Docker4-docker私库的搭建及常用方法-docker-registry方式
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Docker4-docker私库的搭建及常⽤⽅法-docker-registry⽅式⼀、简单介绍
前⾯已经介绍,可以使⽤Docker Hub公共仓库,但是⼤多数情况企业都需要创建⼀个本地仓库供⾃⼰使⽤。
这⾥介绍⼏种搭建私库的⽅法
私库的好处有⼏点
1、节约带宽
2、可以⾃⼰定制系统
3、更加安全
⼆、我知道的⼏种⽅法
1、利⽤官⽅提供的⼯具docker-registry来配置私库
官⽅提供的镜像,注意这个⼯具是个镜像,直接下载并使⽤registry镜像启动docker实例就可以了
2、利⽤Harbor-Registry,来搭建私库
Harbor是⼀个⽤于存储Docker镜像的企业级Registry服务
三、通过官⽅docker-registry来配置私库
1、环境
docker私库地址:192.168.216.51 web1
docker服务器地址:192.168.216.52 web2,此节点使⽤私库服务器来pull/push镜像
2、拓扑
备注:这⾥docker hub 就是私库
docker engine :前⾯原理篇有介绍,是docker架构中的运⾏引擎,同时也Docker运⾏的核⼼模块。
它扮演Docker container存储仓库的⾓⾊,并且通过执⾏job的⽅式来操纵管理这些容器。
3、安装docker私有仓库
1)⾸先安装
⽅式1
也可以下载rpm包安装
这⾥下载的是
为了解决依赖,配置本地源
[root@web2 yum.repos.d]# mv Centos-7.repo ./backup/
[root@web2 yum.repos.d]# ll
total 16
drwxr-xr-x. 2 root root 27 Sep 2314:56 backup
drwxr-xr-x. 2 root root 6 Sep 2314:32 bakcup
-rw-r--r--. 1 root root 65 Sep 2314:53 docker-rpm.repo
-rw-r--r--. 1 root root 664 Sep 2312:54 epel-7.repo
-rw-r--r--. 1 root root 951 Sep 2312:54 epel.repo
-rw-r--r--. 1 root root 1050 Sep 2312:54 epel-testing.repo
[root@web2 yum.repos.d]# cd /root/docker-rpm/
[root@web2 docker-rpm]# createrepo ./
yum install docker-ce -y
⽅式2
配置阿⾥源,epel源⾥⾯我这⾥没有docker,所以配置阿⾥源的docker源[root@web2 yum.repos.d]# cat docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https:///docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https:///docker-ce/linux/centos/7/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https:///docker-ce/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-edge]
name=Docker CE Edge - $basearch
baseurl=https:///docker-ce/linux/centos/7/$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo $basearch
baseurl=https:///docker-ce/linux/centos/7/debug-$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https:///docker-ce/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https:///docker-ce/linux/centos/7/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https:///docker-ce/linux/centos/7/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https:///docker-ce/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https:///docker-ce/linux/centos/7/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https:///docker-ce/linux/centos/7/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https:///docker-ce/linux/centos/7/source/nightly
enabled=0
gpgcheck=1
gpgkey=https:///docker-ce/linux/centos/gpg
[root@web2 yum.repos.d]#
View Code
yum install dockre-ce -y
2)开启防⽕墙
systemctl start firewalld.service
3)开启私有仓库服务端
systemctl start docker
systemctl enable docker
确保两台⼏点都安装了docker,并启动
4、私有仓库服务器拉取或load registry
⽅法1、直接拉取
[root@web1 yum.repos.d]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ...
