docker搭建私服倉庫-學習筆記

1 搭建私有倉庫

使用docker run的時候，先查找本地倉庫，若是本地沒有，會向公共倉庫發起申請，找到對應版本，
下載後運行這個鏡像的實例。

[root@localhost ~]# 
[root@localhost ~]# docker run -d -p 5000:5000 registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
4064ffdc82fe: Pull complete 
c12c92d1c5a2: Pull complete 
4fbc9b6835cc: Pull complete 
765973b0f65f: Pull complete 
3968771a7c3a: Pull complete 
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:latest
1ecea934119bfd43c0f960740197db8410bcf317c9bcdb005a7c28d720de51f7

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS              PORTS                    NAMES
1ecea934119b        registry                  "/entrypoint.sh /etc…"   19 seconds ago      Up 17 seconds       0.0.0.0:5000->5000/tcp   infallible_bartik
6af5902d98c0        nginx                     "nginx -g 'daemon of…"   20 hours ago        Up 20 hours         0.0.0.0:80->80/tcp       nginx
4bc701965bca        ansible/centos7-ansible   "/bin/bash"              21 hours ago        Up 21 hours                                   ws

關係：註冊服務器存放倉庫的服務器，一個服務器上有多個倉庫，倉庫可分爲公共倉庫和私有倉庫，一個倉庫裏能夠有多個鏡像，而容器是鏡像的實例。
註冊服務器(repository)
倉庫(registry)
鏡像(image)
容器(container)

2 使用dockerfile來建立本身的鏡像
運行一個python程序，用於flask訪問redis, dockerfile

[root@localhost dockerfile]# more Dockerfile 
From python:2.7-slim
WORKDIR /app
ADD . /app
RUN pip install --trusted-host pypi.python.org -r requirements.txt
EXPOSE 80
ENV NAME World
CMD ["python","app.py"]

說明：
dockerfile第一行必須指定基礎的鏡像，此處的dockerfile就是以python2.7-slim爲基礎鏡像，當指定爲基礎鏡像的時候使用着急字爲FROM
WORKDIR表示指定工做目錄，主要是爲了在使用RUN，CMD，ENTRYPOINT指定工做目錄，在指定目錄的時候，若是沒有以/開頭那麼表示爲相對路徑，若是指定了是使用的絕對路徑。
ADD表示複製指定的源文件到容器的目錄路徑之中，在使用COPY的時候也是複製，只是相對於dockerfile的相對路徑。
RUN後面若是直接是命令，表示在shell中直接運行的命令，使用/bin/sh -c來直接運行這個命令；以上的RUN也能夠修改成
RUN["executable","pip install --trusted-host pypi.python.org -r requirements.txt"],這步的主要目的就是安裝相關的python模塊文件redis和flask。

EXPOSE表示爲容器對外的端口，在啓動容器時，可以使用-P參數來指定容器的端口隱射關係。

ENV表示設定環境變量，會被RUN使用到，而且在容器運行的時候保持。

CMD表示指定容器啓動時的命令，表示容器運行以後，運行python app.py

dockerfile寫完後，就須要建立一個app依賴的模塊文件，requirements.txt.

[root@localhost dockerfile]# cat requirements.txt 
Flask
Redis

flask的程序，監聽端口80

from flask import Flask
from redis import Redis, RedisError
import os
import socket

    redis = Redis(host="redis", db=0, socket_connect_timeout=2, socket_timeout=2)
    app = Flask(__name__)
    @app.route("/")
    def hello():
        try:
            visits = redis.incr("counter")
        except RedisError:
            visits = "<i>cannot connect to Redis, counter disabled</i>"

        html = "<h3>Hello {name}!</h3>" \
           "<b>Hostname:</b> {hostname}<br/>" \
           "<b>Visits:</b> {visits}"
        return html.format(name=os.getenv("NAME", "world"), hostname=socket.gethostname(), visits=visits)
if __name__ == "__main__":
    app.run(host='0.0.0.0', port=80)

