建立和使用私有倉庫

環境：

docker version:Docker version 1.7.1, build 786b29d/1.7.1

uname -a:Linux docker1 4.4.163-1.el6.elrepo.x86_64 #1 SMP Sat Nov 10 14:24:39 EST 2018 x86_64 x86_64 x86_64 GNU/Linux

docker1:192.168.88.129

docker2(registry):192.168.88.130

1.使用registry鏡像建立私有倉庫
[root@docker2 ~]# docker pull registry:2.2
Digest: sha256:a9128f456da044c4132c41973b065d2e2c46b04682c65f23dbb5d0c51071d595
Status: Downloaded newer image for registry:2.2

[root@docker2 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
registry            latest              642c5398c648        11 weeks ago        33.29 MB
registry            2.2                 1fff2b77d9b3        2 years ago         224.5 MB

 

2.啓動私有倉庫
默認狀況下，會將倉庫建立在容器的/tmp/registry目錄下，具體位置能夠等倉庫建立完查看，我看到的鏡像是存放在倉庫的/var/lib/registry。能夠經過-v參數來將鏡像文件存放在本地的指定路徑上。
下面將上傳的鏡像放到/opt/data/registry目錄。
[root@docker2 ~]#docker run -d --name=my_registry -p 5000:5000 -v /opt/data/registry:/tmp/registry registry:2.2
ce5d8afbbe7c0b5500de159a74bf42bb2ce1fb2accc3fef70e608fa03201c48d
[root@docker2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ce5d8afbbe7c registry:2.2 "/bin/registry /etc/ 11 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp my_registry

倉庫鏡像存儲位置查看：

[root@docker2 ~]# docker exec -it ce5d sh
# 
# ls /tmp/registry
# 
# find / -name registry
/tmp/registry
/var/lib/ucf/registry
/var/lib/registry
/var/lib/registry/docker/registry
/etc/docker/registry
/bin/registry
# ls /var/lib/registry/docker/registry/v2/repositories
centos    test（centos和test是上傳的鏡像文件）
#

 另外一種啓動和建立registry的方式：

掛載卷的方式覆蓋配置：

能夠使用掛載卷的方式來用本地提早配置的文件取代倉庫的配置文件

本地文件：/data/config.yml，較於倉庫的config.yml文件添加了delect這一項，用於鏡像刪除。

docker run -d --name=my_registry_1 -p 5000:5000 -v /opt/data/registry:/var/lib/registry -v /data/config.yml:/etc/docker/registry/config.yml registry:2.2

cat config.yml
 
version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

 

3.鏡像上傳
先以如下參數來啓動docker1上的docker服務：
[root@docker1 ~]# docker -d --insecure-registry 192.168.88.130:5000 &
[1] 4035
[root@docker1 ~]# INFO[0000] Listening for HTTP on unix (/var/run/docker.sock)
INFO[0000] [graphdriver] using prior storage driver "devicemapper"
WARN[0000] Running modprobe bridge nf_nat failed with message: , error: exit status 1
INFO[0000] Loading containers: start.
......
INFO[0000] Loading containers: done.
INFO[0000] Daemon has completed initialization
INFO[0000] Docker daemon commit=786b29d/1.7.1 execdriver=native-0.2 graphdriver=devicemapper version=1.7.1

在我這臺機器上不使用'--insecure-registry 192.168.88.130:5000 '參數啓動docker服務,上傳鏡像時會出現如下報錯
Error response from daemon: invalid registry endpoint https://192.168.88.130:3000/v0/: unable to ping registry endpoint https://192.168.88.130:3000/v0/
v2 ping attempt failed with error: Get https://192.168.88.130:3000/v2/: dial tcp 192.168.88.130:3000: connection refused
v1 ping attempt failed with error: Get https://192.168.88.130:3000/v1/_ping: dial tcp 192.168.88.130:3000: connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate,
please add `--insecure-registry 192.168.88.130:3000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag;
simply place the CA certificate at /etc/docker/certs.d/192.168.88.130:3000/ca.crt

修改一下該鏡像的tag標識
[root@docker1 ~]# docker tag test 192.168.88.130:5000/test

鏡像查看

[root@docker1 ~]# docker images
INFO[0089] GET /v1.19/images/json                       
REPOSITORY                 TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
sshd                       centos6.6           2fc5a70673de        20 hours ago        247.1 MB
192.168.88.130:5000/test   latest              d71fc6939e16        12 days ago         86.18 MB
ubuntu                     latest              d71fc6939e16        12 days ago         86.18 MB
centos                     6.6                 b68d4c55c484        7 weeks ago         202.6 MB
centos                     latest              ea4b646d9000        7 weeks ago         200.4 MB

 

上傳鏡像：
[root@docker1 ~]# docker push 192.168.88.130:5000/test

查看私有倉庫裏的鏡像

[root@docker1 ~]# curl -XGET http://192.168.88.130:5000/v2/_catalog
{"repositories":["test"]}

 

4.測試
刪除現有的標籤和鏡像
[root@docker1 ~]# docker rmi 192.168.88.130:5000/test
[root@docker1 ~]# docker rmi d71fc
[root@docker1 ~]# docker images

INFO[2205] GET /v1.19/images/json                       
REPOSITORY                 TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
sshd                       centos6.6           2fc5a70673de        21 hours ago        247.1 MB
ubuntu                     latest              d71fc6939e16        12 days ago         86.18 MB
192.168.88.130:5000/test   latest              d71fc6939e16        12 days ago         86.18 MB
centos                     6.6                 b68d4c55c484        7 weeks ago         202.6 MB
centos                     latest              ea4b646d9000        7 weeks ago         200.4 MB

 

從私有倉庫中下載該鏡像：
[root@docker1 ~]# docker pull 192.168.88.130:5000/test

[root@docker1 ~]# docker images
INFO[2281] GET /v1.19/images/json                       
REPOSITORY                 TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
sshd                       centos6.6           2fc5a70673de        21 hours ago        247.1 MB
192.168.88.130:5000/test   latest              d71fc6939e16        12 days ago         86.18 MB
centos                     6.6                 b68d4c55c484        7 weeks ago         202.6 MB
centos                     latest              ea4b646d9000        7 weeks ago         200.4 MB

 

 5.registry鏡像刪除

用docker run -d --name=my_registry_1 -p 5000:5000 -v /opt/data/registry:/var/lib/registry -v /data/config.yml:/etc/docker/registry/config.yml registry:2.2 建立的my_registry_1能夠刪除鏡像，固然也能夠同過修改/etc/docker/registry/config.yml

來達到刪除鏡像的目的。

方案一
curl -I -X DELETE <protocol>://<registry_host>/v2/<repo_name>/manifests/<digest_hash>

方案二
docker exec -ti rm -rf /var/lib/registry/docker/registry/v2/repositories/<image_name>

registry2.2不具有鏡像回收機制

docker exec -it my_registry_1  /bin/registry garbage-collect  /etc/docker/registry/config.yml

Docker Registry v2.4.0

Garbage Collector

A garbage collector tool has been added to the registry. For more details see the garbage collector documentation.