As of 12/1/17 the module to install Docker via Puppet on forge.puppet.com is not working for AWS instances. This known bug is blocking it from working.
What is Apache Parquet?
Question
What is Apache Parquet?
Answer
Apache Parquet is columnar data representation/manipulation tool for a Hadoop ecosystem. Data in a given column is largely uniform (e.g., a long string of characters, a single character, or an integer) in that it repeats a specific type and format of data as opposed to two cells in the same row (which may be very dissimilar types of data). Columns may be in memory or disk -- just as relational rowset data is. The columns will be more compressible (in RAM or on disk) due to the underlying data uniformity than rows themselves. If you want to learn more about columnar databases, see this link.
The term parquet refers to "diminutive" (as in a compartment) in French. The open-source Apache program Parquet was indeed created by a French-speaking person. In English it is pronounced "par-kay" (like "par" for the course and "cay" as in the "Cayman Islands"). Also in English parquet can refer to long flooring strips (which physically resemble vertical columns). If you want to learn more about Parquet, see this PDF file.
Literature about Apache Parquet (like the link above or on Apache's website) refer to the Dremel paper. What is the Dremel paper? According to citations in a Wired article we believe that "the" Dremel paper is this one. Dremel is not a person. "Dremel is a scalable, interactive ad-hoc query system for analysis of read-only nested data." (This quote was taken from the 10-page PDF linked above.) If you want to install the open source version of Apache Parquet, see this article.
How Do You Install Apache Parquet?
Problem scenario
You want to install Apache Parquet on the Hadoop namenode. What do you do?
Solution
Prerequisite
This assumes that you have installed Hadoop. For directions, see this posting.
Procedure
Run these commands:
sudo su -
apt-get -y install pip
pip install thriftpy
pip install snappy
exit
sudo apt-get -y install libsnappy-dev thrift-compiler
curl https://pypi.python.org/packages/74/b5/bc459aab0566fc3cf3397467922c37411ab6e3361bab9e0ca165e1089ce8/parquet-1.2.tar.gz#md5=05aacec0620ac63ecd7dd77bf7fb9fee > /tmp/parquet-1.2.tar.gz
sudo cp /tmp/parquet-1.2.tar.gz /opt/
cd /opt
sudo tar -xvf parquet-1.2.tar.gz
cd parquet-1.2
sudo python setup.py build
sudo python setup.py install
How Do You Install Snort on RHEL 7.x?
Problem scenario
You want to install Snort on a Red Hat Enterprise Linux server. How do you do this?
Solution
1. Log into the server.
2. Create a file /tmp/snortinstaller.sh with the following content:
yum -y install libdnet
yum -y install https://www.snort.org/downloads/snort/daq-2.0.6-1.f21.x86_64.rpm
curl https://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/l/libnghttp2-1.28.0-1.fc28.x86_64.rpm > libnghttp2-1.28.0-1.fc28.x86_64.rpm
rpm -ivh libnghttp2-1.28.0-1.fc28.x86_64.rpm
yum -y install https://www.snort.org/downloads/snort/snort-2.9.11-1.f25.x86_64.rpm
ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
3. Run this command: sudo bash /tmp/snortinstaller.sh
4. Test it by running this: snort -V
5. If you want to learn more about using Snort rules, see steps 2 through 10 of these directions.
How Do You Use UiPath Studio CE to Log into a Website?
Problem scenario
You want to test out UiPath's abilities to see how RPA works. You want UiPath to automatically log into a website that challenges the human for a username and password.
Solution
Prerequisite #1
This assumes that UiPath Studio has been installed. If you do not know how, see this posting.
Prerequisite #2 (specific to this example only)
For this example we will set up an automation to open a web browser, go to the rpaforum.net website and log in. For this example, you will need credentials to log into the rpaforum.net.
