Docker4-docker私庫的搭建及經常使用方法-docker-registry方式

時間  2019-11-16
標籤 docker4 docker 搭建 經常 使用方法 registry 方式 欄目 Docker 简体版
原文   原文鏈接

1、簡單介紹

  前面已經介紹,可使用Docker Hub公共倉庫,可是大多數狀況企業都須要建立一個本地倉庫供本身使用。這裏介紹幾種搭建私庫的方法html

  私庫的好處有幾點linux

    一、節約帶寬nginx

    二、能夠本身定製系統git

    三、更加安全web

2、我知道的幾種方法

  一、利用官方提供的工具docker-registry來配置私庫

    官方提供的鏡像,注意這個工具是個鏡像,直接下載並使用registry鏡像啓動docker實例就能夠了docker

  二、利用Harbor-Registry,來搭建私庫

    Harbor是一個用於存儲Docker鏡像的企業級Registry服務centos

    

3、經過官方docker-registry來配置私庫

  一、環境

    docker私庫地址:192.168.216.51  web1安全

    docker服務器地址:192.168.216.52  web2,此節點使用私庫服務器來pull/push鏡像服務器

  二、拓撲

    

    備註:這裏docker hub 就是私庫架構

       docker engine :前面原理篇有介紹 ,是docker架構中的運行引擎,同時也Docker運行的核心模塊。它扮演Docker container存儲倉庫的角色,而且經過執行job的方式來操縱管理這些容器。

  三、安裝docker私有倉庫

    1)首先安裝

      方式1

        也能夠下載rpm包安裝

          rpm包地址:https://download.docker.com/linux/centos/7/x86_64/stable/Packages/

            這裏下載的是docker-ce-cli-19.03.2-3.el7.x86_64.rpm

        爲了解決依賴,配置本地源

          

[root@web2 yum.repos.d]# mv Centos-7.repo ./backup/
[root@web2 yum.repos.d]# ll 
total 16
drwxr-xr-x. 2 root root   27 Sep 23 14:56 backup
drwxr-xr-x. 2 root root    6 Sep 23 14:32 bakcup
-rw-r--r--. 1 root root   65 Sep 23 14:53 docker-rpm.repo
-rw-r--r--. 1 root root  664 Sep 23 12:54 epel-7.repo
-rw-r--r--. 1 root root  951 Sep 23 12:54 epel.repo
-rw-r--r--. 1 root root 1050 Sep 23 12:54 epel-testing.repo
[root@web2 yum.repos.d]# cd /root/docker-rpm/
[root@web2 docker-rpm]# createrepo ./

       yum install docker-ce  -y

          

      方式2

        配置阿里源,epel源裏面我這裏沒有docker,因此配置阿里源的docker源

        阿里源地址:https://mirrors.aliyun.com/docker-ce/linux/centos/

[root@web2 yum.repos.d]# cat docker-ce.repo 
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-edge]
name=Docker CE Edge - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[root@web2 yum.repos.d]#
View Code

        yum install dockre-ce -y

        

    2)開啓防火牆

      systemctl start firewalld.service

 

    3)開啓私有倉庫服務端

        systemctl start docker

      systemctl enable docker

    確保兩臺幾點都安裝了docker,並啓動

  四、私有倉庫服務器拉取或load  registry

    方法一、直接拉取

      

[root@web1 yum.repos.d]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ... 
latest: Pulling from docker.io/library/registry
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Image is up to date for docker.io/registry:latest
[root@web1 yum.repos.d]# docker images
REPOSITORY                          TAG                 IMAGE ID            CREATED             SIZE
zxg/nginx1                          latest              3babdf3c6c6d        2 weeks ago         546 MB
zxg/centos_nginx                    v1                  7c6604cacec1        4 weeks ago         698 MB
docker.io/atlassian/jira-software   latest              c4b90dede4f3        5 weeks ago         624 MB
zxg/my_nginx                        v1                  b164f4c07c64        8 weeks ago         126 MB
zxg/my_nginx                        latest              f07837869dfc        8 weeks ago         126 MB
docker.io/nginx                     latest              e445ab08b2be        2 months ago        126 MB
docker.io/alpine                    latest              b7b28af77ffe        2 months ago        5.58 MB
docker.io/centos                    latest              9f38484d220f        6 months ago        202 MB
docker.io/registry                  latest              f32a97de94e1        6 months ago        25.8 MB
[root@web1 yum.repos.d]#

    方法二、下載registry.tar包,而後導入便可、

      docker load -i registry.tar

   五、私庫服務器隨便拉取一個鏡像,而且打好標籤

docker pull busybox
docker tag docker.io/busybox:latest 192.168.216.51:5000/busybox:latest

     打好標籤就是下面標紅的行

[root@web1 ~]# docker images
REPOSITORY                          TAG                 IMAGE ID            CREATED             SIZE
zxg/nginx1                          latest              3babdf3c6c6d        2 weeks ago         546 MB
192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago         1.22 MB
busybox                             v1                  19485c79a9bb        3 weeks ago         1.22 MB
docker.io/busybox                   latest              19485c79a9bb        3 weeks ago         1.22 MB
zxg/centos_nginx                    v1                  7c6604cacec1        4 weeks ago         698 MB

