离线环境部署docker环境

本文内容

• 通过binary方式安装docker，并注册成服务
• 搭建docker私有镜像仓库

背景描述

• 所在的服务器是一个内网，无法访问到外网环境。
• 服务器OS版本是 CentOS 7.9

安装docker

获取所需版本的docker binary包，官方链接在 download.docker.com/linux/stati.... 在这里我选择了最新版本的 docker-24.0.7.tgz

将压缩包上传到目标服务器。

解压压缩包，并把文件放在/usr/bin/

$ tar zxvf docker-24.0.7.tgz 
docker/
docker/docker
docker/docker-init
docker/dockerd
docker/runc
docker/ctr
docker/containerd-shim-runc-v2
docker/containerd
docker/docker-proxy
$ sudo cp docker/* /usr/bin/

编写service文件

$ vim /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
 
[Install]
WantedBy=multi-user.target

新增用户组 docker。其他用户需要有docker的执行权限，只需将用户加入docker用户组即可

$ sudo groupadd docker
$ sudo usermod -aG docker $USER

启动docker service,并设置开机自启动

$ sudo chmod +x /etc/systemd/system/docker.service
$ sudo systemctl daemon-reload
$ sudo systemctl start docker
$ sudo systemctl enable docker

验证

$ systemctl status docker                                                         
● docker.service - Docker Application Container Engine
   Loaded: loaded (/etc/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2023-12-24 02:13:06 EST; 1min 1s ago
     Docs: https://docs.docker.com
 Main PID: 1764 (dockerd)
   CGroup: /system.slice/docker.service
           ├─1764 /usr/bin/dockerd
           └─1771 containerd --config /var/run/docker/containerd/containerd.toml
$ docker -v
Docker version 24.0.7, build afdd53b

搭建docker私有镜像仓库

在一台可以访问到外网的服务器上面准备registry镜像包

$ docker pull registry
Using default tag: latest
latest: Pulling from library/registry
c926b61bad3b: Pull complete 
5501dced60f8: Pull complete 
e875fe5e6b9c: Pull complete 
21f4bf2f86f9: Pull complete 
98513cca25bb: Pull complete 
Digest: sha256:0a182cb82c93939407967d6d71d6caf11dcef0e5689c6afe2d60518e3b34ab86
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
$ docker save -o registry.tar registry
$ gzip registry.tar

上传镜像包registry.tar.gz到目标服务器

解压加载镜像

$ gunzip registry.tar.gz 
$ docker load < registry.tar 
4693057ce236: Loading layer [==================================================>]  7.626MB/7.626MB
f4285c491509: Loading layer [==================================================>]  771.6kB/771.6kB
90d6ca1e837f: Loading layer [==================================================>]   16.2MB/16.2MB
f79c4d8837b6: Loading layer [==================================================>]  4.096kB/4.096kB
85f82aceeda3: Loading layer [==================================================>]  2.048kB/2.048kB
Loaded image: registry:2.8.2
9fe9a137fd00: Loading layer [==================================================>]   7.63MB/7.63MB
d9bce47b357e: Loading layer [==================================================>]  771.6kB/771.6kB
afcdb1715fb3: Loading layer [==================================================>]  17.55MB/17.55MB
9f383ae4f64d: Loading layer [==================================================>]  4.096kB/4.096kB
645ddea72735: Loading layer [==================================================>]  2.048kB/2.048kB
Loaded image: registry:latest

启动私有镜像仓库容器

$ sudo mkdir -p /data/registry
$ docker run -itd -v /data/registry/:/docker/registry -p 5000:5000 --restart=always --name private-registry registry:latest
98cb5c25871b94420418094efb19f36c45c7fbe18274229e9f8c4b00328ec180

参数说明

-itd：在容器中打开一个伪终端进行交互操作，并在后台运行

-v：映射目录, 将宿主机的/data/registry 映射到容器的/dcoker/registry

-p：映射端口, 将宿主机的5000端口映射到容器的5000端口

测试上传镜像到private-registry

$ docker tag registry 127.0.0.1:5000/registry
$ docker push 127.0.0.1:5000/registry
Using default tag: latest
The push refers to repository [127.0.0.1:5000/registry]
645ddea72735: Pushed 
9f383ae4f64d: Pushed 
afcdb1715fb3: Pushed 
d9bce47b357e: Pushed 
9fe9a137fd00: Pushed 
latest: digest: sha256:860f379a011eddfab604d9acfe3cf50b2d6e958026fb0f977132b0b083b1a3d7 size: 1363

测试下载镜像

$ docker rmi 127.0.0.1:5000/registry
Untagged: 127.0.0.1:5000/registry:latest
Untagged: 127.0.0.1:5000/registry@sha256:860f379a011eddfab604d9acfe3cf50b2d6e958026fb0f977132b0b083b1a3d7
$ docker pull 127.0.0.1:5000/registry
Using default tag: latest
latest: Pulling from registry
Digest: sha256:860f379a011eddfab604d9acfe3cf50b2d6e958026fb0f977132b0b083b1a3d7
Status: Downloaded newer image for 127.0.0.1:5000/registry:latest
127.0.0.1:5000/registry:latest

查看私有仓库镜像

$ curl http://localhost:5000/v2/_catalog
{"repositories":["registry"]}