Docker自建倉庫之Docker Registry部署實戰
作者:尹正傑
版權聲明:原創作品,謝絕轉載!否則將追究法律責任。
本篇博客將介紹通過官方提供的docker registry 鏡像來簡單搭建一套本地私有倉庫環境,生產環境中很少有人使用docker registry,因為它沒有管理界面,這一點對於運維人員並不友好,而對於開發人員其實有沒有管理界面都無所謂。
一.Docker Registry概述
Docker Registry作為Docker的核心組件之一負責鏡像內容的存儲和分發,客戶端的docker pull以及push命令都將直接與registry進行交互。
最初版本的registry由python實現,由於設計初期在安全性,性能以及API的設計上有着諸多的缺陷,該版本在0.9之后停止了開發,由新的項目distribution(新docker register被稱為Distribution)來重新設計並開發下一代registry,新的項目由Golang開發。
所有的API,底層存儲方式,系統架構都進行了全方面的重新設計以解決上一代registry中存在的問題日,2016年4月份registry 2.0正式發布,docker 1.6版本開始支持registry 2.0,而八月份隨着docker 1.8發布,docker hub正式啟用2.1版本registry全面替代之前版本registry,新版registry對鏡像存儲格式進行了重新設計並和舊版本不兼容,docker 1.5和之前的版本無法讀取2.0的鏡像。
另外,Registry 2.4版本之后支持了回收站機制,也就是可以刪除鏡像了,在2.4版本之前是無法支持刪除鏡像的,所以如果你要使用最好是大於Registry 2.4版本的喲~
二.搭建單機倉庫
1>.下載Docker Registry鏡像
[root@docker101.yinzhengjie.org.cn ~]# docker image pull registry Using default tag: latest latest: Pulling from library/registry 486039affc0a: Pull complete ba51a3b098e6: Pull complete 8bb4c43d6c8e: Pull complete 6f5f453e5f2d: Pull complete 42bc10b72f42: Pull complete Digest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7 Status: Downloaded newer image for registry:latest docker.io/library/registry:latest [root@docker101.yinzhengjie.org.cn ~]#
2>.創建授權使用目錄
[root@docker101.yinzhengjie.org.cn ~]# mkdir -pv /yinzhengjie/data/docker/auth mkdir: created directory ‘/yinzhengjie/data’ mkdir: created directory ‘/yinzhengjie/data/docker’ mkdir: created directory ‘/yinzhengjie/data/docker/auth’ [root@docker101.yinzhengjie.org.cn ~]#
3>.創建創建用戶名和密碼
[root@docker101.yinzhengjie.org.cn ~]# cd /yinzhengjie/data/docker/ [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# ll total 0 drwxr-xr-x 2 root root 6 Jan 27 18:21 auth [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# docker run --entrypoint htpasswd registry -Bbn jason 2020 > auth/htpasswd [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# ll auth/ total 4 -rw-r--r-- 1 root root 68 Jan 27 18:21 htpasswd [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# cat auth/htpasswd jason:$2y$05$Gzol9U5vYUMe2kEaUEj03OA2bAKnhK3CnZJFOzv2ljAqrawW/db4e [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# [root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]#
4>.啟動docker registry
[root@docker101.yinzhengjie.org.cn ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::* [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker container ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker container run -d -p 6000:5000 --restart=always --name myRegistry01 -v /yinzhengjie/data/docker/auth/:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry b06b6468313a577d5b33f92e70f7e5843b0a5cdd1d0793eaa5bf96be9ffdf14d [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 20480 :::6000 :::* LISTEN 0 128 :::22 :::* [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker container ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b06b6468313a registry "/entrypoint.sh /etc…" 8 seconds ago Up 7 seconds 0.0.0.0:6000->5000/tcp myRegistry01 [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker container exec -it myRegistry01 sh / # / # netstat -untalp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 :::5000 :::* LISTEN 1/registry / # / # exit [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
5>.驗證端口和容器
6>.測試登錄倉庫
[root@docker101.yinzhengjie.org.cn ~]# vim /etc/docker/daemon.json [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker101.yinzhengjie.org.cn:6000"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker login docker101.yinzhengjie.org.cn:6000 Username: jason Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
[root@docker101.yinzhengjie.org.cn ~]# docker info Client: Debug Mode: false Server: Containers: 1 Running: 1 Paused: 0 Stopped: 0 Images: 27 Server Version: 19.03.5 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-957.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.84GiB Name: docker101.yinzhengjie.org.cn ID: ZPMZ:2YLN:PQIW:2CN4:GYX6:LAV5:4WMX:U2PH:GIDV:R363:TQI3:QP2O Docker Root Dir: /var/lib/docker Debug Mode: false Username: yinzhengjie2019 Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: docker101.yinzhengjie.org.cn:6000 127.0.0.0/8 Registry Mirrors: https://tuv7rqqq.mirror.aliyuncs.com/ Live Restore Enabled: false WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled [root@docker101.yinzhengjie.org.cn ~]#
7>.使用yum方式安裝Docker Registry服務
博主推薦閱讀: https://www.cnblogs.com/yinzhengjie/p/11706627.html
三.驗證Docker Registry
1>.在"docker101.yinzhengjie.org.cn"登陸后上傳鏡像
[root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 3 days ago 606MB registry latest 708bc6af7e5e 3 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 4 days ago 983MB tomcat-base 8.5.50 9ff79f369094 5 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 5 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 5 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB yinzhengjie2019/centos v0.1_centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB registry.cn-beijing.aliyuncs.com/yinzhengjie2020/centos v0.1_centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image tag centos-base:7.6.1810 docker101.yinzhengjie.org.cn:6000/jason/centos-base:v7.6.1810 [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 3 days ago 606MB registry latest 708bc6af7e5e 3 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 4 days ago 983MB tomcat-base 8.5.50 9ff79f369094 5 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 5 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 5 days ago 551MB docker101.yinzhengjie.org.cn:6000/jason/centos-base v7.6.1810 b4931fd9ace2 5 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB yinzhengjie2019/centos v0.1_centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB registry.cn-beijing.aliyuncs.com/yinzhengjie2020/centos v0.1_centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image push docker101.yinzhengjie.org.cn:6000/jason/centos-base:v7.6.1810 The push refers to repository [docker101.yinzhengjie.org.cn:6000/jason/centos-base] 0f448859d86e: Pushed 89169d87dbe2: Pushed v7.6.1810: digest: sha256:62c5a70f2846bd7f8ecd65785e379d0e00acf33ae899f0ec96754a3731b2d425 size: 742 [root@docker101.yinzhengjie.org.cn ~]#
2>.在"docker102.yinzhengjie.org.cn"登陸后下載鏡像