For this example cookies cannot be blocked from rpaforum.net. If you are using the typical, recommended settings of I.E., do the following:
1. Open I.E. If you are prompted, you may want to accept the recommended settings.
2. Go to the gear icon in the upper righthand corner. Go to "Internet Options."
3. Go to Security tab and then click on "Trusted Sites."
4. Click on the "Sites" button.
5. Enter this text with no quotes "rpaforum.net" and click "Add".
6. Enter this text with no quotes "https://ajax.googleapis.com" and click "Add".
7. Enter this text with no quotes "https://www.google-analytics.com" and click "Add".
(There are different ways of eliminating pop-ups for web UI automation purposes. Adding the above as Trusted Sites allows you use maintain I.E.'s recommended security settings.)
Warning
This solution does not encrypt a saved password. This is acceptable as a proof-of-concept. It is not advisable if the password used in this example is sensitive.
Procedures
1. Open the web browser that UiPath will use. For this example we will assume it is I.E.
2. Open UiPath.
3. Click the "Blank" option and give it a name (e.g., contint). Give it a description (e.g., "Cool description").
4. Click "Create". You should see the "Design" tab clicked at the top. You should see "Activities" on the lefhand side.
5. On the lefthand side in "Activities", drill down by expanding Available -> UI Automation -> Browser -> and drag "Open Browser" to "Drag activity here" in the middle of the screen.
6. In the "Open Browser" box, there should be a field for the URL. Enter "http://rpaforum.net" with no quotes.
7. Drill down in Activities by expanding "Available" then going to -> UI Automation -> Element -> Mouse -> drag "Click" to be the step beneath the step just created.
8. In this new step, click "Indicate element on screen". Hover to the "Log In" button. Click it.
9. Drill down in Activities by expanding "Available" then going to -> UI Automation -> Element -> Image -> Mouse -> drag "Click image" to be the step beneath the step just created.
10. Under this new step, click "Indicate element on screen"
11. With the red mouse cursor go to a pixel slightly above the "ss" in "Email address" button in the upper righthand corner. Create a rectangle from that spot to a portion of the field where the email address should be typed. The center of this snippet that you capture with a rectangle should be in the field where you type the email address. So create the rectangle accordingly.
12. Drill down in Activities by expanding "Available" then going to -> UI Automation -> Element -> Keyboard -> drag "Type Into" to be the step beneath the step just created.
13. In this new box, click the field that says "Text must be quoted". Type in the email address in quotes (e.g., "rpa@continualintegration.com").
14. Drill down in Activities by expanding "Available" then going to -> UI Automation -> Element -> Image -> Mouse -> drag "Click image" to be the step beneath the step just created.
15. Under this new step, click "Indicate element on screen"
16. With the red mouse cursor go to a pixel slightly above the "rd" in "Password" button in the upper righthand corner. Create a rectangle from that spot to a portion of the field where the password should be typed. The center of this snippet that you capture with a rectangle should be in the field where you type the email address. So create the rectangle accordingly.
17. Drill down in Activities by expanding "Available" then going to -> UI Automation -> Element -> Keyboard -> drag "Type Into" to be the step beneath the step just created.
18. In this new box, click the field that says "Text must be quoted". Type in the email address in quotes (e.g., "Password"). (Remember that this password will not be stored securely. This is just a proof-of-concept set of directions.)
19. Drill down in Activities by expanding "Available" then going to -> UI Automation -> Element -> Image -> drag "Click image" to be the step beneath the step just created.
20. In this new step, click "Indicate element on screen". Hover to the button where the "Log In" button is to be clicked to log in. Click it.
21. In UiPath click the "Save" button (an icon of a 3 X 5 floppy disk in the upper lefthand corner).
22. Press F5 or click "Run".
How Do You Get Snort Working to Test It Out?
Problem scenario
You have a Linux server, and you want to install Snort use its basic functionality. How do you do this?
Background
It is advisable to place Snort on every machine (Upguard). This way if one server is compromised, you have Snort's features on all other servers. When alerting but not logging, running Snort usually consumes a negligible amount of resources (RAM, CPU, I/O activity to the hard disk).
Solution
1. If the Linux server is Ubuntu or a Debian distribution, run these two commands:
sudo apt-get -y update
sudo apt -y install snort
If the Linux server is RedHat or a RedHat derivative (such as CentOS or Fedora), see this posting for installing Snort.
