Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 5. Populating your private automation hub container registry

By default, private automation hub does not include automation execution environments. To populate your container registry, you must push an execution environment to it.

You must follow a specific workflow to populate your private automation hub remote registry:

  • Pull automation execution environments from the Red Hat Ecosystem Catalog (registry.redhat.io)
  • Tag them
  • Push them to your private automation hub remote registry
Important

As of April 1st, 2025, quay.io is adding three additional endpoints. As a result, customers must adjust the allow/block lists within their firewall systems lists to include the following endpoints:

  • cdn04.quay.io
  • cdn05.quay.io
  • cdn06.quay.io

To avoid problems pulling container images, customers must allow outbound TCP connections (ports 80 and 443) to the following hostnames:

  • cdn.quay.io
  • cdn01.quay.io
  • cdn02.quay.io
  • cdn03.quay.io
  • cdn04.quay.io
  • cdn05.quay.io
  • cdn06.quay.io

This change should be made to any firewall configuration that specifically enables outbound connections to registry.redhat.io or registry.access.redhat.com.

Use the hostnames instead of IP addresses when configuring firewall rules.

After making this change, you can continue to pull images from registry.redhat.io or registry.access.redhat.com. You do not require a quay.io login, or need to interact with the quay.io registry directly in any way to continue pulling Red Hat container images.

For more information, see Firewall changes for container image pulls 2024/2025.

Ensure that the Network ports and protocols listed in Table 6.4. Execution Environments (EE) are available to avoid problems pulling container images.

5.1. Pulling execution environments for use in automation hub

Before you can push execution environments to your private automation hub, you must first pull them from an existing registry and tag them for use. The following example details how to pull an execution environment from the Red Hat Ecosystem Catalog (registry.redhat.io).

Prerequisites

  • You have permissions to pull automation execution environments from registry.redhat.io.

Procedure

  1. Log in to Podman by using your registry.redhat.io credentials: 

    $ podman login registry.redhat.io
  2. Enter your username and password.

  3. Pull an execution environment: 

    $ podman pull registry.redhat.io/<ee_name>:<tag>

Verification

To verify that the execution environment you recently pulled is contained in the list, take these steps:

  1. List the images in local storage: 

    $ podman images
  2. Check the execution environment name, and verify that the tag is correct.

Additional resources

5.2. Tagging execution environments for use in automation hub

After you pull execution environments from a registry, tag them for use in your private automation hub remote registry.

Prerequisites

  • You have pulled an execution environment from an external registry.
  • You have the FQDN or IP address of the automation hub instance.

Procedure

  • Tag a local execution environment with the automation hub container repository: 

    $ podman tag registry.redhat.io/<ee_name>:<tag> <automation_hub_hostname>/<ee_name>

Verification

  1. List the images in local storage: 

    $ podman images
  2. Verify that the execution environment you recently tagged with your automation hub information is contained in the list.

5.3. Pushing an execution environment to private automation hub

You can push tagged execution environments to private automation hub to create new containers and populate the remote registry.

Prerequisites

  • You have permissions to create new containers.
  • You have the FQDN or IP address of the automation hub instance.

Procedure

  1. Log in to Podman using your automation hub location and credentials: 

    $ podman login -u=<username> -p=<password> <automation_hub_url>
    Warning

    Let Podman prompt you for your password when you log in. Entering your password at the same time as your username can expose your password to the shell history.

  2. Push your execution environment to your automation hub remote registry: 

    $ podman push <automation_hub_url>/<ee_name>

Troubleshooting

The push operation re-compresses image layers during the upload, which is not guaranteed to be reproducible and is client-implementation dependent. This may lead to image-layer digest changes and a failed push operation, resulting in Error: Copying this image requires changing layer representation, which is not possible (image is signed or the destination specifies a digest).

Verification

  1. Log in to your Ansible Automation Platform.
  2. Navigate to Automation Content Execution Environments.
  3. Locate the container in the container repository list.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.