【Docker】Docker学习⑦ - Docker仓库之单机Dokcer Registry

【Docker】Docker学习⑦ - Docker仓库之单机Dokcer Registry

• [七、 Docker仓库之单机Dokcer Registry](#七、 Docker仓库之单机Dokcer Registry)
• • [1 下载docker registry镜像](#1 下载docker registry镜像)
  • [2 搭建单机仓库](#2 搭建单机仓库)
  • • [2.1 创建授权使用目录](#2.1 创建授权使用目录)
    • [2.2 创建用户](#2.2 创建用户)
    • [2.3 验证用户密码](#2.3 验证用户密码)
    • [2.4 启动docker registry](#2.4 启动docker registry)
    • [2.5 验证端口和容器](#2.5 验证端口和容器)
    • [2.6 测试登录仓库](#2.6 测试登录仓库)
    • [2.7 在Server1登陆后上传镜像](#2.7 在Server1登陆后上传镜像)
    • [2.8 Server2下载镜像并启动](#2.8 Server2下载镜像并启动)

七、 Docker仓库之单机Dokcer Registry

Docker Registry作为Docker的核心组件之一负责镜像内容的存储与分发，客户端的docker pull以及push命令都将直接与registry 进行交互，最初版本的registry由Python实现，由于设计初期在安全性，性能以及API的设计上有着诸多的缺陷。该版本在0.9之后停止了开发，由新的项目distribution（新的docker register被称为Distrition）来重新设计并开发下一代Registry，新的项目由go语言开发，所有的API，底层存储方式，系统架构都进行了全面的重新设计，已解决上一代registry中存在的问题，2016年4月份registry2.0正式发布，docker1.6版本开始知识registry2.0，而8月份随着docker1.8发布，docker hub正式启用2.1版本registry全面替代之前的版本，新版registry对镜像存储格式进行了重新设计并和旧版不兼容，docker1.5和之前的版本无法读取2.0的镜像，另外Registry2.4版本之后支持了回收站机制，也就是可以删除镜像了，在2.4版本之前是无法支持删除镜像的，所以如果你要使用最好是大于Registry2.4版本的。

本部分将介绍通过官方提供的docker registry 镜像来简单搭建一套本地私有仓库环境。

1 下载docker registry镜像

	docker pull registry

2 搭建单机仓库

2.1 创建授权使用目录

	mkdir -p /docker/auth

2.2 创建用户

	cd /docker
	#报错
	docker run --entrypoint htpasswd registry -Bbn jack 123456 > auth/htpasswd
	#修改
	htpasswd  -Bbn test 123456 > auth/htpasswd

日志：

	[root@gbase8c_1 ~]# docker pull registry
	Using default tag: latest
	latest: Pulling from library/registry
	79e9f2f55bf5: Pull complete 
	0d96da54f60b: Pull complete 
	5b27040df4a2: Pull complete 
	e2ead8259a04: Pull complete 
	3790aef225b9: Pull complete 
	Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
	Status: Downloaded newer image for registry:latest
	docker.io/library/registry:latest
	[root@gbase8c_1 ~]# mkdir -p /docker/auth  
	[root@gbase8c_1 ~]# cd /docker
	[root@gbase8c_1 docker]# docker images
	REPOSITORY                   TAG               IMAGE ID       CREATED         SIZE
	registry                     latest            b8604a3fe854   2 years ago     26.2MB
	[root@gbase8c_1 docker]# docker run --entrypoint htpasswd registry -Bbn jack 123456 > auth/htpasswd
	docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "htpasswd": executable file not found in $PATH: unknown.
	ERRO[0000] error waiting for container:  

2.3 验证用户密码

	cat auth/htpasswd
	[root@gbase8c_1 docker]# cat auth/htpasswd
	test:$2y$05$BCm9sruCprQymAV5vk5XKOybtlVb4vrftWXqbe5fbpjlq2suQPYwO

2.4 启动docker registry

	docker run -d -p5000:5000 --restart=always --name registry1 -v /docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry

2.5 验证端口和容器

日志：

	[root@gbase8c_1 docker]# docker run -d -p5000:5000 --restart=always --name registry1 -v /docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
	ec968bda55f7068065688569d83ea6f4c53d413af39e6dbe4c06a1f4dd58178f
	[root@gbase8c_1 docker]# docker ps
	CONTAINER ID   IMAGE      COMMAND                   CREATED         STATUS         PORTS                                       NAMES
	ec968bda55f7   registry   "/entrypoint.sh /etc..."   4 seconds ago   Up 4 seconds   0.0.0.0:5000->5000/tcp, :::5000->5000/tcp   registry1
	[root@gbase8c_1 docker]# ss -ntl
	State      Recv-Q Send-Q  Local Address:Port Peer Address:Port              
	LISTEN     0      128                 *:5000            *:*                  

2.6 测试登录仓库

报错：

	[root@gbase8c_1 docker]# docker login 192.168.56.200:5000
	Username: test
	Password: 
	Error response from daemon: Get "https://192.168.56.200:5000/v2/": http: server gave HTTP response to HTTPS client