2. Identify the internal IP address of the server (e.g., "ip addr show | grep eth0"). As an example for these procedures, let's assume the internal IP address that was returned from the suggested "ip addr show | grep eth0" was 11.22.33.44
3. Back up the Snort configuration file with this command: cp /etc/snort/snort.conf /etc/snort/snort.conf.bak
4. Then modify the original snort.conf file (vi /etc/snort/snort.conf) to change a single line. The "ipvar HOME_NET" stanza should look like this:
ipvar HOME_NET 11.22.33.0/24
# Where 11.22.33 are the first three octets of the internal IP address of the server.
5. Modify the local.rules file (to add one line) by running this command: sudo vi /etc/snort/rules/local.rules
# Add this single line below:
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:1000001; rev:1; classtype:icmp-event;)
6. Have the rule take effect by running this command: sudo snort -T -i eth0 -c /etc/snort/snort.conf
7. Make sure that you see "Snort successfully validated the configuration!" Start Snort's alerting process by running this command: sudo snort -A console -q -c /etc/snort/snort.conf -i eth0
8. Test it by pinging the external IP address of the server. Pinging the loopback address or the internal IP address will NOT generate activity for Snort to capture, monitor, or log. It does not matter from which server you start the pings (e.g., the Snort server itself is fine via a duplicate session), as long as the destination IP address of the pings is the external IP address.*
9. Optional step. For Snort to log to a persistent file, not echoing to the screen (or "walling" to the screen) certain TCP/IP activity, use a rule like this in the local.rules file:
log tcp any any -> $HOME_NET 277:277 (msg:"Special activity"; sid:1000002; rev:1; classtype:attempted-recon;)
# Each sid must be unique. To monitor a range of ports instead of just "277" change the "277" on the left of the pair divided by a colon (277:277) in the above stanza to the lowest port number in the range. Change the "277" on the right of the 277:277 to the highest port number in the range you want to monitor.
The above stanza (that starts with "log") will record activity over port 277 to a binary file (not a regular text file) in /var/log/snort/ (but the location may differ if you changed the default directory of where Snort logs). To view the log, find the name then run a command like this: sudo snort -r nameOflog
The output may be considerable. You may want to redirect the output to another file.
10. You are finished.
* For testing Snort make sure there is no firewall rule protecting the server so that even pings to the external IP address will not work. If the Linux server is in AWS, find the external IP address for the server. Make sure that the Security Group governing this server allows inbound traffic from the external IP address of the server. You may block inbound traffic from the server's external IP address if you do not need to test Snort from the server itself. If the Linux server is in Azure, ensure that the Network Security Group allows connectivity from the IP address.
How Do You Install Boost C++ Libraries and Related Development Files?
Problem scenario
You want to install Boost C++ libraries and related development files. How do you do this?
Solution
Run this command:
sudo apt-get install automake bison flex g++ git libboost1.*-all-dev libevent-dev libssl-dev libtool make pkg-config
How Do You Log into the Kubernetes Dashboard?
Problem scenario
When you completed configuring Kubernetes, you were provided with a URL. But this web page looks minimalistic with no graphics and a white background. The web UI is not complete or polished and looks like a YAML file. How do you get to the regular Kubernetes dashboard that looks like this picture?
Possible Solution #1
1. From the command prompt you set up Kubernetes with, run this command to find the URL of the dashboard:
kubectl config view | grep server | awk '{print $2"/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/"}'
2. Open a web browser and go to this URL. If you go to the URL and you are prompted to upload a kube config file for authentication, clicking "Skip" may work for testing in a non-production environment.
Possible Solution #2
This is for older versions of Kubernetes.
1. Go to the back-end of the Kubernetes' cluster server or the server you used to set up Kubernetes. Use this command from the back end to find the URL for the web UI:
kubectl config view | grep server
2. Draft the URL by using the https:// constructor above (e.g., https://x.x.x.x:6443 where x.x.x.x is the IP address obtained from the command above) and append a "/ui" to it with no quotes. The final dashboard will look like this:
https://x.x.x.x:6443/ui
3. Open a web browser and go to this URL.
How Do You Solve the Docker Error “x509 certificate signed by unknown authority”?