開始編譯鏡像，使用參數未build， -t 表示爲這個鏡像打上標籤。

[root@localhost dockerfile]# docker build -t kel/python .
Sending build context to Docker daemon  4.608kB
Step 1/7 : From python:2.7-slim
 ---> 40792d8a2d6d
Step 2/7 : WORKDIR /app
 ---> Using cache
 ---> 9aa8427b4473
Step 3/7 : ADD . /app
 ---> b45825ac6286
Step 4/7 : RUN pip install --trusted-host pypi.python.org -r requirements.txt
 ---> Running in b5abce805944
Collecting Flask (from -r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/7f/e7/08578774ed4536d3242b14dacb4696386634607af824ea997202cd0edb4b/Flask-1.0.2-py2.py3-none-any.whl (91kB)
Collecting Redis (from -r requirements.txt (line 2))
  Downloading https://files.pythonhosted.org/packages/3b/f6/7a76333cf0b9251ecf49efff635015171843d9b977e4ffcf59f9c4428052/redis-2.10.6-py2.py3-none-any.whl (64kB)
Collecting itsdangerous>=0.24 (from Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/dc/b4/a60bcdba945c00f6d608d8975131ab3f25b22f2bcfe1dab221165194b2d4/itsdangerous-0.24.tar.gz (46kB)
Collecting Jinja2>=2.10 (from Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/7f/ff/ae64bacdfc95f27a016a7bed8e8686763ba4d277a78ca76f32659220a731/Jinja2-2.10-py2.py3-none-any.whl (126kB)
Collecting Werkzeug>=0.14 (from Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl (322kB)
Collecting click>=5.1 (from Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/34/c1/8806f99713ddb993c5366c362b2f908f18269f8d792aff1abfd700775a77/click-6.7-py2.py3-none-any.whl (71kB)
Collecting MarkupSafe>=0.23 (from Jinja2>=2.10->Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/MarkupSafe-1.0.tar.gz
Building wheels for collected packages: itsdangerous, MarkupSafe
  Running setup.py bdist_wheel for itsdangerous: started
  Running setup.py bdist_wheel for itsdangerous: finished with status 'done'
  Stored in directory: /root/.cache/pip/wheels/2c/4a/61/5599631c1554768c6290b08c02c72d7317910374ca602ff1e5
  Running setup.py bdist_wheel for MarkupSafe: started
  Running setup.py bdist_wheel for MarkupSafe: finished with status 'done'
  Stored in directory: /root/.cache/pip/wheels/33/56/20/ebe49a5c612fffe1c5a632146b16596f9e64676768661e4e46
Successfully built itsdangerous MarkupSafe
Installing collected packages: itsdangerous, MarkupSafe, Jinja2, Werkzeug, click, Flask, Redis
Successfully installed Flask-1.0.2 Jinja2-2.10 MarkupSafe-1.0 Redis-2.10.6 Werkzeug-0.14.1 click-6.7 itsdangerous-0.24
Removing intermediate container b5abce805944
 ---> 02714dab17f4
Step 5/7 : EXPOSE 80
 ---> Running in f94efe4e46bd
Removing intermediate container f94efe4e46bd
 ---> e840cecd9caa
Step 6/7 : ENV NAME World
 ---> Running in 70b93f89f4c7
Removing intermediate container 70b93f89f4c7
 ---> 9c68b818afaa
Step 7/7 : CMD ["python","app.py"]
 ---> Running in d9da30b0b576
Removing intermediate container d9da30b0b576
 ---> a5195d8da32f
Successfully built a5195d8da32f
Successfully tagged kel/python:latest

[root@localhost dockerfile]# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
kel/python                latest              a5195d8da32f        21 seconds ago      132MB
python                    2.7-slim            40792d8a2d6d        27 hours ago        120MB
registry                  latest              b2b03e9146e1        3 weeks ago         33.3MB

在進行push到私有倉庫前，必須打tag，標記相關的ip和端口
[root@localhost dockerfile]# docker tag kel/python 192.168.10.138:5000/python
[root@localhost dockerfile]# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
192.168.10.138:5000/python   latest              a5195d8da32f        14 minutes ago      132MB
kel/python                   latest              a5195d8da32f        14 minutes ago      132MB
python                       2.7-slim            40792d8a2d6d        28 hours ago        120MB
registry                     latest              b2b03e9146e1        3 weeks ago         33.3MB

[root@localhost dockerfile]# docker push 192.168.10.138:5000/python
The push refers to repository [192.168.10.138:5000/python]
Get https://192.168.10.138:5000/v2/: http: server gave HTTP response to HTTPS client

