參考:https://yeasy.gitbooks.io/docker_practice/content/repository/registry.html
運行私有倉庫
直接用docker的方式運行registry鏡像省了搭建步驟
$ docker run -d \
-p 5000:5000 \
-v /opt/data/registry:/var/lib/registry \
registry
TIPS:
數據目錄和庫文件目錄可以自己設置,甚至可以給私有倉庫取名字,如下:
$ docker run -d -p 5000:5000 --privileged=true -v /home/.registry/data:/home/.registry/lib --restart=always --name pirvi_registry registry
指定了名字之后,如果想重啟,可以使用命令:
$ docker restart pirvi_registry
如果是執行run的話相當於啟動了一個新的容器,容器ID就會變,如果還是使用剛才的參數並且--name相同,那么會報如下錯誤:
docker: Error response from daemon: Conflict. The container name "/pirvi_registry" is already in use by container "194a22f33b1af366f036cc7691a1d1d918e55150bbc170e8e8fd171e52f0f273". You have to remove (or rename) that container to be able to reuse that name.
因此如果要重新啟動容器請使用docker restart [name]命令。
上傳
把鏡像放入私有倉庫
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu latest ba5877dc9bec 6 weeks ago 192.7 MB
$ docker tag ubuntu:latest 127.0.0.1:5000/ubuntu:latest
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu latest ba5877dc9bec 6 weeks ago 192.7 MB
127.0.0.1:5000/ubuntu:latest latest ba5877dc9bec 6 weeks ago 192.7 MB
驗證
$ docker image rm 127.0.0.1:5000/ubuntu:latest
$ docker pull 127.0.0.1:5000/ubuntu:latest
Pulling repository 127.0.0.1:5000/ubuntu:latest
ba5877dc9bec: Download complete
511136ea3c5a: Download complete
9bad880da3d2: Download complete
25f11f5fb0cb: Download complete
ebc34468f71d: Download complete
2318d26665ef: Download complete
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
127.0.0.1:5000/ubuntu:latest latest ba5877dc9bec 6 weeks ago 192.7 MB
查看
查看私有倉庫中的鏡像
$ curl 127.0.0.1:5000/v2/_catalog
{"repositories":["ubuntu","nginx"]}
查看具體的某個鏡像的版本
[root@kub2 ~]# curl 127.0.0.1:5000/v2/nginx/tags/list
{"name":"nginx","tags":["1.7.9"]}
有人寫了現成的腳本:查看倉庫鏡像腳本
查看某個鏡像的sha256值:
curl -v --silent "127.0.0.1:5000/v2/nginx/manifests/1.7.9" 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}'
刪除私有倉庫的鏡像
$ curl -I -X DELETE http://127.0.0.1:5000/v2/fbgweb/manifests/sha256:6a67ba482a8dd4f8143ac96b1dcffa5e45af95b8d3e37aeba72401a5afd7ab8e
TIPS:
這里需要注意:
1 這里的刪除鏡像只是刪除了一些元數據,需要執行下面的垃圾回收才能真正地從硬盤上刪除鏡像數據。
2 因為缺省Docker private registry不允許刪除鏡像,如果遇到“405 Unsupported” 錯誤,需要在運行registry容器時設置REGISTRY_STORAGE_DELETE_ENABLED環境變量或參數為true。
錯誤信息如下:
HTTP/1.1 405 Method Not Allowed
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Wed, 28 Aug 2019 07:31:34 GMT
Content-Length: 78
docker-compose.yaml 例子:
environment:
REGISTRY_STORAGE_DELETE_ENABLED: "true"
docker run 例子:
-e REGISTRY_STORAGE_DELETE_ENABLED="true"
另外, 要刪除的鏡像的sha256也可以從docker pull該鏡像之后的打印中獲得:
$ docker push 127.0.0.1:5000/radial/busyboxplus:curl
The push refers to repository [127.0.0.1:5000/radial/busyboxplus]
5f70bf18a086: Mounted from nginx
430380561a4f: Pushed
165264a81ac2: Pushed
curl: digest: sha256:ef538eae80f40015736f1ee308d74b4f38f74e978c65522ce64abdf8c8c5e0d6 size: 1765
垃圾回收
查看私有倉庫的容器
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
194a22f33b1a registry "/entrypoint.sh /etc…" 4 days ago Up 4 days 0.0.0.0:5000->5000/tcp pirvi_registry
用tty登錄到容器
$ docker exec -it 194a22f33b1a /bin/sh
執行垃圾回收命令
~ # registry garbage-collect /etc/docker/registry/config.yml
31 blobs marked, 5 blobs eligible for deletion
blob eligible for deletion: sha256:5e7cf06c8745d0985f94191c60aad8b87371c8a674162525bff0efccdb805931
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/5e/5e7cf06c8745d0985f94191c60aad8b87371c8a674162525bff0efccdb805931 go.version=go1.7.6 instance.id=c38f4c35-9914-4b77-a59f-ea584137fae0
...
問題排查
- push到127.0.0.1:500/XXX沒有問題,但是別的服務器push到私服報錯:“The push refers to repository [192.168.15.175:5000/centos]
Get https://192.168.15.175:5000/v2/: http: server gave HTTP response to HTTPS client”
解決辦法:
在/etc/docker/daemon.json文件中添加" "insecure-registries": ["192.168.15.175:5000"]"一句
{
......
"insecure-registries": ["192.168.15.175:5000"],
......
}
然后重啟docker
$ systemctl restart docker.service