 

  

  六、修改配置文件,指定私庫url

    須要安裝docker-common,檢查一下有沒有安裝

[root@web1 yum.repos.d]# rpm -qf /etc/sysconfig/docker
docker-common-1.13.1-96.gitb2f74b2.el7.centos.x86_64
[root@web1 yum.repos.d]#

    配置文件添加--insecure-registry 192.168.216.51:5000

[root@web1 yum.repos.d]# cat /etc/sysconfig/docker
# /etc/sysconfig/docker
#
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000'
if [ -z "${DOCKER_CERT_PATH}" ]; then
    DOCKER_CERT_PATH=/etc/dockerd
fi

  七、重啓docker

    

[root@web1 yum.repos.d]# systemctl restart docker

  八、啓動私有倉庫,使用registry鏡像運行一個docker就能夠了

[root@web1 yum.repos.d]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry
###-v 指定本地持久路徑

27d56aa54e167c26c76e25136b247072883aa29dde247f20c45f97fafedb650b
[root@web1 yum.repos.d]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                    NAMES
27d56aa54e16        registry            "/entrypoint.sh /e..."   About a minute ago   Up 58 seconds       0.0.0.0:5000->5000/tcp   frosty_ptolemy
[root@web1 yum.repos.d]# netstat -antlop |grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      27767/docker-proxy-  off (0.00/0/0)
[root@web1 yum.repos.d]# netstat -antup |grep 5000   
tcp6       0      0 :::5000                 :::*                    LISTEN      27767/docker-proxy- 
[root@web1 yum.repos.d]# 
[root@web1 yum.repos.d]# ls /opt/registry
###目錄已經自動建立

  九、本機上傳鏡像,成功後使用tree查看

docker push 192.168.216.51:5000/busybox
[root@web1 ~]#  tree /opt/registry/docker/registry/
/opt/registry/docker/registry/
└── v2
    ├── blobs
    │   └── sha256
    │       ├── 19
    │       │   └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
    │       │       └── data
    │       ├── 7c
    │       │   └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
    │       │       └── data
    │       └── dd
    │           └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
    │               └── data
    └── repositories
        └── busybox
            ├── _layers
            │   └── sha256
            │       ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
            │       │   └── link
            │       └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
            │           └── link
            ├── _manifests
            │   ├── revisions
            │   │   └── sha256
            │   │       └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
            │   │           └── link
            │   └── tags
            │       └── latest
            │           ├── current
            │           │   └── link
            │           └── index
            │               └── sha256
            │                   └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
            │                       └── link
            └── _uploads

26 directories, 8 files
[root@web1 ~]#

  十、使用52節點下載busybox鏡像

    我這裏已經裝好docker,就不演示怎麼安裝docker,這裏都是按照以前原理篇的安裝方式,請見以下連接:

      安裝docker請參考:Docker1 架構原理及簡單使用

  

###修改配置文件添加"--insecure-registry不安全的註冊"
[root@web2 ~]# cat /etc/sysconfig/docker |grep 5000
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000' ###拉取鏡像
[root@web2 ~]# docker pull 192.168.216.51:5000/busybox
Using default tag: latest
Trying to pull repository 192.168.216.51:5000/busybox ... 
latest: Pulling from 192.168.216.51:5000/busybox
7c9d20b9b6cd: Pull complete 
Digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
Status: Downloaded newer image for 192.168.216.51:5000/busybox:latest
###查看鏡像
[root@web2 ~]# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
192.168.216.51:5000/busybox   latest              19485c79a9bb        3 weeks ago         1.22 MB
###運行實例-成功

[root@web2 ~]# docker run 192.168.216.51:5000/busybox echo "1111"
1111
[root@web2 ~]#

###建立鏡像連接並命名
[root@web2 ~]# docker tag 192.168.216.51:5000/busybox busybox:v1
###刪除鏡像
[root@web2 ~]# docker rmi 192.168.216.51:5000/busybox

  [root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox v1 19485c79a9bb 3 weeks ago 1.22 MB


###運行新的實例

  

[root@web2 ~]# docker run busybox:v1 echo 222
222

  到這裏已經完成了私庫搭建方方法,不過應該在上傳一個新版本測試:

[root@web2 ~]# docker tag busybox:v1 192.168.216.51:5000/busybox:v1
[root@web2 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@web2 ~]# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
192.168.216.51:5000/busybox   v1                  19485c79a9bb        3 weeks ago         1.22 MB
busybox                       v1                  19485c79a9bb        3 weeks ago         1.22 MB
[root@web2 ~]# docker push 192.168.216.51:5000/busybox
The push refers to a repository [192.168.216.51:5000/busybox]
6c0ea40aef9d: Layer already exists 
v1: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527
[root@web2 ~]#

