ( I use RHEL7.1, you can skip the RedHat parts if you don’t run RHEL.)

Step 1) The private docker registry host pulls the docker images from the public registry.


  • Redhat version docker supports upstream repo entitlements. But it only works with rhsm (subscription-manager), not rhn-channel in satellite. This is how to use Redhat subscription-manager
    subscription-manager register
    subscription-manager list –available
    subscription-manager attach –pool=XXXXXXXXXXXXXXXXXXX
  • Modify /etc/sysconfig/docker in the docker-reg host to add/remove/block registry, and add proxy if needed. Then restart docker service. Here is a example:
    ADD_REGISTRY=’–add-registry registry.access.redhat.com  –add-registry docker-reg.domain.local:5000′
    # If you don’t want to use cert based authentication
    INSECURE_REGISTRY=’–insecure-registry docker-reg.domain.local:5000′
    # If the host is behind proxy

Step 2) Build SOE docker images based on the pulled images.


  • Use -t to tag, -f to specify the dockerfile, –no-cache=false/true to choose whether use cache when build a new docker images (docker build)

Step 3) Push the SOE images that are generated in above to the private registry.


  • docker use http PUT method to upload the filem which older squid version (e.g 2.6) does not support.
  • The private registry should be same as the tag that is used in step 2.

Step 4) On the docker-host, pull the SOE images from the private docker registry host.


  • Modify the /etc/sysconfig/docker then restart the docker service. Here is a example
    ADD_REGISTRY=’–add-registry docker-reg.domain.local:5000′
    # Only use private docker registry
    BLOCK_REGISTRY=’–block-registry docker.io’
    INSECURE_REGISTRY=’–insecure-registry docker-reg.domain.local:5000′

Step 5) On the docker-host, create containers based on the SOE images.

I have puppetized steps 1-4, and it works so well!! Once I published it to github, I will add a link here.

The things that I am working on now is to puppetizing step 5, and adding monitoring functions.