本文介绍,如何在本地局域网内,构建docker的私有仓库
一、准备
首先,确保宿主机器已安装了docker环境(这里以1.7.0版本);第二,已经拉取了仓库进行,这里使用registry:2.5
docker pull registry:2.5
二、生成配置文件
生成配置文件,通过挂载方式,替换容器内的配置文件,
在宿主机器上,新建目录,自定义命名, 这里新建 config 目录,在config 目录下新建了config.yml文件
[root@yj138 dockerRegistry-var]# ls -a
. .. config
[root@yj138 dockerRegistry-var]# du -ch --max-depth=1
8.0K ./config
12K .
12K total
创建配置文件 config.yml 这里需要注意两点, 启动 删除功能, storage 的 delete ; 存储镜像的目录 rootdirectory, 需要采用数据卷方式存储在宿主机器上。
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
三、生成认证信息
[root@yj138 auth]# docker run --rm --entrypoint htpasswd registry:2.5 -Bbn abc abc123 >> /home/hadoop/workspace/dockerRegistry-var/auth/htpasswd
[root@yj138 auth]# ls -a
. .. htpasswd
[root@yj138 auth]# cat htpasswd
abc:$2y$05$uzkOi8LgqpEPjpkbHFY.d.NkaCah0IGk3boIol3guECC5KP88qzo.
[root@yj138 auth]#
这里用户名 abc 密码 abc123
四、启动容器
启动容器时,指定映射的端口与存储卷
使用参数 -v 将宿主机器目录映射到容器目录
docker run -dti -p 5000:5000 --restart=always --name=registry\
-v /../dockerRegistry-var/config/:/etc/docker/registry/ \
-v /../dockerRegistry-var/auth/:/auth/ \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /../dockerRegistry-var/images/:/var/lib/registry/
registry:2.5
启动成功后查看容器
[root@yj138 config]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
925dc8e0a49d registry:2.5 "/entrypoint.sh /etc 6 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp registry
[root@yj138 config]#
上传镜像到本地仓库
首先,给镜像打上标签 格式 仓库IP:端口/仓库名:镜像版本
[root@yj138 config]# docker tag 06cf43840fdb 127.0.0.1:5000/mysql:v1
[root@yj138 config]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
registry.cn-hangzhou.aliyuncs.com/ubuntu_centos_cuda/nvidia latest d1e118a1c3d8 25 hours ago 5.066 GB
registry 2.5 2942bb2fcd88 3 months ago 37.77 MB
daocloud.io/registry latest 642c5398c648 3 months ago 33.29 MB
registry.cn-hangzhou.aliyuncs.com/taozhenting/centos7-mysql5.6.39 latest 22a5a8f2f2ab 7 months ago 933.5 MB
127.0.0.1:5000/mysql 5-6 06cf43840fdb 11 months ago 299 MB
127.0.0.1:5000/mysql v1 06cf43840fdb 11 months ago 299 MB
registry.cn-hangzhou.aliyuncs.com/marmot/mysql-5.6 latest 06cf43840fdb 11 months ago 299 MB
[root@yj138 config]#
我这里展示的是向本机仓库添加镜像
提交镜像
[root@yj138 config]# docker push 127.0.0.1:5000/mysql:v1
The push refers to a repository [127.0.0.1:5000/mysql] (len: 1)
06cf43840fdb: Image already exists
239833c151c6: Image already exists
c22e16be8281: Image already exists
c477bde1e415: Image already exists
0428f43b8156: Image already exists
750dfc9bc628: Image already exists
09483b10ab13: Image already exists
9cfdf683169f: Image already exists
181616be33fb: Image already exists
2f60aa3e8411: Image already exists
d1d524fa0b08: Image already exists
63745c86b4d2: Image already exists
3d0b8e9609f3: Image already exists
526463d0820e: Image already exists
cf9e7c8395c5: Image already exists
470f720c8aca: Image already exists
a2b2035891c3: Image already exists
ff35dc1bb462: Image already exists
a06195ee70ac: Image already exists
1be385882dd0: Image already exists
Digest: sha256:5ef0869e00fa828f62c5dc93b397118b6a7fc95c2ef92da7c302d67e45155773
[root@yj138 config]#
因为我已经上传了一份,这里提示已存在,
五、查看本地仓库
先看下宿主机器的镜像挂载目录, 发现多了一个文件夹 docker , 进入查看到 一个文件夹registry
[root@yj138 workspace]# cd dockerRegistry-var
[root@yj138 dockerRegistry-var]# ls -a
. .. auth config docker images
