Docker 私有仓库 --docker-registry
禄光霁
Docker 私有仓库 --docker-registry
一、私有仓库 --docker-registry 介绍
有时候使用 Docker Hub 这样的公共仓库可能不方便,用户可以创建一个本地仓库供私人使用。
本节介绍如何使用本地仓库。
docker-registry是官方提供的工具,可以用于构建私有的镜像仓库。docker-registry 目前有两个版本 v1.x 和 v2.x,其中v1.x 在功能上面存在缺陷。本文内容基于 docker-registry v2.x版本。
1.1 docker-registry 安装方式
- yum等包管理器 安装
- docker 容器化安装
- 二进制安装
二、yum 安装docker-registry
2.1 rpm 包概要
[root@hw-tester-11-90 ~]# yum search docker
.......
docker-distribution.x86_64 : Docker toolset to pack, ship, store, and deliver content
docker-registry.x86_64 : Registry server for Docker
.......
[root@hw-tester-11-90 ~]# yum info docker-distribution
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: ftp.sjtu.edu.cn
可安装的软件包
名称 :docker-distribution
架构 :x86_64
版本 :2.6.2
发布 :2.git48294d9.el7
大小 :3.5 M
源 :extras/7/x86_64
简介 : Docker toolset to pack, ship, store, and deliver content
网址 :https://github.com/docker/distribution
协议 : ASL 2.0
描述 : Docker toolset to pack, ship, store, and deliver content
[root@hw-tester-11-90 ~]# yum info docker-registry
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: ftp.sjtu.edu.cn
^H可安装的软件包
名称 :docker-registry
架构 :x86_64
版本 :0.9.1
发布 :7.el7
大小 :123 k
源 :extras/7/x86_64
简介 : Registry server for Docker
网址 :https://github.com/docker/docker-registry
协议 : ASL 2.0
描述 : Registry server for Docker (hosting/delivering of repositories and images).
2.2 docker-registry 安装
[root@hw-tester-11-90 ~]# yum install docker-distribution -y
2.3 查看安装内容
[root@hw-tester-11-90 ~]# rpm -ql docker-distribution
/etc/docker-distribution/registry/config.yml
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry
2.4 配置文件
[root@hw-tester-11-90 ~]# cat /etc/docker-distribution/registry/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
仓库的端口默认为: 5000
docker镜像的存储位置:/var/lib/registry
2.5 服务启动
2.5.1 启动服务 systemctl start docker-distribution.service
[root@hw-tester-11-90 ~]# systemctl start docker-distribution.service
[root@hw-tester-11-90 ~]# systemctl status docker-distribution.service
● docker-distribution.service - v2 Registry server for Docker
Loaded: loaded (/usr/lib/systemd/system/docker-distribution.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2019-04-11 11:10:22 CST; 4s ago
Main PID: 39084 (registry)
CGroup: /system.slice/docker-distribution.service
└─39084 /usr/bin/registry serve /etc/docker-distribution/registry/config.yml
4月 11 11:10:22 hw-tester-11-90.7dtest.cn systemd[1]: Started v2 Registry server for Docker.
4月 11 11:10:22 hw-tester-11-90.7dtest.cn systemd[1]: Starting v2 Registry server for Docker...
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a sha...
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="redis not configured" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown"
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="Starting upload purge in 6m0s" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown"
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="using inmemory blob descriptor cache" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown"
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="listening on [::]:5000" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown"
Hint: Some lines were ellipsized, use -l to show in full.
2.5.2 设置开机自启
[root@hw-tester-11-90 ~]# systemctl enable docker-distribution.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker-distribution.service to /usr/lib/systemd/system/docker-distribution.service.
