三、Docker 仓库之单机Docker Registry

最新推荐文章于 2023-08-11 16:17:21 发布

swd918

最新推荐文章于 2023-08-11 16:17:21 发布

阅读量443

点赞数

分类专栏： docker 文章标签： docker 运维容器 Powered by 金山文档

本文链接：https://blog.csdn.net/swd918/article/details/128548231

版权

docker 专栏收录该内容

4 篇文章 0 订阅

订阅专栏

Docker Registry 作为 Docker 的核心组件之一负责镜像内容的存储与分发，客户端的 docker pull 以及 push 命令都将直接与 registry 进行交互, 新的 docker register 被称为 Distribution，新的项目由 go 语言开发，所有的 API，底层存储方式，系统架构都进行了全面的重新设计已解决上一代 registry 中存在的问题，新版 registry 对镜像存储格式进行了重新设计并和旧版不兼容，docker 1.5和之前的版本无法读取2.0的镜像，另外，Registry 2.4 版本之后支持了回收站机制，所以如果你要使用最好是大于 Registry 2.4 版本的，目前最新版本为2.7.x。

官方文档地址：https://docs.docker.com/registry/

官方 github 地址：https://github.com/distribution/distribution

本部分将介绍通过官方提供的 docker registry 镜像来简单搭建一套本地私有仓库环境。

3.1 下载 docker registry 镜像

[root@localhost ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
ca7dd9ec2225: Pull complete 
c41ae7ad2b39: Pull complete 
1ed0fc8a6161: Pull complete 
21df229223d2: Pull complete 
626897ccab21: Pull complete 
Digest: sha256:ce14a6258f37702ff3cd92232a6f5b81ace542d9f1631966999e9f7c1ee6ddba
Status: Downloaded newer image for registry:latest

[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            latest              81c944c2288b        3 weeks ago         24.1MB

3.2 搭建单机仓库

3.2.1 创建授权使用目录

[root@localhost ~]# mkdir -p /docker/auth
[root@localhost ~]# cd /docker/auth
[root@localhost auth]#

3.2.2 创建用户

[root@localhost auth]# yum -y  install httpd-tools.x86_64     #安装工具，生成密码文件
[root@localhost auth]# htpasswd -Bbn repoadmin 123456 > htpwd
[root@localhost auth]# cat htpwd 
repoadmin:$2y$05$c3snkqyiXJAQH/sE/1xoveH57BmogagzAmMPn7sb3BzVfu12YKkM6

3.2.3 启动 docker registy

[root@localhost ~]# docker run -d -p 5000:5000 --restart=always --name registry1 -v /docker/auth/:/auth:ro -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpwd" registry:latest 
c85d967a23d86f75155610e54195768b801eb31dbaf3b9035c9e212e8f30f861
     
[root@localhost ~]# docker run -d -p 5001:5000  --name registry2 registry:latest 
ac75a7c90f2291c9e79846790b8fbb30d3ba66a914e3861ea417f328ff194914

3.2.4 验证端口和容器

[root@localhost ~]# docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
ac75a7c90f22        registry:latest     "/entrypoint.sh /etc…"   7 seconds ago       Up 5 seconds        0.0.0.0:5001->5000/tcp   registry2
c85d967a23d8        registry:latest     "/entrypoint.sh /etc…"   3 minutes ago       Up 3 minutes        0.0.0.0:5000->5000/tcp   registry1

[root@localhost ~]# ss -tnl | grep 500
LISTEN   0        512                    *:5000                *:*              
LISTEN   0        512                    *:5001                *:*

3.2.5 测试登录仓库

3.2.5.1 报错如下

#docker默认使用的是https进行访问，但是没有准备证书，可以猪呢比证书，也可以在不安全的仓库进行添加

[root@localhost ~]# docker login 192.168.11.11:5000
Username: repoadmin
Password: 
Error response from daemon: Get https://192.168.11.11:5000/v2/: http: server gave HTTP response to HTTPS client

