【Docker】Docker学习⑦ - Docker仓库之单机Dokcer Registry
- [七、 Docker仓库之单机Dokcer Registry](#七、 Docker仓库之单机Dokcer Registry)
-
- [1 下载docker registry镜像](#1 下载docker registry镜像)
- [2 搭建单机仓库](#2 搭建单机仓库)
-
- [2.1 创建授权使用目录](#2.1 创建授权使用目录)
- [2.2 创建用户](#2.2 创建用户)
- [2.3 验证用户密码](#2.3 验证用户密码)
- [2.4 启动docker registry](#2.4 启动docker registry)
- [2.5 验证端口和容器](#2.5 验证端口和容器)
- [2.6 测试登录仓库](#2.6 测试登录仓库)
- [2.7 在Server1登陆后上传镜像](#2.7 在Server1登陆后上传镜像)
- [2.8 Server2下载镜像并启动](#2.8 Server2下载镜像并启动)
七、 Docker仓库之单机Dokcer Registry
Docker Registry作为Docker的核心组件之一负责镜像内容的存储与分发,客户端的docker pull以及push命令都将直接与registry 进行交互,最初版本的registry由Python实现,由于设计初期在安全性,性能以及API的设计上有着诸多的缺陷。该版本在0.9之后停止了开发,由新的项目distribution(新的docker register被称为Distrition)来重新设计并开发下一代Registry,新的项目由go语言开发,所有的API,底层存储方式,系统架构都进行了全面的重新设计,已解决上一代registry中存在的问题,2016年4月份registry2.0正式发布,docker1.6版本开始知识registry2.0,而8月份随着docker1.8发布,docker hub正式启用2.1版本registry全面替代之前的版本,新版registry对镜像存储格式进行了重新设计并和旧版不兼容,docker1.5和之前的版本无法读取2.0的镜像,另外Registry2.4版本之后支持了回收站机制,也就是可以删除镜像了,在2.4版本之前是无法支持删除镜像的,所以如果你要使用最好是大于Registry2.4版本的。
本部分将介绍通过官方提供的docker registry 镜像来简单搭建一套本地私有仓库环境。
1 下载docker registry镜像
docker pull registry
2 搭建单机仓库
2.1 创建授权使用目录
mkdir -p /docker/auth
2.2 创建用户
cd /docker
#报错
docker run --entrypoint htpasswd registry -Bbn jack 123456 > auth/htpasswd
#修改
htpasswd -Bbn test 123456 > auth/htpasswd
日志:
[root@gbase8c_1 ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
79e9f2f55bf5: Pull complete
0d96da54f60b: Pull complete
5b27040df4a2: Pull complete
e2ead8259a04: Pull complete
3790aef225b9: Pull complete
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@gbase8c_1 ~]# mkdir -p /docker/auth
[root@gbase8c_1 ~]# cd /docker
[root@gbase8c_1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest b8604a3fe854 2 years ago 26.2MB
[root@gbase8c_1 docker]# docker run --entrypoint htpasswd registry -Bbn jack 123456 > auth/htpasswd
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "htpasswd": executable file not found in $PATH: unknown.
