Docker私有库搭建过程(Registry)

Docker私有库搭建过程(Registry)

Wed Aug 8, 2018

1000 Words|Read in about 2 Min
Tags: 容器   docker  

我们知道Docker官方提供了一个公有的registry服务–Docker Hub。但是在实际企业内部可能有些镜像不便放到公网上,所以Docker也提供了私有registry来让有需要的用户自己搭建私有仓库。本文就来简单介绍一下Docker Registry的搭建。

基础环境

[[email protected] ~]# uname -a
Linux web-helm-6 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[[email protected] ~]# docker version
Client:
 Version:         1.13.1
 API version:     1.26
 Package version: docker-1.13.1-68.gitdded712.el7.centos.x86_64
 Go version:      go1.9.4
 Git commit:      dded712/1.13.1
 Built:           Tue Jul 17 18:34:48 2018
 OS/Arch:         linux/amd64

Server:
 Version:         1.13.1
 API version:     1.26 (minimum version 1.12)
 Package version: docker-1.13.1-68.gitdded712.el7.centos.x86_64
 Go version:      go1.9.4
 Git commit:      dded712/1.13.1
 Built:           Tue Jul 17 18:34:48 2018
 OS/Arch:         linux/amd64
 Experimental:    false

下载Registry镜像

docker pull registry
[[email protected] ~]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ...
latest: Pulling from docker.io/library/registry
4064ffdc82fe: Pull complete
c12c92d1c5a2: Pull complete
4fbc9b6835cc: Pull complete
765973b0f65f: Pull complete
3968771a7c3a: Pull complete
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for docker.io/registry:latest
[[email protected] ~]# docker images
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
docker.io/registry             latest              b2b03e9146e1        4 weeks ago         33.3 MB

启动

mkdir -p /root/date/registry
docker run -d --name registry  -p 5000:5000  -v  /root/date/registry:/var/lib/registry  registry
[[email protected] ~]# mkdir -p /root/date/registry
[[email protected] ~]# docker run -d --name registry  -p 5000:5000  -v  /root/date/registry:/var/lib/registry  registry
9055fc8beb539a3911aa09994186aa4dfd5197a976e2920255d4f276aee8121a
  • -d 后台运行
  • –name 给服务命名
  • -p 指定端口
  • -v把registry的镜像路径/var/lib/registry映射到本机的/mnt/date/registry

检查端口正常启动,nice

[[email protected] ~]# netstat -anp | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      280998/docker-proxy

[[email protected] ~/date/registry]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
c79a57dadba8        registry            "/entrypoint.sh /e..."   3 seconds ago       Up 3 seconds        0.0.0.0:5000->5000/tcp   registry

修改docker配置文件

vim /etc/sysconfig/docker

在文件中加入下面信息

ADD_REGISTRY='--add-registry 10.77.0.130:5000'

INSECURE_REGISTRY='--insecure-registry 10.77.0.130:5000'
注意:上面的IP地址是Docker Registry的监听地址,需要替换成自己的

重启Docker和服务

[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# systemctl restart docker

上传镜像

[[email protected] ~]# docker pull busybox
Using default tag: latest
Trying to pull repository docker.io/library/busybox ...
latest: Pulling from docker.io/library/busybox
8c5a7da1afbc: Pull complete
Digest: sha256:cb63aa0641a885f54de20f61d152187419e8f6b159ed11a251a09d115fdff9bd
Status: Downloaded newer image for docker.io/busybox:latest

[[email protected] ~]# docker tag busybox  10.77.0.130:5000/busybox
[[email protected] ~]# docker images
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
10.77.0.130:5000/busybox       latest              e1ddd7948a1c        7 days ago          1.16 MB
docker.io/busybox              latest              e1ddd7948a1c        7 days ago          1.16 MB
docker.io/registry             latest              b2b03e9146e1        4 weeks ago         33.3 MB
注意:上面的IP地址是Docker Registry的监听地址,需要替换成自己的
[[email protected] ~/date/registry]# docker push 10.77.0.130:5000/busybox
The push refers to a repository [10.77.0.130:5000/busybox]
f9d9e4e6e2f0: Pushed
latest: digest: sha256:5e8e0509e829bb8f990249135a36e81a3ecbe94294e7a185cc14616e5fad96bd size: 527

测试服务

[[email protected] ~/date/registry]#  curl  10.77.0.130:5000/v2/_catalog
{"repositories":["busybox"]}

OK ! 非用户认证的到此为止! 如果需要账户认证的请继续:

注意: 下面是配置账户认证的registry服务,可以把之前配置的服务给stop、rm掉 docker stop registry; docker rm registry

设置账户密码

mkdir -p /root/date/registry/auth/
docker run --entrypoint htpasswd registry:latest -Bbn username passwd  >> /root/date/registry/auth/htpasswd

设置配置

[[email protected] ~/date]# mkdir -p /root/date/registry/config
[[email protected] ~/date]# vim /root/date/registry/config/config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
threshold: 3

启动服务

  docker run -d --name registry -p 5000:5000 --restart=always  --name=registry\
    -v /root/date/registry/config/:/etc/docker/registry/ \
    -v /root/date/registry/auth/:/auth/ \
    -e "REGISTRY_AUTH=htpasswd" \
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
    -v /root/date/registry:/var/lib/registry/ \
    registry:latest

登录服务

[[email protected] ~/date]# docker login  10.77.0.130:5000
Username: username
Password:
Login Succeeded

测试

和之前一样的测试方式,不过curl需要加上用户名和密码:

 curl -u username:passwd   10.77.0.130:5000/v2/_catalog

OK 本文到此为止,后面会研究一下Harbor安装,到时候在落文档吧。😄

See Also

Wed Aug 8, 2018

1000 Words|Read in about 2 Min
Tags: 容器   docker