• 解决方式1(无效)：

    编辑各docker 服务器/etc/sysconfig/docker 配置文件如下
    #Server1:
    vim /etc/sysconfig/docker
    OPTIONS='--selinux-enabled --log-driver==journald'
    ADD_REGISTRY='--add-registry 192.168.56.200:5000'
    INSECURE_REGISTRY='--insecure-registry 192.168.56.200:5000'
    #重启docker
    systemctl restart docker
    #Server2:
    vim /etc/sysconfig/docker
    OPTIONS='--selinux-enabled --log-driver==journald'
    if [ -z "${DOCKER_CERT_PATH}" ];then
        DOCKER_CERT_PATH=/etc/docker
    fi
    ADD_REGISTRY='--add-registry 192.168.56.200:5000'
    INSECURE_REGISTRY='--insecure-registry 192.168.56.200:5000'
    #重启docker
    systemctl restart docker
  

• 解决方式2：

    [root@gbase8c_private docker]# cat /etc/docker/daemon.json
    {
    	"insecure-registries":["192.168.56.199","192.168.56.200:5000"],   #←新增
    	"registry-mirrors":["https://pkjijpqo.mirror.aliyuncs.com"]
    }
    #登录成功
    [root@gbase8c_private docker]# docker login 192.168.56.200:5000
    Username (test): test
    Password: 
    Login Succeeded
  

2.7 在Server1登陆后上传镜像

• 2.7.1 镜像打tag

    docker tag jack/nginx-1.22.1:v1 192.168.56.200:5000/jack/nginx-1.22.1:v1
  

• 2.7.2 上传镜像

    docker push 192.168.56.200:5000/jack/nginx-1.22.1:v1
  

日志：

	[root@gbase8c_1 docker]# docker tag jack/nginx-1.22.1:v1 192.168.56.200:5000/jack/nginx-1.22.1:v1
	[root@gbase8c_1 docker]# docker images
	REPOSITORY                              TAG               IMAGE ID       CREATED         SIZE
	jack/nginx-1.22.1                       v1                5ec2d0d6aa22   2 weeks ago     638MB
	192.168.56.200:5000/jack/nginx-1.22.1   v1                5ec2d0d6aa22   2 weeks ago     638MB
	[root@gbase8c_1 docker]# docker push 192.168.56.200:5000/jack/nginx-1.22.1:v1
	The push refers to repository [192.168.56.200:5000/jack/nginx-1.22.1]
	a7a030277385: Pushed 
	033b7c388a51: Pushed 
	62900648f903: Pushed 
	7bb7d3a7a010: Pushed 
	9e9129ee0c59: Pushed 
	382519f0e19e: Pushed 
	a4437975d033: Pushed 
	badae34ffc22: Pushed 
	26a72414b92b: Pushed 
	661b4c00d916: Pushed 
	74ddd0ec08fa: Pushed 
	v1: digest: sha256:145e675dbf1533dd5cf834a4131128fd0b8d0f3f7a959919fba782f2261a1164 size: 2621

2.8 Server2下载镜像并启动

• 2.8.1 登录并从docker registry 下载镜像

    docker images
    docker login 192.168.56.200:5000
    docker pull 192.168.56.200:5000/jack/nginx-1.22.1:v1
  

• 2.8.2 验证下载成功

    docker images
  

• 2.8.3 从下载的镜像启动容器

    docker run -d --name docker-registry -p80:80 192.168.56.200:5000/jack/nginx-1.22.1:v1 nginx
  

• 2.8.4 验证登录
  日志：

    [root@gbase8c_private docker]# docker login 192.168.56.200:5000
    Username (test): test
    Password: 
    Login Succeeded
    [root@gbase8c_private docker]# docker pull 192.168.56.200:5000/jack/nginx-1.22.1:v1
    v1: Pulling from jack/nginx-1.22.1
    Digest: sha256:145e675dbf1533dd5cf834a4131128fd0b8d0f3f7a959919fba782f2261a1164
    Status: Downloaded newer image for 192.168.56.200:5000/jack/nginx-1.22.1:v1
    [root@gbase8c_private docker]# docker images
    REPOSITORY                              TAG                 IMAGE ID            CREATED             SIZE
    192.168.56.200:5000/jack/nginx-1.22.1   v1                  5ec2d0d6aa22        2 weeks ago         638MB
    [root@gbase8c_private docker]# docker run -d --name docker-registry -p80:80 192.168.56.200:5000/jack/nginx-1.22.1:v1 nginx
    2cf5864c064519853ead197bc1bba643eeb7dd21bac28be93bd9f7a7f876e409
    [root@gbase8c_private docker]# docker ps
    CONTAINER ID        IMAGE                                      COMMAND             CREATED             STATUS              PORTS                         NAMES
    2cf5864c0645        192.168.56.200:5000/jack/nginx-1.22.1:v1   "nginx"             8 seconds ago       Up 7 seconds        0.0.0.0:80->80/tcp, 443/tcp   docker-registry