2.5.3 查看启动端口
[root@hw-tester-11-90 ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:40180 0.0.0.0:* LISTEN 33873/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 979/sshd
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 1000/zabbix_agentd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1305/mysqld
tcp6 0 0 :::22 :::* LISTEN 979/sshd
tcp6 0 0 :::10050 :::* LISTEN 1000/zabbix_agentd
tcp6 0 0 :::5000 :::* LISTEN 39084/registry
三、docker 运行 docker-registry
你可以通过获取官方 registry 镜像来运行。
[root@k8s-node01-11-168 ~]# docker search registry
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
registry The Docker Registry 2.0 implementation for s… 2509 [OK]
konradkleine/docker-registry-frontend Browse and modify your Docker registry in a … 221 [OK]
hyper/docker-registry-web Web UI, authentication service and event rec… 164 [OK]
atcol/docker-registry-ui A web UI for easy private/local Docker Regis… 114 [OK]
distribution/registry WARNING: NOT the registry official image!!! … 57 [OK]
marvambass/nginx-registry-proxy Docker Registry Reverse Proxy with Basic Aut… 44 [OK]
jhipster/jhipster-registry JHipster Registry, based on Netflix Eureka a… 43 [OK]
google/docker-registry Docker Registry w/ Google Cloud Storage driv… 38
confluentinc/cp-schema-registry Official Confluent Docker Images for Schema … 33
joxit/docker-registry-ui Docker registry v2 web User Interface 24 [OK]
klausmeyer/docker-registry-browser Web Interface for the Docker Registry HTTP A… 18 [OK]
openshift/origin-docker-registry The integrated OpenShift V3 registry 13
deis/registry Docker image registry for the Deis open sour… 12
landoop/schema-registry-ui UI for Confluent's Schema Registry 7 [OK]
parabuzzle/docker-registry-ui Docker registry frontend for registry v2 6
quiq/docker-registry-ui Docker Registry UI 6
anoxis/registry-cli You can list and delete tags from your priva… 6 [OK]
elasticio/docker-registry-ecs Docker image to run Docker private registry … 4 [OK]
allingeek/registry A specialization of registry:2 configured fo… 4 [OK]
yammer/docker-registry-cache Simple docker registry cache using squid-pro… 1 [OK]
webhippie/registry Docker images for Docker Registry 1 [OK]
aibaars/docker-registry2-gcs Docker Registry2 w/ Google Cloud Storage dri… 1
metadata/registry Metadata Registry is a tool which helps you … 1 [OK]
convox/registry 0
lorieri/registry-ceph Ceph Rados Gateway (and any other S3 compati… 0
3.1 获取镜像 [官方镜像]
[root@k8s-node01-11-168 ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:3b00e5438ebd8835bcfa7bf5246445a6b57b9a50473e89c02ecc8e575be3ebb5
Status: Downloaded newer image for registry:latest
[root@k8s-node01-11-168 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest f32a97de94e1 4 weeks ago 25.8MB
3.2 运行镜像
docker run -d -p 5000:5000 --restart=always --name registry registry
registry 仓库将镜像保存在/var/lib/registry中,为了保证镜像数据的安全性,我们使用数据卷的方式持久保存。
docker run -d
-p 5000:5000
-v /opt/data/registry:/var/lib/registry