latest: Pulling from docker.io/library/registry
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146 Status: Image is up to date for docker.io/registry:latest
[root@web1 yum.repos.d]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MB
zxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MB docker.io/atlassian/jira-software latest c4b90dede4f3 5 weeks ago 624 MB zxg/my_nginx v1 b164f4c07c64 8 weeks ago 126 MB
zxg/my_nginx latest f07837869dfc 8 weeks ago 126 MB docker.io/nginx latest e445ab08b2be 2 months ago 126 MB docker.io/alpine latest b7b28af77ffe 2 months ago 5.58 MB docker.io/centos latest 9f38484d220f 6 months ago 202 MB docker.io/registry latest f32a97de94e1 6 months ago 25.8 MB [root@web1 yum.repos.d]#
⽅法2、下载registry.tar包,然后导⼊即可、
docker load -i registry.tar
5、私库服务器随便拉取⼀个镜像,并且打好标签
docker pull busybox
docker tag docker.io/busybox:latest 192.168.216.51:5000/busybox:latest
打好标签就是下⾯标红的⾏
[root@web1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MB
192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB busybox v1 19485c79a9bb 3 weeks ago 1.22 MB docker.io/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB zxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MB
6、修改配置⽂件,指定私库url
需要安装docker-common,检查⼀下有没有安装
[root@web1 yum.repos.d]# rpm -qf /etc/sysconfig/docker
docker-common-1.13.1-96.gitb2f74b2.el7.centos.x86_64
[root@web1 yum.repos.d]#
配置⽂件添加--insecure-registry 192.168.216.51:5000
[root@web1 yum.repos.d]# cat /etc/sysconfig/docker
# /etc/sysconfig/docker
#
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/dockerd
fi
7、重启docker
[root@web1 yum.repos.d]# systemctl restart docker
8、启动私有仓库,使⽤registry镜像运⾏⼀个docker就可以了
[root@web1 yum.repos.d]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry
###-v 指定本地持久路径
27d56aa54e167c26c76e25136b247072883aa29dde247f20c45f97fafedb650b
[root@web1 yum.repos.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27d56aa54e16 registry "/entrypoint.sh /e..." About a minute ago Up 58 seconds 0.0.0.0:5000->5000/tcp frosty_ptolemy [root@web1 yum.repos.d]# netstat -antlop |grep5000
tcp6 00 :::5000 :::* LISTEN 27767/docker-proxy- off (0.00/0/0)
[root@web1 yum.repos.d]# netstat -antup |grep5000
tcp6 00 :::5000 :::* LISTEN 27767/docker-proxy-
[root@web1 yum.repos.d]#
[root@web1 yum.repos.d]# ls /opt/registry
###⽬录已经⾃动创建
9、本机上传镜像,成功后使⽤tree查看
docker push 192.168.216.51:5000/busybox
[root@web1 ~]# tree /opt/registry/docker/registry/
/opt/registry/docker/registry/
└── v2
├── blobs
│└── sha256
│├──19
││└── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
││└── data
│├── 7c
││└── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
││└── data
│└──dd
│└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│└── data
└── repositories
└──busybox
├── _layers
│└── sha256
│├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
││└── link
│└── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│└── link
├── _manifests
│├── revisions
││└── sha256
││└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
││└── link
│└── tags
│└── latest
│├── current
││└── link
│└── index
│└── sha256
│└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│└── link
└── _uploads
26 directories, 8 files
[root@web1 ~]#
10、使⽤52节点下载busybox镜像
我这⾥已经装好docker,就不演⽰怎么安装docker,这⾥都是按照之前原理篇的安装⽅式,请见如下链接: 安装docker请参考:
###修改配置⽂件添加"--insecure-registry不安全的注册"
[root@web2 ~]# cat /etc/sysconfig/docker |grep5000
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000'
###拉取镜像
[root@web2 ~]# docker pull 192.168.216.51:5000/busybox
Using default tag: latest
Trying to pull repository 192.168.216.51:5000/busybox ...
