2020-06-03 21:08:23 +00:00
---
stage: Enablement
group: Geo
2020-11-26 06:09:20 +00:00
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-06-03 21:08:23 +00:00
type: howto
---
2021-04-14 15:09:04 +00:00
# Docker Registry for a secondary site **(PREMIUM SELF)**
2019-05-05 16:08:21 +00:00
2019-09-11 02:52:00 +00:00
You can set up a [Docker Registry ](https://docs.docker.com/registry/ ) on your
2021-04-14 15:09:04 +00:00
**secondary** Geo site that mirrors the one on the **primary** Geo site.
2019-05-05 16:08:21 +00:00
## Storage support
2020-06-04 06:08:42 +00:00
Docker Registry currently supports a few types of storage. If you choose a
2019-05-05 16:08:21 +00:00
distributed storage (`azure`, `gcs` , `s3` , `swift` , or `oss` ) for your Docker
2021-04-14 15:09:04 +00:00
Registry on the **primary** site, you can use the same storage for a **secondary**
2019-05-05 16:08:21 +00:00
Docker Registry as well. For more information, read the
2019-09-11 02:52:00 +00:00
[Load balancing considerations ](https://docs.docker.com/registry/deploying/#load-balancing-considerations )
2020-12-16 00:09:58 +00:00
when deploying the Registry, and how to set up the storage driver for the GitLab
2020-07-15 21:09:26 +00:00
integrated [Container Registry ](../../packages/container_registry.md#use-object-storage ).
2019-09-11 02:52:00 +00:00
## Replicating Docker Registry
You can enable a storage-agnostic replication so it
2020-06-04 06:08:42 +00:00
can be used for cloud or local storage. Whenever a new image is pushed to the
2021-04-26 00:09:41 +00:00
**primary** site, each **secondary** site pulls it to its own container
2019-09-11 02:52:00 +00:00
repository.
To configure Docker Registry replication:
2021-04-14 15:09:04 +00:00
1. Configure the [**primary** site ](#configure-primary-site ).
1. Configure the [**secondary** site ](#configure-secondary-site ).
2019-09-11 02:52:00 +00:00
1. Verify Docker Registry [replication ](#verify-replication ).
2021-04-14 15:09:04 +00:00
### Configure **primary** site
2019-09-11 02:52:00 +00:00
Make sure that you have Container Registry set up and working on
2021-04-14 15:09:04 +00:00
the **primary** site before following the next steps.
2019-09-11 02:52:00 +00:00
We need to make Docker Registry send notification events to the
2021-04-14 15:09:04 +00:00
**primary** site.
2019-09-11 02:52:00 +00:00
1. SSH into your GitLab **primary** server and login as root:
2020-01-30 15:09:15 +00:00
```shell
2019-09-11 02:52:00 +00:00
sudo -i
```
1. Edit `/etc/gitlab/gitlab.rb` :
```ruby
registry['notifications'] = [
{
'name' => 'geo_event',
2021-07-19 18:08:23 +00:00
'url' => 'https://< example.com > /api/v4/container_registry_event/events',
2019-09-11 02:52:00 +00:00
'timeout' => '500ms',
'threshold' => 5,
'backoff' => '1s',
'headers' => {
2020-03-23 06:09:28 +00:00
'Authorization' => ['< replace_with_a_secret_token > ']
2019-09-11 02:52:00 +00:00
}
}
]
```
2020-12-04 21:09:29 +00:00
NOTE:
2021-07-19 18:08:23 +00:00
Replace `<example.com>` with the `external_url` defined in your primary site's `/etc/gitlab/gitlab.rb` file, and
replace `<replace_with_a_secret_token>` with a case sensitive alphanumeric string
2020-03-23 06:09:28 +00:00
that starts with a letter. You can generate one with `< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c 32 | sed "s/^[0-9]*//"; echo`
2020-12-04 21:09:29 +00:00
NOTE:
2019-09-11 02:52:00 +00:00
If you use an external Registry (not the one integrated with GitLab), you must add
2021-04-26 00:09:41 +00:00
these settings to its configuration yourself. In this case, you also have to specify
2019-09-11 02:52:00 +00:00
notification secret in `registry.notification_secret` section of
`/etc/gitlab/gitlab.rb` file.
2020-12-04 21:09:29 +00:00
NOTE:
2021-04-26 00:09:41 +00:00
If you use GitLab HA, you also have to specify
2019-09-17 14:16:34 +00:00
the notification secret in `registry.notification_secret` section of
`/etc/gitlab/gitlab.rb` file for every web node.
2019-09-11 02:52:00 +00:00
1. Reconfigure the **primary** node for the change to take effect:
2020-01-30 15:09:15 +00:00
```shell
2019-09-11 02:52:00 +00:00
gitlab-ctl reconfigure
```
2021-04-14 15:09:04 +00:00
### Configure **secondary** site
2019-09-11 02:52:00 +00:00
Make sure you have Container Registry set up and working on
2021-04-14 15:09:04 +00:00
the **secondary** site before following the next steps.
2019-09-11 02:52:00 +00:00
2021-04-14 15:09:04 +00:00
The following steps should be done on each **secondary** site you're
2019-09-11 02:52:00 +00:00
expecting to see the Docker images replicated.
2021-04-14 15:09:04 +00:00
Because we need to allow the **secondary** site to communicate securely with
the **primary** site Container Registry, we need to have a single key
2021-04-26 00:09:41 +00:00
pair for all the sites. The **secondary** site uses this key to
2019-09-11 02:52:00 +00:00
generate a short-lived JWT that is pull-only-capable to access the
2021-04-14 15:09:04 +00:00
**primary** site Container Registry.
2019-09-11 02:52:00 +00:00
2021-04-23 03:09:40 +00:00
For each application and Sidekiq node on the **secondary** site:
2021-04-14 15:09:04 +00:00
1. SSH into the node and login as the `root` user:
2019-09-11 02:52:00 +00:00
2020-01-30 15:09:15 +00:00
```shell
2019-09-11 02:52:00 +00:00
sudo -i
```
2021-04-14 15:09:04 +00:00
1. Copy `/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key` from the **primary** to the node.
2019-09-11 02:52:00 +00:00
2021-06-17 15:10:03 +00:00
1. Edit `/etc/gitlab/gitlab.rb` and add:
2019-09-11 02:52:00 +00:00
```ruby
2019-09-17 14:16:34 +00:00
gitlab_rails['geo_registry_replication_enabled'] = true
2022-05-20 12:08:50 +00:00
2021-06-17 15:10:03 +00:00
# Primary registry's hostname and port, it will be used by
# the secondary node to directly communicate to primary registry
2022-05-20 12:08:50 +00:00
gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://primary.example.com:5050/'
2019-09-11 02:52:00 +00:00
```
2021-04-14 15:09:04 +00:00
1. Reconfigure the node for the change to take effect:
2019-09-11 02:52:00 +00:00
2020-01-30 15:09:15 +00:00
```shell
2019-09-11 02:52:00 +00:00
gitlab-ctl reconfigure
```
### Verify replication
2019-05-05 16:08:21 +00:00
2021-06-18 15:10:16 +00:00
To verify Container Registry replication is working, on the **secondary** site:
2021-08-26 00:09:31 +00:00
1. On the top bar, select **Menu > Admin** .
2021-06-18 15:10:16 +00:00
1. On the left sidebar, select **Geo > Nodes** .
The initial replication, or "backfill", is probably still in progress.
2021-04-14 15:09:04 +00:00
You can monitor the synchronization process on each Geo site from the **primary** site's **Geo Nodes** dashboard in your browser.