Problem scenario
When you use docker login from a client server and you are challenged for credentials. But after you enter the password and press enter you get this error: "Error response from daemon: Get https://: x509: certificate signed by unknown authority"
You do not login to the Docker registry. How do you get around this problem so you can log into the Docker registry?
Solution
Use one solution or the other. Do not use both solutions!
Possible solution #1(less secure method; good for when no one else has access to the Docker registry server and it is just for learning)
1. On the client server back up /etc/default/docker (if it is an important server or if you are very concerned). Then modify this file.
Add this line to the file (but replace "FQDNofDockerRegistryServer" with the FQDN of the Docker registry server):
DOCKER_OPTS="--insecure-registry FQDNofDockerRegistryServer:443"
2. Restart the Docker services on this client:
sudo service docker restart
3. Now try docker login again.
Possible solution #2(more secure method; preferable when you have access to the Docker registry server)
1. On the client server back up /etc/ssl/certs/ca-certificates.crt
2. Copy from the Docker registry server this file: /etc/ssl/certs/ca-certificates.crt
3. On the client server, delete the /etc/ssl/certs/ca-certificates.crt file. Place a copy from the Docker registry server and put it on the client server in the same location and name as you just deleted it. In other words overwrite the original /etc/ssl/certs/ca-certificates.crt file on the client server with a copy from the Docker registry server.
4. Restart the Docker services on this client: sudo service docker restart
5. Now try docker login again.
How Do You Create a Docker Registry in Ubuntu Linux?
Problem scenario
You do not want to rely on internet-available Docker registries. You want to have your own private Docker registry in your own AWS network. You want to share Docker images (to build containers) with your team. You think that installing/deploying a Docker registry will help you. What do you do to build and configure (or just set up) your own Docker registry with an Ubuntu 16.x server?
Solution
These directions were tested to work with Ubuntu 16.x in AWS and Azure. (They were loosely based on this DigitalOcean tutorial.)
Prerequisites
You need one Linux server to be the Docker registry. You need a second server with Docker that will be a client of the registry; to install Docker, this posting can help you.
Procedures
1. On the server that will be the Docker registry install Docker (sudo apt-get -y update; sudo apt -y install docker.io). If you need additional directions for installing Docker, click here to see alternatives with more detail.
2. Install Docker-Compose. For directions, see this posting.
3. Install apache2-utils with this command: sudo apt-get -y install apache2-utils
4. Run these two commands:
mkdir ~/docker-registry && cd $_
mkdir data
5. In the ~/docker-registry directory, create a file called docker-compose.yml with the following content (taken from this DigitalOcean tutorial):
registry:
image: registry:2
ports:
- 127.0.0.1:5000:5000
environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
volumes:
- ./data:/data
6. Run these three commands:
cd ~/docker-registry
sudo service docker start
docker-compose up
# Do no be alarmed if you see a message like this 'warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple '. That message is not important.
7. After the screen's text stops changing wait 30 seconds. If it is still after 30 seconds, press Ctrl-c to cancel the above.
8. Create an "nginx" subdirectory with this command: mkdir ~/docker-registry/nginx
9. Modify the docker-compose.yml file by placing these lines at the very top. You should also create one blank line between the last line below and the top line of the original file's content. (The lines below were taken from this DigitalOcean tutorial.):
nginx:
image: "nginx:1.13"
ports:
- 5043:443
links:
- registry:registry
volumes:
- ./nginx/:/etc/nginx/conf.d:ro
10. Create a file ~/docker-registry/nginx/registry.conf with the following content from "upstream docker-registry..." to the last "}" before the next step. (The lines below were taken from this DigitalOcean tutorial.)