ERRO[0000] error waiting for container:
2.3 验证用户密码
cat auth/htpasswd
[root@gbase8c_1 docker]# cat auth/htpasswd
test:$2y$05$BCm9sruCprQymAV5vk5XKOybtlVb4vrftWXqbe5fbpjlq2suQPYwO
2.4 启动docker registry
docker run -d -p5000:5000 --restart=always --name registry1 -v /docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
2.5 验证端口和容器
日志:
[root@gbase8c_1 docker]# docker run -d -p5000:5000 --restart=always --name registry1 -v /docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
ec968bda55f7068065688569d83ea6f4c53d413af39e6dbe4c06a1f4dd58178f
[root@gbase8c_1 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec968bda55f7 registry "/entrypoint.sh /etc..." 4 seconds ago Up 4 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp registry1
[root@gbase8c_1 docker]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:5000 *:*
2.6 测试登录仓库
报错:
[root@gbase8c_1 docker]# docker login 192.168.56.200:5000
Username: test
Password:
Error response from daemon: Get "https://192.168.56.200:5000/v2/": http: server gave HTTP response to HTTPS client
-
解决方式1(无效):
编辑各docker 服务器/etc/sysconfig/docker 配置文件如下 #Server1: vim /etc/sysconfig/docker OPTIONS='--selinux-enabled --log-driver==journald' ADD_REGISTRY='--add-registry 192.168.56.200:5000' INSECURE_REGISTRY='--insecure-registry 192.168.56.200:5000' #重启docker systemctl restart docker #Server2: vim /etc/sysconfig/docker OPTIONS='--selinux-enabled --log-driver==journald' if [ -z "${DOCKER_CERT_PATH}" ];then DOCKER_CERT_PATH=/etc/docker fi ADD_REGISTRY='--add-registry 192.168.56.200:5000' INSECURE_REGISTRY='--insecure-registry 192.168.56.200:5000' #重启docker systemctl restart docker
-
解决方式2:
[root@gbase8c_private docker]# cat /etc/docker/daemon.json { "insecure-registries":["192.168.56.199","192.168.56.200:5000"], #←新增 "registry-mirrors":["https://pkjijpqo.mirror.aliyuncs.com"] } #登录成功 [root@gbase8c_private docker]# docker login 192.168.56.200:5000 Username (test): test Password: Login Succeeded
2.7 在Server1登陆后上传镜像
-
2.7.1 镜像打tag
docker tag jack/nginx-1.22.1:v1 192.168.56.200:5000/jack/nginx-1.22.1:v1
-
2.7.2 上传镜像
docker push 192.168.56.200:5000/jack/nginx-1.22.1:v1
日志:
[root@gbase8c_1 docker]# docker tag jack/nginx-1.22.1:v1 192.168.56.200:5000/jack/nginx-1.22.1:v1
[root@gbase8c_1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jack/nginx-1.22.1 v1 5ec2d0d6aa22 2 weeks ago 638MB
192.168.56.200:5000/jack/nginx-1.22.1 v1 5ec2d0d6aa22 2 weeks ago 638MB
[root@gbase8c_1 docker]# docker push 192.168.56.200:5000/jack/nginx-1.22.1:v1
The push refers to repository [192.168.56.200:5000/jack/nginx-1.22.1]
a7a030277385: Pushed
033b7c388a51: Pushed
62900648f903: Pushed
7bb7d3a7a010: Pushed
9e9129ee0c59: Pushed
382519f0e19e: Pushed
a4437975d033: Pushed
badae34ffc22: Pushed
26a72414b92b: Pushed
661b4c00d916: Pushed
74ddd0ec08fa: Pushed
v1: digest: sha256:145e675dbf1533dd5cf834a4131128fd0b8d0f3f7a959919fba782f2261a1164 size: 2621
2.8 Server2下载镜像并启动
-
2.8.1 登录并从docker registry 下载镜像
docker images docker login 192.168.56.200:5000 docker pull 192.168.56.200:5000/jack/nginx-1.22.1:v1
-
2.8.2 验证下载成功
docker images
-
2.8.3 从下载的镜像启动容器
docker run -d --name docker-registry -p80:80 192.168.56.200:5000/jack/nginx-1.22.1:v1 nginx
-
2.8.4 验证登录
日志:[root@gbase8c_private docker]# docker login 192.168.56.200:5000 Username (test): test Password: Login Succeeded [root@gbase8c_private docker]# docker pull 192.168.56.200:5000/jack/nginx-1.22.1:v1 v1: Pulling from jack/nginx-1.22.1 Digest: sha256:145e675dbf1533dd5cf834a4131128fd0b8d0f3f7a959919fba782f2261a1164 Status: Downloaded newer image for 192.168.56.200:5000/jack/nginx-1.22.1:v1 [root@gbase8c_private docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.56.200:5000/jack/nginx-1.22.1 v1 5ec2d0d6aa22 2 weeks ago 638MB [root@gbase8c_private docker]# docker run -d --name docker-registry -p80:80 192.168.56.200:5000/jack/nginx-1.22.1:v1 nginx 2cf5864c064519853ead197bc1bba643eeb7dd21bac28be93bd9f7a7f876e409 [root@gbase8c_private docker]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2cf5864c0645 192.168.56.200:5000/jack/nginx-1.22.1:v1 "nginx" 8 seconds ago Up 7 seconds 0.0.0.0:80->80/tcp, 443/tcp docker-registry