  十一、回到51節點測試查看有沒有新的版本上傳上來

    在51節點,上用tree命令查看,能夠看到v1版本

[root@web1 ~]# tree /opt/registry/docker/registry/
/opt/registry/docker/registry/
└── v2
    ├── blobs
    │   └── sha256
    │       ├── 19
    │       │   └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
    │       │       └── data
    │       ├── 7c
    │       │   └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
    │       │       └── data
    │       └── dd
    │           └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
    │               └── data
    └── repositories
        └── busybox
            ├── _layers
            │   └── sha256
            │       ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
            │       │   └── link
            │       └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
            │           └── link
            ├── _manifests
            │   ├── revisions
            │   │   └── sha256
            │   │       └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
            │   │           └── link
            │   └── tags
            │       ├── latest
            │       │   ├── current
            │       │   │   └── link
            │       │   └── index
            │       │       └── sha256
            │       │           └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
            │       │               └── link
          │   └── v1
            │           ├── current
            │           │   └── link
            │           └── index
            │               └── sha256
            │                   └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
            │                       └── link
            └── _uploads

 

4、總結你們私有倉庫的步驟

  配置前能夠先把防火牆及selinux所有關閉

  

    一、安裝docker

  二、修改配置文件兩臺節點同樣,有兩種方式:(注意!!!

    1)、添加參數到/etc/sysconfig/docker文件

    OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000'

    2)、還能夠把這行添加到啓動參數裏,/usr/lib/systemd/system/docker.service

    ExecStart=/usr/bin/dockerd-current --insecure-registry 192.168.216.51:5000

   注意:新版本已經沒有/etc/sysconfig/docker配置文件了,因此能夠統一放到啓動參數/usr/lib/systemd/system/docker.service

  三、拉取registry鏡像

  四、運行registry鏡像並映射5000端口

  五、打標籤上傳下載鏡像完成

 5、帶受權的registry

    注意:這裏是建立密碼認證,而不是證書的認證

  一、建立受權目錄

     mkdir /auth

  二、使用registry鏡像生成  htpasswd加密文件其中加密了密碼

    建立用戶名:zxg,密碼123456,並加密

docker run --entrypoint htpasswd registry -Bbn zxg 123456 >/auth/htpasswd

     能夠看到密碼123456已經加密了

[root@web1 auth]# cat htpasswd 
zxg:$2y$05$qCY7iWVJIoOrnIp17WQOf.fcXUTo5xm4DwP3a/8ggzZlEZ3bsnonm

    註釋:

        --entrypoint :是docker的一種指令,用於給出容器啓動後默認入口

  三、啓動帶參數的鏡像

[root@web1 /]# docker run -d -p 5000:5000 --restart=always --name registry1 \
> -v /opt/registry:/var/lib/registry
> -v /auth:/auth 
> -e "REGISTRY_AUTH=htpasswd" 
> -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" 
> -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd 
> registry
37f0ce01ea327e6cd62798e0df683d5d2a4317c3fd865c0f1e19b654f052fe66

  四、52節點建立busybox便籤v2上傳,先登錄,而後上傳

[root@web2 ~]# docker login 192.168.216.51:5000
Username: zxg
Password: 
Login Succeeded
[root@web2 ~]# docker tag busybox:v2 192.168.216.51:5000/busybox:v2
busybox                       v2                  19485c79a9bb        3 weeks ago         1.22 MB

[root@web2 ~]# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
192.168.216.51:5000/busybox   v1                  19485c79a9bb        3 weeks ago         1.22 MB
192.168.216.51:5000/busybox   v2                  19485c79a9bb        3 weeks ago         1.22 MB
busybox                       v1                  19485c79a9bb        3 weeks ago         1.22 MB
busybox                       v2                  19485c79a9bb        3 weeks ago         1.22 MB

[root@web2 ~]# docker  push 192.168.216.51:5000/busybox:v2
The push refers to a repository [192.168.216.51:5000/busybox]
6c0ea40aef9d: Pushed 
v2: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527
[root@web2 ~]#

   五、回到51上確認是否上傳成功

[root@web1 auth]# tree /opt/registry/docker/registry/v2/
/opt/registry/docker/registry/v2/
├── blobs
│   └── sha256
│       ├── 19
│       │   └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
│       │       └── data
│       ├── 7c
│       │   └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│       │       └── data
│       └── dd
│           └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│               └── data
└── repositories
    └── busybox
        ├── _layers
        │   └── sha256
        │       ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
        │       │   └── link
        │       └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
        │           └── link
        ├── _manifests
        │   ├── revisions
        │   │   └── sha256
        │   │       └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
        │   │           └── link
        │   └── tags
        │       ├── latest
        │       │   ├── current
        │       │   │   └── link
        │       │   └── index
        │       │       └── sha256
        │       │           └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
        │       │               └── link
        │       ├── v1
        │       │   ├── current
        │       │   │   └── link
        │       │   └── index
        │       │       └── sha256
        │       │           └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
        │       │               └── link
        │       └── v2
        │           ├── current
        │           │   └── link
        │           └── index
        │               └── sha256
        │                   └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
        │                       └── link
        └── _uploads

35 directories, 12 files

    能夠看到已經有v2版本,成功,下一篇將介紹Harbor-Registry的方式。

 

 

轉載請註明出處:http://www.javashuo.com/article/p-mszmrmez-cy.html 

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程