upstream docker-registry {
server registry:5000;
}
server {
listen 443;
server_name myregistrydomain.com;
# SSL
# ssl on;
# ssl_certificate /etc/nginx/conf.d/domain.crt;
# ssl_certificate_key /etc/nginx/conf.d/domain.key;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location /v2/ {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
# To add basic authentication to v2 use auth_basic setting plus add_header
# auth_basic "registry.localhost";
# auth_basic_user_file /etc/nginx/conf.d/registry.password;
# add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
proxy_pass http://docker-registry;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
11. Run these commands:
cd ~/docker-registry
docker-compose up
12. Create a duplicate terminal session to the Docker host (the server that will be the Docker registry by using Putty or some other means). From this duplicate session run these commands:
curl http://localhost:5000/v2/
curl http://localhost:5043/v2/
Observe the output on the original terminal window from both commands. If you see lines that include "registry_" in the output in the original terminal, then your are making progress. Leave this duplicate terminal session open. Go to the next step.
13. From the original terminal session, press Ctrl-c
14. Run these two commands (to start setting up web authentication to the registry):
cd ~/docker-registry/nginx# where "contint" is a username you want to add
htpasswd -c registry.password contint
# enter a password that you can remember when you are prompted.
(To add users subsequently, run this command: htpasswd registry.password jdoe # where jdoe is the user name you want to add.)
15.i. Modify the registry file by running this command:
vi ~/docker-registry/nginx/registry.conf
15.ii. These three lines should be next to each other before you edit the file. So find them in registry.conf. Remove the leading "#" symbol (uncomment) these three lines:
# auth_basic "registry.localhost";
# auth_basic_user_file /etc/nginx/conf.d/registry.password;
# add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
Save the registry.conf file.
16. Run these two commands:
cd ..
docker-compose up
17. Go back to the duplicate session for the server. Run this command: curl http://localhost:5043/v2/
You should see a "401 Authorization Required" message.
18. Now try this command:
curl http://contint:password@localhost:5043/v2/
# Substitute "contint" with your username. Substitute "password" with its password.
# You should see {} as a result of the above command.
# On the first terminal you should see "registry_" and other output when the curl command runs.
19. On the first terminal, press ctrl-C.
20.i. Now set up SSL by modifying the registry file again (e.g., vi ~/docker-registry/nginx/registry.conf).
20.ii. Find this stanza:
server_name myregistrydomain.com;
# Change the "myregistrydomain.com" to whatever you want (e.g., coolname.com). But you may keep it the same for the purposes of these directions.
20.iii. Find the "# SSL" line in registry.conf. (Leave the "# SSL" alone.) Uncomment the three lines beneath it. They will look like this before you remove the "#" marks:
# ssl on;
# ssl_certificate /etc/nginx/conf.d/domain.crt;
# ssl_certificate_key /etc/nginx/conf.d/domain.key;
Save the registry.conf file once the above lines are uncommented.
21. Run these commands and respond to the prompts of the final command as you see fit:
cd ~/docker-registry/nginx
sudo openssl genrsa -out devdockerCA.key 2048
sudo openssl req -x509 -new -nodes -key devdockerCA.key -days 10000 -out devdockerCA.crt
Here is an example of many valid options to the prompts you will see from the "openssl" command above:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NY
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ContinualIntegration.com
Organizational Unit Name (eg, section) []:Main Department
Common Name (e.g. server FQDN or YOUR name) []:<FQDN of server to be Docker registry>
Email Address []:dne@doesnotexist.com
# Remember to replace "<FQDN of server to be Docker registry>" with the FQDN of the sever you want to be the Docker registry.
22. Run these two commands:
sudo openssl genrsa -out domain.key 2048
sudo openssl req -new -key domain.key -out dev-docker-registry.com.csr
# Answer the prompts as you see fit, but do not type anything for the "challenge password."
# Here is an example of how to respond:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NY
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ContinualIntegration.com
Organizational Unit Name (eg, section) []:Main department
Common Name (e.g. server FQDN or YOUR name) []:<FQDN of server to be Docker registry>
Email Address []:dne@doesnotexist.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:ContInt
# Remember to replace "<FQDN of server to be Docker registry>" with the FQDN of the sever you want to be the Docker registry.
