一般情况下我们需要一些容器,会直接去共有仓库上下载,如tomcat,httpd,sshd,centos,会很方便。但是如果想要把自己配置了开发环境java,php或python等容器保存起来,以便公司其他服务器的使用,避免每次去共有仓库上下载然后再重新配置。下面给大家讲一下如何搭建私有仓库registry。

运行docker私有仓库:
docker run -d -p 5000:5000 --restart=always  -v /opt/myregistry:/var/lib/registry  registry
(将宿主机的/opt/myregistry目录挂载到容器的默认数据库目录/var/lib/registry),默认本地没有registry镜像,会从共有仓库dockerhub上下载,当容器启动完成,私有仓库就可以使用。

[root@docker02 ~]# docker run -d -p 5000:5000 --restart=always -v /opt/myregistry:/var/lib/registry registry
e65d51213179430302a6dfc3a05840c848ae7cf1c3943b1488aeb3a5810fcf13
[root@docker02 opt]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
e65d51213179        registry            "/entrypoint.sh /etc…"   32 minutes ago      Up 32 minutes       0.0.0.0:5000->5000/tcp   vigorous_meitner
You have new mail in /var/spool/mail/root
[root@docker02 opt]# 


上传镜像到私有仓库:

  1. 给要上传的镜像打tag
    10.0.0.12:5000/tomcat:latest (手动给它打tag)
  2. 上传
    docker push 10.0.0.12:5000/tomcat:latest
  3. 报错解决方法:
    vi /etc/docker/daemon.json
    {
      "registry-mirrors": ["https://registry.docker-cn.com"],
      "insecure-registries": ["10.0.0.12:5000"]
    }
    systemctl restart docker

     

1.给要上传的镜像打tag(客户端docker01)
docker image tag tomcat:latest(老标签) 10.0.0.12:5000/tomcat:latest(上传到私有仓库的标签)

[root@docker01 ~]# docker image tag tomcat:latest 10.0.0.12:5000/tomcat:latest
[root@docker01 ~]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
kod                     v1                  0cb8570501c2        2 days ago          425MB
10.0.0.12:5000/tomcat   latest              238e6d7313e3        11 days ago         506MB
tomcat                  latest              238e6d7313e3        11 days ago         506MB
[root@docker01 ~]# 

这里出现了两个tomcat,但是image id是一样的,类似于硬链接,删除其中一个镜像,不影响另一个。
2.上传镜像(客户端docker01)

[root@docker01 ~]# docker push 10.0.0.12:5000/tomcat:latest
The push refers to repository [10.0.0.12:5000/tomcat]
Get https://10.0.0.12:5000/v2/: http: server gave HTTP response to HTTPS client
[root@docker01 ~]# 

第一次上传都会报Get https://10.0.0.12:5000/v2/: http: server gave HTTP response to HTTPS client这种错误,因为registry默认采用的是https协议,不信任http地址,因此需要将registry的服务地址添加到本机docker配置中。

[root@docker01 ~]# vim /etc/docker/daemon.json 

{
    "registry-mirrors": ["https://registry.docker-cn.com"],
    "insecure-registries": ["10.0.0.12:5000"]
}
[root@docker01 ~]# systemctl start docker
[root@docker01 ~]# docker push 10.0.0.12:5000/tomcat:latest
The push refers to repository [10.0.0.12:5000/tomcat]
89bcf97f31e7: Pushed 
23355e7a9129: Pushed 
abc4bbee3d1a: Pushed 
b575bb71cbb6: Pushed 
7955da51da82: Pushed 
c64652873162: Pushed 
a4e797bc3f15: Pushed 
392f356944ff: Pushed 
15210a41d4ee: Pushed 
e2a8a00a83b2: Pushed 
latest: digest: sha256:bace3e146f40bdc1ab0d781cefe51271fd61e532550b39e86d67ec710eafa45e size: 2422
[root@docker01 ~]# 

3.查看registry中的镜像数据(服务端docker02)

[root@docker02 v2]# cd /opt/myregistry/docker/registry/v2/repositories/
[root@docker02 repositories]# ll
total 0
drwxr-xr-x 5 root root 55 Jul 29 11:01 tomcat
[root@docker02 repositories]# 

4.查看镜像版本

[root@docker02 tomcat]# tree _manifests/tags/
_manifests/tags/
└── latest
    ├── current
    │   └── link
    └── index
        └── sha256
            └── bace3e146f40bdc1ab0d781cefe51271fd61e532550b39e86d67ec710eafa45e
                └── link