3.2.5.2 解决方法

[root@localhost docker]# vim daemon.json 
{
  "insecure-registries": ["http://192.168.11.11:5000","http://server.kylin.com:5000"],
  "registry-mirrors": ["https://yydlt76u.mirror.aliyuncs.com"]
}
[root@localhost docker]# systemctl daemon-reload
[root@localhost docker]# systemctl restart docker.service 

[root@localhost docker]# docker info
.....
Insecure Registries:
 192.168.11.11:5000
 server.kylin.com:5000
 127.0.0.0/8
Registry Mirrors:
 https://yydlt76u.mirror.aliyuncs.com/
Live Restore Enabled: true

3.2.5.3 验证各 docker 服务器登录

[root@localhost docker]# docker login 192.168.11.11:5000
Username: repoadmin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@localhost docker]# vim /etc/hosts
server.kylin.com    192.168.11.11
[root@localhost docker]# docker login server.kylin.com:5000
Username: repoadmin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

3.2.6 在 node11 登录后上传镜像

3.2.6.1 镜像打 tag

#打标记格式为:主机IP或域名:端口/仓库/名称:tag

[root@localhost docker]# docker tag busybox:latest server.kylin.com:5000/test/bbox:v1
[root@localhost docker]# docker images 
REPOSITORY                        TAG                 IMAGE ID            CREATED             SIZE
registry                          latest              81c944c2288b        3 weeks ago         24.1MB
busybox                           latest              beae173ccac6        11 months ago       1.24MB
server.kylin.com:5000/test/bbox   v1                  beae173ccac6        11 months ago       1.24MB

3.2.6.2 上传镜像

[root@localhost docker]# docker push server.kylin.com:5000/test/bbox:v1 
The push refers to repository [server.kylin.com:5000/test/bbox]
01fd6df81c8e: Pushed 
v1: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527

3.2.7 node12 下载镜像并启动容器

从另外一台机器上的登录仓库，之后进行下载11上上传的进行，并查看id号是否一致。

[root@localhost docker]# docker login server.kylin.com:5000
Username: repoadmin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@localhost docker]# docker pull server.kylin.com:5000/test/bbox:v1
v1: Pulling from test/bbox
5cc84ad355aa: Pull complete 
Digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee
Status: Downloaded newer image for server.kylin.com:5000/test/bbox:v1

#验证镜像
[root@localhost docker]# docker images
REPOSITORY                        TAG                 IMAGE ID            CREATED             SIZE
server.kylin.com:5000/test/bbox   v1                  beae173ccac6        11 months ago       1.24MB

[root@localhost docker]# docker run -itd -p 80:80 -v /data:/www --rm server.kylin.com:5000/test/bbox:v1 httpd -f -h /www
d36ecd6ffd2b8b438ab757c8a6295c5cf8ea74dbf3e5e674f06fcdc5c615da65

#访问测试
[root@localhost docker]# echo 666 > /data/index.html
[root@localhost docker]# curl 192.168.11.12 
666

3.2.8 docker registry 查看命令

[root@localhost docker]# curl -u repoadmin:123456 http://192.168.11.11:5000/v2/_catalog
{"repositories":["test/bbox","web/nginx"]}
[root@localhost docker]# curl -u repoadmin:123456 http://192.168.11.11:5000/v2/web/nginx/tags/list
{"name":"web/nginx","tags":["v1"]}
[root@localhost docker]# docker pull httpd

[root@localhost docker]# docker tag httpd:latest 192.168.11.11:5000/web:httpd_v1
[root@localhost docker]# docker push 192.168.11.11:5000/web:httpd_v1 

[root@localhost docker]# curl -u repoadmin:123456 http://192.168.11.11:5000/v2/_catalog
{"repositories":["test/bbox","web","web/nginx"]}
[root@localhost docker]# curl -u repoadmin:123456 http://192.168.11.11:5000/v2/web/tags/list
{"name":"web","tags":["httpd_v1"]}

#在12机器上进行下载
[root@localhost docker]# docker pull 192.168.11.11:5000/web:httpd_v1