23. Run these seven commands:
sudo openssl x509 -req -in dev-docker-registry.com.csr -CA devdockerCA.crt -CAkey devdockerCA.key -CAcreateserial -out domain.crt -days 10000sudo mkdir /usr/local/share/ca-certificates/docker-dev-cert
sudo cp devdockerCA.crt /usr/local/share/ca-certificates/docker-dev-cert
sudo update-ca-certificates
sudo service docker restart
cd ~/docker-registry
docker-compose up
24. From a duplicate terminal run this command:
curl -k https://contint:password@localhost:5043/v2/
# Where "contint" is the username and "password" its password.
# You should get "{}" as the result (with no quotes).
25. From the same duplicate terminal, run this command: docker login https://localhost:5043
# Respond with the username and password created earlier (e.g., "contint").
26. Modify this file ~/docker-registry/docker-compose.yml
Find the stanza "- 5043:443" and change the "5043" to "443". It will look like this: "- 443:443"
27. Go back to the first terminal with the "registry_" output. Press Ctrl-c.
28. Run this command: docker-compose up
29. From a duplicate session or terminal window, run this command:
curl -k https://contint:password@localhost:443/v2/
# Where "contint" is the username and "password" its password.
# You should get "{}" as the result (with no quotes).
30. Go back to the first terminal with the "registry_" output. Press Ctrl-c.
31. Warning! One of these commands below will remove all existing containers. Run these five commands:
sudo apt -y install docker-registry
cd ~/docker-registry
docker-compose rm # respond with "y" to this one
sudo mv ~/docker-registry /docker-registry
sudo chown -R root: /docker-registry
32. Create this file /etc/init/dc.sh with the following content:
#!/bin/bash
cd /docker-registry
exec /usr/local/bin/docker-compose up
33. Become root with this command: sudo su -
34. Run this command: export EDITOR=vi
35. Run this command: crontab -e # Place this single line somewhere in the crontab (with no "#" comment mark before it, possibly on the lowest line):
@reboot sudo /bin/bash /etc/init/dc.sh
36. Save the crontab. Exit out of the root user.
37. Reboot the server.
38. Run this command and make sure you see a Docker container with "registry" in the "IMAGE" column: docker ps
39.i. Configure the client server by logging into a different Linux server. If you are using Ubuntu, use this command "sudo apt -y install docker.io" If you are using RedHat in Azure, see this posting. If you are using RedHat in AWS, see this posting.
39.ii. On the client server, back up the /etc/ssl/certs/ca-certificates.crt file (e.g., to the same location with almost the same name but with a ".bak" extension).
39.iii. Use scp (or some other method) to copy the /etc/ssl/certs/ca-certificates.crt file from the Docker registry server to the client server. If you need directions on how to set up passwordless SSH between two Linux servers in different public clouds, see this posting.
39.iv. Overwrite the /etc/ssl/certs/ca-certificates.crt file with the one from the Docker registry server.
39.v. Restart the Docker service on the client (sudo service docker restart).
40. The client server should have one of the following:
i. A DNS server configured (resolv.conf) so the Docker registry's FQDN resolves to the correct IP address.
ii. An /etc/hosts entry so that the Docker registry's FQDN resolves to the correct IP address.
41. You should be done setting up the registry. To test the registry, do the following. Create a Docker image, upload it to the registry, then download it again and log into it. To do these four things, follow these directions. On the client server, run these commands:
docker login https://<FQDN of Docker registry server>
docker run -t -i ubuntu /bin/bash # create a Docker container and enter it
touch /SUCCESS
exit
docker commit $(docker ps -lq) test-image
# If you choose a different name from test-image, replace "test-image" in the below commands with the name you choose.
docker login https://<FQDN of Docker registry server>:443/
docker tag test-image <FQDN of Docker registry server>:443/test-image
docker push <FQDN of Docker registry server>:443/test-image
docker login https://<FQDN of Docker registry server>:443/
docker pull <FQDN of Docker registry server>:443/test-image
docker run -t -i <FQDN of Docker registry server>:443/test-image /bin/bash
ls