I have setup below infrastructure for notary:
- notary server
- notary signer
- mariadb database for both "notary server" and "notary signer" using docker-compose.
I would like to use my private docker registry (nexus) which is deployed in different machine with the notary infrastructure which I have up and running.
Could you please let me know the step by step process for the same?
I am extending my findings:
I am trying to setup my own notary service using the instructions available in this link https://github.com/theupdateframework/notary
What I have done:
git clone https://github.com/theupdateframework/notary.git
cd notary
3 )$ docker-compose build
$ docker-compose up -d
After performing above steps I got a 3 container up and running on my docker host (Running on Local laptop -Ubuntu16.04)
- notary_server
- notary_signer
- mariadb:10.1.28
Now in order to use my local notary service with private registry nexus (hosted as a container in other machine) I have done the below steps:
/etc/hosts entry
127.0.0.1 notary-server
mkdir -p ~/.notary && cp cmd/notary/config.json cmd/notary/root-ca.crt ~/.notary
After this I have tested the connection using below command and it succeed.
openssl s_client -connect :4443 -CAfile fixtures/root-ca.crt -no_ssl3 -no_ssl2
Now in order to sign the image and push it to private registry I have set the below environment variable.
DOCKER_CONTENT_TRUST_SERVER=https://notary-server:4443
DOCKER_CONTENT_TRUST=1
Problem: When I issue a docker push command like below
sudo docker push nexus.xyz.com:5000/nginx:latest (I have done proper tag before)
it does not go through signing , it directly push the image to private registry
But when I use
sudo docker push --disable-content-trust=false nexus.xyz.com:5000/nginx:latest
it signed the image and push , but does not show any trusted content when I use
notary list nexus.xyz.com:5000/nginx:latest
Question: Do I need to do any other configuration in order to use my own notary service?
Any help would be really appreciated.