registry
[root@k8s-node01-11-168 ~]# docker run -d \
> -p 5000:5000 \
> -v /opt/data/registry:/var/lib/registry \
> registry
bab6d21e0722ed6253edf7c8c751b5dcfc6e23d1f6b9bcb5b331af49b0b4f853
[root@k8s-node01-11-168 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bab6d21e0722 registry "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp eloquent_raman
[root@k8s-node01-11-168 ~]# netstat -tanlp |grep 5000
tcp6 0 0 :::5000 :::* LISTEN 74265/docker-proxy
四、docker私有仓库 docker-registry 的使用
docker 私有仓库和gitlab 一样是一个私有的仓库由于存储docker的image进行使用的。和数据库一样,对于仓库来讲我们操作的方式一般为:增删改查,已经是推送新增镜像,删除镜像,修改镜像(版本),查询镜像。下面我们将我们本地的一个image镜像推送到私有仓库
4.1 准备一个镜像或容器
[root@hw-apptest01-11-172 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
jdk1.8testbug4 latest 67d7ce25869d 3 weeks ago 867MB
。。。。。。
4.2 配置镜像tag标签
docker tag 本地镜像仓库:本地镜像标签 远程仓库名:远程镜像标签
[root@hw-apptest01-11-172 ~]# docker push 10.40.11.90:5000/jdk1.8testbug4
The push refers to repository [10.40.11.90:5000/jdk1.8testbug4]
An image does not exist locally with the tag: 10.40.11.90:5000/jdk1.8testbug4
[root@hw-apptest01-11-172 ~]# docker tag jdk1.8testbug4 10.40.11.90:5000/jdk1.8testbug4
[root@hw-apptest01-11-172 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
10.40.11.90:5000/jdk1.8testbug4 latest 67d7ce25869d 3 weeks ago 867MB
jdk1.8testbug4 latest 67d7ce25869d 3 weeks ago 867MB
4.3 将镜像推送到私有仓库
[root@hw-apptest01-11-172 ~]# docker push 10.40.11.90:5000/jdk1.8testbug4
The push refers to repository [10.40.11.90:5000/jdk1.8testbug4]
Get https://10.40.11.90:5000/v2/: http: server gave HTTP response to HTTPS client
push 报错,原来docker 从docker 仓库中推送或获取镜像都是默认走https协议的。解决方案:
- 方案一: ssl证书 可以用nginx反向代理过去,或使用私有仓库的高级用法
- 方案二: 修改docker配置文件,关闭证书 “insecure-registries”: [“10.40.11.90:5000”]
4.3.1 修改docker配置文件,忽略私有镜像证书较验
[root@hw-apptest01-11-172 ~]# vim /etc/docker/daemon.json
[root@hw-apptest01-11-172 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["10.40.11.90:5000"]
}
[root@hw-apptest01-11-172 ~]# systemctl reload docker
注意,修改完docker配置后需要reload,一定要注意 restart会导致所有正在运行的容器关闭。
4.3.2 push 镜像
[root@hw-apptest01-11-172 ~]# docker push 10.40.11.90:5000/jdk1.8testbug4
The push refers to repository [10.40.11.90:5000/jdk1.8testbug4]
028f3402bc33: Pushed
29efa81e94c5: Pushed
0efdc57e9299: Pushed
f20d820fa2b7: Pushed
bb0bedfed055: Pushed
071d8bd76517: Pushed
latest: digest: sha256:c2ffafa1cbc86f614d0055b5d8fb0511d01a9c48d6520e1a6cfd56bcb25cfbd8 size: 1587
4.4 私有仓库中查询镜像
刚刚我们上传了一个镜像,下面我们查看下进行。docker-registry v2.x 开始提供了api接口可以进行镜像的查询操作。
[root@k8s-node01-11-168 ~]# curl http://10.40.11.90:5000/v2/_catalog
{"repositories":["jdk1.8testbug4"]}
4.5 获取镜像
docker pull 镜像地址/镜像名称/版本
[root@k8s-node01-11-168 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@k8s-node01-11-168 ~]# docker pull 10.40.11.90:5000/jdk1.8testbug4
Using default tag: latest
Error response from daemon: Get https://10.40.11.90:5000/v2/: http: server gave HTTP response to HTTPS client