[root@yj138 dockerRegistry-var]# cd docker && ls -a
. .. registry
[root@yj138 docker]#
继续深入可发现刚提交的镜像
[root@yj138 docker]# cd registry && ls -a
. .. v2
[root@yj138 registry]# cd v2 && ls -a
. .. blobs repositories
[root@yj138 v2]# cd repositories && ls -a
. .. mysql
[root@yj138 repositories]# cd mysql && ls -a
. .. _layers _manifests _uploads
[root@yj138 mysql]# cd _layers && ls -a
. .. sha256
[root@yj138 _layers]# cd sha256 && ls -a
. a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
.. a6ea14861e234ae64816be9b64c795d923527669d12623be317a81a72facbfbf
1783b27322c6ff70f4406eabf7266abb7881ffccdbb195dec7b594da2672024e c6b13209f43b945816b7658a567720983ac5037e3805a779d5772c61599b4f73
4911d79f11a2b0f7dea5fc48ef5ff996498e23d97dc3114d96c1e3b1373f8ea5 cbffc6117276357f2116f18b3b663e613272b5cc2f71c921decbaac533bfc193
539844cd722ca74d0b385e70b8df8dd50a441b771559b27443a483446ca47fe5 e64017a63e5e65d6338d3db8fa64b16d399576008affe3462d07d6bcebd55c95
7c2c99b434f3056b3199d8f261b53fdc4b249b919c3971b0ce6c75185d69cfb6 e64eb78a55577e8f53dfac468d1cc2ab753047ed345c722761c39c1486035960
978dda0958051753075a2d3f743fc43ac6d0847d6d380bee6bef4b3ed18ebefd e71be0cd9deb395bc657c15ed2e18eccbd22033398017cef6f895fcafb4442a7
a3a9461ce526e719a61abd83d2f3e107206950be19d5e1be965cfc2a4bfec790
[root@yj138 sha256]#
OK, 至此,客户端提交的镜像可持久化存储于磁盘上,只要在启动时挂载该目录,同时调整重启策略为 always,以后就不用管仓库容器了。(--restart=always)
客户端查看远程仓库
[root@yj138 config]# curl 127.0.0.1:5000/v2/_catalog
{"repositories":["mysql"]}
[root@yj138 config]#
客户端查看具体仓库的镜像版本
[root@yj138 config]# curl -u abc:abc123 127.0.0.1:5000/v2/_catalog
{"repositories":["mysql"]}
[root@yj138 config]#
查看具体仓库的镜像列表
curl -u abc:abc123 http://127.0.0.1:5000/v2/mysql/tags/list
六、客户端操作
另起个docker环境,在配置文件内daemon.json 添加上如下一段(主要针对 新版 doker 13.7.0及更高版本)
{
"insecure-registries" : ["10.1.108.108:5000"]
}
对应的地址信息,即为刚起仓库容器的地址,如果存在多个仓库,则添加多个,用 逗号隔开。然后,重新加载参数,重新启动docker
systemctl daemon-reload
systemctl restart docker
或者 修改docker 配置文件,这主要是针对低版本的docker
修改 /etc/deafult/docker 或者 /etc/sysconfig/docker
docker 1.7.0 的配置文件在 /etc/sysconfig/docker , 在文件内加上 DOCKER_OPTS=”仓库地址”,可以有多个
# /etc/sysconfig/docker
#
# Other arguments to pass to the docker daemon process
# These will be parsed by the sysv initscript and appended
# to the arguments list passed to docker -d
other_args=
DOCKER_CERT_PATH=/etc/docker
# --registry-mirror设置镜像源
# --insecure-registries 设置非安全验证的私服地址,这样允许使用未经CA认证的证书验证。
# 其他参数 例如 -H 0.0.0.0:2376 -H unix:///var/run/docker.sock 设置tcp监听端口号和sock,便于API调用
# 其他参数 --graph=/data/docker/dockerapp 设置默认的镜像和容器存放地点
DOCKER_OPTS="--registry-mirror=https://34i9xhiv.mirror.aliyuncs.com --insecure-registries=x.x.x.x:5000"
# Resolves: rhbz#1176302 (docker issue #407)
DOCKER_NOWARN_KERNEL_VERSION=1
# Location used for temporary files, such as those created by
# # docker load and build operations. Default is /var/lib/docker/tmp
# # Can be overriden by setting the following environment variable.
# # DOCKER_TMPDIR=/var/tmp
设置完成后,然后重启docker . service docker restart
针对支持 systemctl 的系统,将docker 形成服务后(systemctl enable docker后)生成doker .service 文件,直接修改该文件
修改docker 启动参数
[Service]
ExecStart=
ExecStart=/usr/bin/docker -d -H fd:// --registry-mirror=https://docker.mirrors.ustc.edu.cn --insecure-registry=x.x.x.x:5000
重新启动服务 systemctl restart docker
然后就可以 push pull 镜像了,注意镜像的标签格式 远程仓库IP:端口/仓库名:版本号