Suppose you want to configure your private on-premises Docker container registry in VMware Blockchain Orchestrator. In that case, you can download trusted VMware images from the repository and have the Docker container verify the notary server signatures.
If you do not want to use the default container registry with the trusted VMware images, complete the steps listed to customize a private on-premises Docker container registry.
Docker container registry secures access to your trusted images because the registry natively supports TLS and basic authentication. The notary server manages trusted images that are digitally signed with verification of integrity and origin of content.
Procedure
Example
Sample output for pushing trusted images and signing images.
export DOCKER_CONTENT_TRUST_SERVER="https://local.notary.<URL>.com" export DOCKER_CONTENT_TRUST=1 docker push 109.12.358.250:5000/vmwblockchain/agent:1.7.0.0.55 75b79e19929c: Pushed 4775b2f378bb: Pushed 883eafdbe580: Pushed 19d043c86cbc: Pushed 8823818c4748: Pushed 1.7.0.0.55.0: digest: <secure_key> size: 1357 Signing and pushing trust metadata You are about to create a new root signing key passphrase. This passphrase will be used to protect the most sensitive key in your signing system. Please choose a long, complex passphrase and be careful to keep the password and the key file itself secure and backed up. It is highly recommended that you use a password manager to generate the passphrase and keep it safe. There will be no way to recover this key. You can find the key in your config directory. Enter passphrase for new root key with ID dfa4655: Repeat passphrase for new root key with ID dfa4655: Enter passphrase for new repository key with ID af8d942: Repeat passphrase for new repository key with ID af8d942: Finished initializing "109.12.358.250:5000/vmwblockchain/agent:1.7.0.0.55" Successfully signed 109.12.358.250:5000/vmwblockchain/agent:1.7.0.0.55 unset DOCKER_CONTENT_TRUST unset DOCKER_CONTENT_TRUST_SERVER
What to do next
Set the Docker container registry and notary server parameters in the VMware Blockchain Orchestrator infrastructure descriptor file. See Configuring the Infrastructure Descriptor Parameters on vSphere.