latest: Pulling from 192.168.216.51:5000/busybox
7c9d20b9b6cd: Pull complete
Digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
Status: Downloaded newer image for192.168.216.51:5000/busybox:latest
###查看镜像
[root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB
###运⾏实例-成功
[root@web2 ~]# docker run 192.168.216.51:5000/busybox echo "1111"
1111
[root@web2 ~]#
###创建镜像链接并命名
[root@web2 ~]# docker tag 192.168.216.51:5000/busybox busybox:v1
###删除镜像
[root@web2 ~]# docker rmi 192.168.216.51:5000/busybox
[root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
###运⾏新的实例
[root@web2 ~]# docker run busybox:v1 echo 222
222
到这⾥已经完成了私库搭建⽅⽅法,不过应该在上传⼀个新版本测试:
[root@web2 ~]# docker tag busybox:v1 192.168.216.51:5000/busybox:v1
[root@web2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
[root@web2 ~]# docker push 192.168.216.51:5000/busybox
The push refers to a repository [192.168.216.51:5000/busybox]
6c0ea40aef9d: Layer already exists
v1: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527
[root@web2 ~]#
11、回到51节点测试查看有没有新的版本上传上来
在51节点,上⽤tree命令查看,可以看到v1版本
[root@web1 ~]# tree /opt/registry/docker/registry/
/opt/registry/docker/registry/
└── v2
├── blobs
│└── sha256
│├──19
││└── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
││└── data
│├── 7c
││└── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
││└── data
│└──dd
│└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│└── data
└── repositories
└── busybox
├── _layers
│└── sha256
│├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
││└── link
│└── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│└── link
├── _manifests
│├── revisions
││└── sha256
││└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
││└── link
│└── tags
│├── latest
││├── current
│││└── link
││└── index
││└── sha256
││└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
││└── link
│└── v1
│├── current
││└── link
│└── index
│└── sha256
│└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│└── link
└── _uploads
四、总结⼤家私有仓库的步骤
配置前可以先把防⽕墙及selinux全部关闭
1、安装docker
2、修改配置⽂件两台节点⼀样,有两种⽅式:(注意)
1)、添加参数到/etc/sysconfig/docker⽂件
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000' 2)、还可以把这⾏添加到启动参数⾥,/usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd-current --insecure-registry 192.168.216.51:5000
注意:新版本已经没有/etc/sysconfig/docker配置⽂件了,所以可以统⼀放到启动参数/usr/lib/systemd/system/docker.service
3、拉取registry镜像
4、运⾏registry镜像并映射5000端⼝
5、打标签上传下载镜像完成
五、带授权的registry
注意:这⾥是创建密码认证,⽽不是证书的认证
1、创建授权⽬录
mkdir /auth
2、使⽤registry镜像⽣成 htpasswd加密⽂件其中加密了密码
创建⽤户名:zxg,密码123456,并加密
docker run --entrypoint htpasswd registry -Bbn zxg 123456 >/auth/htpasswd
可以看到密码123456已经加密了
[root@web1 auth]# cat htpasswd
zxg:$2y$05$qCY7iWVJIoOrnIp17WQOf.fcXUTo5xm4DwP3a/8ggzZlEZ3bsnonm
注释:
--entrypoint :是docker的⼀种指令,⽤于给出容器启动后默认⼊⼝ 3、启动带参数的镜像
[root@web1 /]# docker run -d -p 5000:5000 --restart=always --name registry1 \
> -v /opt/registry:/var/lib/registry
> -v /auth:/auth
> -e "REGISTRY_AUTH=htpasswd"
> -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm"
> -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
> registry
37f0ce01ea327e6cd62798e0df683d5d2a4317c3fd865c0f1e19b654f052fe66
4、52节点创建busybox便签v2上传,先登陆,然后上传[root@web2 ~]# docker login192.168.216.51:5000
Username: zxg
Password:
Login Succeeded
[root@web2 ~]# docker tag busybox:v2 192.168.216.51:5000/busybox:v2
busybox v2 19485c79a9bb 3 weeks ago 1.22 MB
[root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
192.168.216.51:5000/busybox v2 19485c79a9bb 3 weeks ago 1.22 MB busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
busybox v2 19485c79a9bb 3 weeks ago 1.22 MB
[root@web2 ~]# docker push 192.168.216.51:5000/busybox:v2
The push refers to a repository [192.168.216.51:5000/busybox]
6c0ea40aef9d: Pushed
v2: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527 [root@web2 ~]#
5、回到51上确认是否上传成功
[root@web1 auth]# tree /opt/registry/docker/registry/v2/
/opt/registry/docker/registry/v2/
├── blobs
│└── sha256
│├──19
││└── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
││└── data
│├── 7c
││└── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
││└── data
│└──dd
│└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│└── data
└── repositories
└── busybox
├── _layers
│└── sha256
│├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
││└── link
│└── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│└── link
├── _manifests
│├── revisions
││└── sha256
││└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
││└── link
│└── tags
│├── latest
││├── current
│││└── link
││└── index
││└── sha256
││└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808││└── link
│├── v1
││├── current
│││└── link
││└── index
││└── sha256
││└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
││└── link
│└── v2
│├── current
││└── link
│└── index
│└── sha256
│└── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808│└── link
└── _uploads
35 directories, 12 files
可以看到已经有v2版本,成功,下⼀篇将介绍Harbor-Registry的⽅式。
转载请注明出处:。