5 directories, 2 files
[root@docker02 tomcat]# 


默认情况下,私有仓库是没有用户认证的,所有用户都可以将镜像上传到私有仓库。因此我们还需要给私有云添加用户认证,保证私有云的安全。


创建带base认证的私有仓库:

  1. base认证密码文件准备
    yum install httpd-tools -y
    mkdir /opt/registry-var/auth/ -p
    htpasswd  -Bbn oldboy 123456  >> /opt/registry-var/auth/htpasswd
  2. 启动docker私有仓库
    docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/
    -v /opt/myregistry:/var/lib/registry
    -e "REGISTRY_AUTH=htpasswd"
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry 

1.创建base认证密码文件准备(服务端docker02)

[root@docker02 tomcat]# yum install httpd-tools -y 
Loaded plugins: fastestmirror
base                                                                                                            | 3.6 kB  00:00:00     
docker-ce-stable                                                                                                | 3.5 kB  00:00:00     
extras                                                                                                          | 3.4 kB  00:00:00     
updates                                                                                                         | 3.4 kB  00:00:00     
docker-ce-stable/x86_64/primary_db                                                                              |  32 kB  00:00:05     
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Package httpd-tools-2.4.6-89.el7.centos.x86_64 already installed and latest version
Nothing to do
[root@docker02 tomcat]# mkdir /opt/registry-var/auth/ -p 
[root@docker02 tomcat]# htpasswd -Bbn fxw 123456 >> /opt/registry-var/auth/htpasswd 
[root@docker02 tomcat]# cat /opt/registry-var/auth/htpasswd 
fxw:$2y$05$z5mtQQRHFJWR7WyvLMkOPuQajiwKJ4zPQjy8c74krB/sx/cCeE35O
[root@docker02 tomcat]# 

2.启动docker私有仓库(先删除上面已经创建的registry私有仓库)(服务端docker02)

[root@docker02 tomcat]# docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
e65d51213179        registry            "/entrypoint.sh /etc…"   About an hour ago   Up About an hour    0.0.0.0:5000->5000/tcp   vigorous_meitner
[root@docker02 tomcat]# docker kill vigorous_meitner 
vigorous_meitner
[root@docker02 tomcat]# docker rm vigorous_meitner 
vigorous_meitner
[root@docker02 tomcat]# docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry 
c6242a8c8f94951b01e6eac99a23c0fd519008045d4efa0e4c9796968f285b03
[root@docker02 tomcat]# 

3.从私有仓库下载镜像(客户端docker01)

[root@docker01 ~]# docker pull 10.0.0.12:5000/tomcat:latest
Error response from daemon: Get http://10.0.0.12:5000/v2/tomcat/manifests/latest: no basic auth credentials
[root@docker01 ~]# docker login 10.0.0.12:5000
Username: fxw
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@docker01 ~]# #认证登陆后,会在/root/.docker/config.json文件中保存用户和密码
[root@docker01 ~]# cat /root/.docker/config.json 
{
	"auths": {
		"10.0.0.12:5000": {
			"auth": "Znh3OjEyMzQ1Ng=="
		}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/18.09.8 (linux)"
	}
}
[root@docker01 ~]# docker pull 10.0.0.12:5000/tomcat:latest
latest: Pulling from tomcat
a4d8138d0f6b: Pull complete 
dbdc36973392: Pull complete 
f59d6d019dd5: Pull complete 
aaef3e026258: Pull complete 
5e86b04a4500: Pull complete 
1a6643a2873a: Pull complete 
2ad1e30fc17c: Pull complete 
16f4e6ee0ca6: Pull complete 
928f4d662d23: Pull complete 
b8d24294d525: Pull complete 
Digest: sha256:bace3e146f40bdc1ab0d781cefe51271fd61e532550b39e86d67ec710eafa45e
Status: Downloaded newer image for 10.0.0.12:5000/tomcat:latest
[root@docker01 ~]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
10.0.0.12:5000/tomcat   latest              238e6d7313e3        11 days ago         506MB
[root@docker01 ~]# 

关于docker私有仓库registry,查看镜像版本,删除镜像:可参考https://www.qstack.com.cn/archives/350.html

最后修改于 2019-07-29 09:57:43
如果觉得我的文章对你有用,请随意赞赏
扫一扫支付
上一篇