報錯解決辦法：

[root@localhost dockerfile]# more /etc/docker/daemon.json
{ "insecure-registries":["192.168.10.138:5000"]}

重啓docker
[root@localhost dockerfile]# systemctl restart docker
再執行

[root@localhost dockerfile]# docker push 192.168.10.138:5000/python
The push refers to repository [192.168.10.138:5000/python]
b6c1f6c6568c: Pushed 
0c70e341e949: Pushed 
d3f4638c4576: Pushed 
1ea4f6a807ba: Pushed 
fda4dc055a55: Pushed 
e8fc09a140cf: Pushed 
cdb3f9544e4c: Pushed 
latest: digest: sha256:8c4d21d7124ecdf3751aa3df52d40f213154cb439465f023f19b2e71ddf89d46 size: 1787

registry使用的是v2版本，從而和v1的api接口不同，默認存儲路徑爲：

[root@localhost dockerfile]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                    NAMES
94cd1c5420cd        registry            "/entrypoint.sh /etc…"   About a minute ago   Up About a minute   0.0.0.0:5000->5000/tcp   dreamy_sinoussi
[root@localhost dockerfile]# docker exec -it 94cd1c5420cd   sh 
/ # ls /var/lib/registry/docker/registry/v2/repositories/python/
_layers     _manifests  _uploads
/ # ls -l /var/lib/registry/docker/registry/v2/repositories/python/
total 0
drwxr-xr-x    3 root     root            20 Aug  2 03:20 _layers
drwxr-xr-x    4 root     root            35 Aug  2 03:20 _manifests
drwxr-xr-x    2 root     root             6 Aug  2 03:20 _uploads

這個也就是剛剛上傳的鏡像文件，使用curl能夠來進行檢查查看（api文檔路徑https://docs.docker.com/registry/spec/api/）：

[root@localhost dockerfile]# curl http://192.168.10.138:5000/v2
<a href="/v2/">Moved Permanently</a>.
[root@localhost dockerfile]# curl http://192.168.10.138:5000/v2/python/tags/list
{"name":"python","tags":["latest"]}

看以上的ip地址問本宿主機的ip地址， 查看本地的監聽端口和容器的監聽端口：

[root@localhost dockerfile]# netstat -ntlp | grep docker
tcp        0      0 192.168.10.138:10010    0.0.0.0:*               LISTEN      12330/docker-contai 
tcp6       0      0 :::5000                 :::*                    LISTEN      12738/docker-proxy  
[root@localhost dockerfile]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
94cd1c5420cd        registry            "/entrypoint.sh /etc…"   2 hours ago         Up 2 hours          0.0.0.0:5000->5000/tcp   dreamy_sinoussi
[root@localhost dockerfile]# docker exec -it 94cd1c5420cd sh
/ # netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 :::5000                 :::*                    LISTEN      1/registry
/ # ps -ef 
PID   USER     TIME   COMMAND
    1 root       0:02 registry serve /etc/docker/registry/config.yml
   44 root       0:00 sh
   63 root       0:00 sh
   71 root       0:00 ps -ef
/ #

docker的地址也能夠直接訪問

[root@localhost dockerfile]# docker exec -it 94cd1c5420cd  sh
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02  
          inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4660 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3712 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:48628007 (46.3 MiB)  TX bytes:264393 (258.1 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # exit
[root@localhost dockerfile]# curl http://172.17.0.2:5000/v2/python/tags/list
{"name":"python","tags":["latest"]}

建立容器

[root@localhost ~]# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
192.168.10.138:5000/python   latest              a5195d8da32f        4 hours ago         132MB
kel/python                   latest              a5195d8da32f        4 hours ago         132MB
<none>                       <none>              b23c1ee6391c        19 hours ago        120MB
python                       2.7-slim            40792d8a2d6d        31 hours ago        120MB
registry                     latest              b2b03e9146e1        3 weeks ago         33.3MB
[root@localhost ~]# docker run -itd -p 80:80  kel/python                   
cb49a91fc1af36d1231522d5655b1575f22707b488be991c603fc27be3b1ee9c

參考 https://mp.weixin.qq.com/s/Gr6YF6SzOP0hVacb4u0IBA