今天介绍一下docker仓库。Docker的管理方式是照仿github管理方式,使用方式也和github类似。获取镜像是docker pull、发布镜像是docker push,保存镜像是docker commit。因此只要是熟悉git命令行,对于docker也就不默生了。
由于dockerhub在国内访问比较慢且考虑到流量和带宽问题,构建自己的docker私有仓库非常有必要。下面所有做实验基于docker的版本是:Docker version 1.13.
一、私有仓库基础功能
最开始以为docker仓库会像maven仓库一样,需要单独安装一个软件,例如:maven仓库用nexus,然而并不是。Docker的仓库Registry服务也是构建在docker容器内,这也就验证了一个说法:对于docker来说,万物皆容器。也就是所有的应用、服务都全部署到容器内,Registry也不例外。
搭建私有仓库第一个步骤就是下Registry镜像。截至目前,Registry版本是2.0版本,据说2.0版本问题很多,对于学习者也就不在乎了。如果有人下载不了镜像,我已经上传到csdn中,可供大家下载使用。
1、创建Registry容器
[root@localhost ~]#
[root@localhost ~]# docker run -d --hostname localhost --restart always --name registry-v2 -v /opt/docker/registry/:/var/lib/registry -p 5000:5000 docker.io/registry
5365412e873647726e1f201cdfc4ed4558d3658cc262b278b7d3d47fa454a87f
[root@localhost ~]#
[root@localhost ~]#
特别说明:
1)如果host主机中没有/opt/docker/registry/,可自行创建。这个目录可随意指定。
2)Hostname为localhost。此名称也可以随意指定。
3)如果容器异常退出了,可能无法提供私服服务,因此经常需要增加--restart=always,这就保证容器始终在后台运行。
2、打标签
下面是本机中镜像:
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
myos/centos-ssh latest 1d5d89a94015 3 days ago 342.5 MB
docker.io/registry latest 177391bcf802 5 weeks ago 33.26 MB
docker.io/centos latest 3fa822599e10 5 weeks ago 203.5 MB
[root@localhost ~]#
[root@localhost ~]#
为了能够上传镜像,我们需要重新给镜像打Tag。为什么呢?这是因为docker仓库管理模式,它支持公有仓库和私有仓库,若是私有仓库,必须要有私有仓库标示。这一点和maven仓库不太一样。
执行如下命令:
[root@localhost ~]#
[root@localhost ~]# docker tag docker.io/centos localhost/mycentos
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
myos/centos-ssh latest 1d5d89a94015 3 days ago 342.5 MB
docker.io/registry latest 177391bcf802 5 weeks ago 33.26 MB
docker.io/centos latest 3fa822599e10 5 weeks ago 203.5 MB
localhost/mycentos latest 3fa822599e10 5 weeks ago 203.5 MB
[root@localhost ~]#
[root@localhost ~]#
特别说明:
如果image TAG不是latest,则在打标签的时候需指定TAG。例如:docker tag docker.io/centos:7.0 localhost/mycentos。
3、上传镜像
镜像已经打完标签后,即可上传镜像文件。在上传镜像文件之前,可先查看host主机中指定挂在目录,目录为空:
[root@localhost ~]#
[root@localhost ~]# ls /opt/docker/registry/
[root@localhost ~]#
遇到问题:
1)上传失败一直超时
[root@localhost ~]# docker push 127.0.0.1:5000/myos/centos-ssh
The push refers to a repository [127.0.0.1:5000/myos/centos-ssh]
9b8c7f915683: Retrying in 1 second
10d9ce9eba14: Retrying in 1 second
3192143c0a32: Retrying in 1 second
22900ad4b3af: Retrying in 1 second
b7edf3bf887a: Retrying in 1 second
1da3ee63e827: Waiting
57414cd1ff42: Waiting
502eccdceb40: Waiting
d0e964ea5aa8: Waiting
d1be66a59bc5: Waiting
^C
[root@localhost ~]#
通过查看docker日志,可知需要关闭SELinux。临时关闭在终端中输入:
[root@localhost ~]#
[root@localhost ~]# setenforce 0
[root@localhost ~]#
再次上传镜像
[root@localhost ~]# docker push 127.0.0.1:5000/myos/centos-ssh
The push refers to a repository [127.0.0.1:5000/myos/centos-ssh]
9b8c7f915683: Pushed
10d9ce9eba14: Pushed
3192143c0a32: Pushed
22900ad4b3af: Pushed
b7edf3bf887a: Pushed
1da3ee63e827: Pushed
57414cd1ff42: Pushed
502eccdceb40: Pushed
d0e964ea5aa8: Pushed
d1be66a59bc5: Pushed
latest: digest: sha256:58ee7bf5d184780159d4b86cffea5962af1798bb2fdd0778f110c743b09aab9a size: 2410
[root@localhost ~]#
查看镜像是否已经上传成功,可参考:
1)查看host主机目录
[root@localhost ~]#
[root@localhost ~]# ls /opt/docker/registry/docker/registry/v2/
blobs repositories
[root@localhost ~]#
2)通过Registry Api查看
[root@localhost ~]#
[root@localhost ~]# curl http://localhost:5000/v2/_catalog
{"repositories":["docker.io/centos","myos/centos-ssh"]}
[root@localhost ~]#
说明我已经上传了两个镜像文件。
4、更新镜像
先把本地镜像删除,然后在更新,如下参作:
[root@localhost ~]# docker rmi 127.0.0.1:5000/myos/centos-ssh 127.0.0.1:5000/docker.io/centos
Untagged: 127.0.0.1:5000/myos/centos-ssh:latest
Untagged: 127.0.0.1:5000/myos/centos-ssh@sha256:58ee7bf5d184780159d4b86cffea5962af1798bb2fdd0778f110c743b09aab9a
Untagged: 127.0.0.1:5000/docker.io/centos:latest
Untagged: 127.0.0.1:5000/docker.io/centos@sha256:58ee7bf5d184780159d4b86cffea5962af1798bb2fdd0778f110c743b09aab9a
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
myos/centos-ssh latest 1d5d89a94015 3 days ago 342.5 MB
docker.io/registry latest 177391bcf802 5 weeks ago 33.26 MB
docker.io/centos latest 3fa822599e10 5 weeks ago 203.5 MB
localhost/docker.io/centos latest 3fa822599e10 5 weeks ago 203.5 MB
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# docker pull 127.0.0.1:5000/docker.io/centos
Using default tag: latest
Trying to pull repository 127.0.0.1:5000/docker.io/centos ...
latest: Pulling from 127.0.0.1:5000/docker.io/centos
Digest: sha256:58ee7bf5d184780159d4b86cffea5962af1798bb2fdd0778f110c743b09aab9a
[root@localhost ~]#
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
127.0.0.1:5000/docker.io/centos latest 1d5d89a94015 3 days ago 342.5 MB
myos/centos-ssh latest 1d5d89a94015 3 days ago 342.5 MB
docker.io/registry latest 177391bcf802 5 weeks ago 33.26 MB
docker.io/centos latest 3fa822599e10 5 weeks ago 203.5 MB
localhost/docker.io/centos latest 3fa822599e10 5 weeks ago 203.5 MB
[root@localhost ~]#
[root@localhost ~]#
以上内容就是私有仓库基本做法,然而这种端口直接暴露方式很不安全。只要能访问host主机,就能访问私有仓库,很容易被人攻击。解决这个问题,大多数采用反向代理且通过https方式加以限制,这样就能保证安全性需求,具体如何设置可参考下一篇。