# docker 的push 和pull操作都需要https协议,直接忽略该私有仓库证书校验
[root@k8s-node01-11-168 ~]# vim /etc/docker/daemon.json
[root@k8s-node01-11-168 ~]# systemctl reload docker
[root@k8s-node01-11-168 ~]# docker pull 10.40.11.90:5000/jdk1.8testbug4
Using default tag: latest
latest: Pulling from jdk1.8testbug4
a02a4930cb5d: Pull complete
915783117a15: Pull complete
8674a53df34b: Pull complete
12f89fef257c: Pull complete
c41934a5be2d: Pull complete
2520b3c70a8a: Pull complete
Digest: sha256:c2ffafa1cbc86f614d0055b5d8fb0511d01a9c48d6520e1a6cfd56bcb25cfbd8
Status: Downloaded newer image for 10.40.11.90:5000/jdk1.8testbug4:latest
[root@k8s-node01-11-168 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
10.40.11.90:5000/jdk1.8testbug4 latest 67d7ce25869d 3 weeks ago 867MB
镜像获取成功,下面我们进行运行镜像测试
4.6运行镜像
[root@k8s-node01-11-168 ~]# docker run -it -d --name jdk1.8-test 10.40.11.90:5000/jdk1.8testbug4
703c257f4ff2110402fbe159c4026195175e8963cd9646a22927cac482b3508d
[root@k8s-node01-11-168 ~]#
[root@k8s-node01-11-168 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
703c257f4ff2 10.40.11.90:5000/jdk1.8testbug4 "sh -c /bin/whole51/…" 8 seconds ago Up 7 seconds jdk1.8-test
[root@k8s-node01-11-168 ~]# docker exec -it jdk1.8-test /bin/bash
[admin@703c257f4ff2 sz-app-loanrepay-rpc]$
[admin@703c257f4ff2 sz-app-loanrepay-rpc]$ jps
35 jar
103 Jps
[admin@703c257f4ff2 sz-app-loanrepay-rpc]$ ps -ef |grep java
admin 1 0 0 06:11 pts/0 00:00:00 /bin/bash /bin/whole51/java-start.sh
admin 33 1 0 06:11 pts/0 00:00:00 /bin/bash /bin/whole51/java-service loanrepay-rpc start dev
admin 35 33 9 06:11 pts/0 00:00:13 /usr/local/jdk1.8.0_144/bin/java -server -Denv=dev -Ddubbo.registry.file=.dubbo/dubbo-registry-zookeeper1.dafy.com.cache -XX:+UseG1GC -Xms128m -Xmx128m -Dsun.net.inetaddr.ttl=600 -XX:MaxMetaspaceSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=heap_dump_2019-04-11_06-11-05.hprof -Xloggc:/data/logs/loanrepay-rpc/2019-04-11_06-11-05.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:-PrintTenuringDistribution -XX:+PrintGCCause -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=20m -Dfile.encoding=UTF-8 -jar loanrepay-rpc-bootstrap-1.1.0-SNAPSHOT.jar
admin 116 85 0 06:13 pts/1 00:00:00 grep --color=auto java
五、总结
docker 是一种容器技术,docker 服务是一种容器引擎可以运行容器。而容器的运行需要通过镜像为模板来创建容器,存储镜像的仓库叫做镜像仓库。和git一样有共有仓库平台 和 私有仓库平台。docker-registry 就是docker 官方提供的私有镜像平台,在不断迭代中目前的版本为v2.x,可以满足基础仓库操作的需要,但依然不是很方便。后面的章节中我们会介绍其他的几款开源的仓库。
六、附: 镜像 — 仓库相关命令
Docker可以像GitHub/gitlab一样进行Push和Pull操作并且十分简单
1.在Docker Hub/阿里云等平台 上注册一个账号,然后创建一个远程仓库
Docker Hub地址: https://hub.docker.com/
2.首先将本地容器打包成本地镜像
docker commit 容器名 镜像仓库:镜像标签
然后只要使用docker images可以查看到你打包到本地镜像就可以了
3.将本地容器打包到远程仓库
docker tag 本地镜像仓库:本地镜像标签 远程仓库名:远程镜像标签
4.push到远程仓库
docker login
docker push 远程仓库名:远程镜像标签
注意 : 这里的远程镜像标签是自己定义的名称,即在Docker Hub上看到的标签名
push之前要先登录
5.从远程pull到本地
总体而言docker镜像push到仓库是需要两个大步骤:
- tag 标签
- push 仓库
PS:
公有仓库需要 账号登录,push 和 pull 默认都是ssl,私有仓库要加ssl证书或修改docker配置,允许非ssl
类似资料: