Skip to content

Instantly share code, notes, and snippets.

@prydin

prydin/cp_registry.md

Created April 21, 2026 19:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save prydin/d0f5e4cf8bebcbd1135b622c4f195144 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save prydin/d0f5e4cf8bebcbd1135b622c4f195144 to your computer and use it in GitHub Desktop.
Download ZIP
Run a Docker registry on a VCF Operations Collector node
Raw
cp_registry.md

Configure a Private Registry on a VCF Operations Collector/Cloud Proxy for the vCommunity Management Pack for Disconnected Sites

Adapted from an original by Sean Cummins

The VCF Operations Coommunuty Management pack adds lots of useful new metrics to VCF Operations. This Management Pack was created using the VCF Operations SDK, which relies on Docker. Typically, the Collectors would contact a public registry to pull the images, but this doesn't work in air-gapped high-security sites. This document discusses a workaround.

Preparing the images

Run this from an Internet-connected machine with Docker. First, we'll use a connected workstation to download container images from public registries, save them as tarballs, and transfer them to the Cloud Proxies / Collectors

Download container images

docker pull registry:2
docker pull ghcr.io/vmbro/vcf-operations-vcommunity:0.2.8_1770247822.7668018 # Change version if needed

Export/Save images as tarballs and copy to the Collector that will be running the Registry

sudo docker save -o registry2.tar registry:2
sudo docker save -o vcommunity_image.tar ghcr.io/vmbro/vcf-operations-vcommunity:0.2.8_1770247822.7668018
scp *.tar root@<IP_of_collector_to_run_registry>:/root

If there's an air gap between the connected server and the destination, you may have to copy the files to an intermediate location first.

Deploy and Configure Private Registry

Now we'll set up a private Docker registry on one of the Collectors, load these images, and then push them to the registry.

Enable insecure/unsigned registry access from all Collectors

Note: Do this on ALL Collectors that will be running the vCommunity MP

Edit the file /etc/docker/daemon.json and add the following line (make sure your JSON syntax is correct and you have commas between rows)

{
  "insecure-registries" : ["<REGISTRY_IP>:5000"]
}

Restart Docker

systemctl restart docker

Load tarballs into local Docker engine

Note: Do this ONLY on the Collector that will be running the Docker Registry

docker load -i registry2.tar
docker load -i vcommunity_image.tar

Start Registry and tag & push images to it Note: Do this ONLY on the Collector that will be running the Docker Registry

docker run -d -p 5000:5000 -v /opt/registry/data:/var/lib/registry --restart always --name registry registry:2
docker tag ghcr.io/vmbro/vcf-operations-vcommunity:0.2.8_1770247822.7668018 <IP_of_collector_running_registry>:5000/vmbro/vcf-operations-vcommunity:0.2.8_1770247822.7668018
docker push <IP_of_collector_running_registry>:5000/vmbro/vcf-operations-vcommunity:0.2.8_1770247822.7668018

Configure vCommunity MP to use the new Private Registry

Note: Do this on ALL non-collector nodes (e.g. primary/replica/data nodes)

Edit $VCOPS_BASE/user/plugins/inbound/VCFOperationsvCommunity.conf and replace the REGISTRY with your registry's IP or FQDN (must match the new name you used during the tag operation and the daemon.json insecure-registries line)

REGISTRY=<IP_of_collector_running_registry>:5000

Restart the collector service

service collector restart

Configure vCommunity Adapter

From the VCF Operations UI, add new adapter accounts. This will trigger the Collectors to pull the container image from the new private registry, and then start the appropriate container images.

If you are experiencing problems, check the logs on the collectors with the following command

journalctl -u docker.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment