搭建私有仓库
前提
安装好docker并启动。
启动私有仓库
docker run -d -v /opt/registry:/var/lib/registry -p 4000:5000 --restart=always --name registry registry:2
配置docker使用私有仓库
cat /usr/lib/systemd/system/docker.service
[Service]
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.229.114:4000
MountFlags=shared
或者如下进行配置
cat > /etc/docker/daemon.json << EOF
{
"insecure-registries":["192.168.102.20:4000"]
}
EOF
重载配置
systemctl daemon-reload
systemctl restart docker
推送镜像到私有仓库
查看已经有的镜像
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry 2 ee34aa9d8ab2 2 weeks ago 26.2MB
改镜像标签
docker tag registry:2 192.168.102.20:4000/registry:2
再次查看镜像
192.168.102.20:4000/registry 2 ee34aa9d8ab2 2 weeks ago 26.2MB
registry 2 ee34aa9d8ab2 2 weeks ago 26.2MB
推送镜像到私有仓库
docker push 192.168.102.20:4000/registry:2
The push refers to repository [192.168.102.20:4000/registry]
b2335c628697: Pushed
3cb95fe83bcd: Pushed
d2ecc62f3d1a: Pushed
8e95b38dd51d: Pushed
2b2bcc6e6724: Pushed
2: digest: sha256:160c621b9bd98c4becce1c3b14e4866524dbe898d3af2e48d81fa1821b82c615 size: 1363
验证是否推送成功
curl 192.168.102.20:4000/v2/_catalog
{"repositories":["elasticsearch","logstash","nginx","registry","rsyslog","zs_power"]}
配置仓库TLS(证书)
生成证书
mkdir -p /certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /certs/docker.key -x509 -days 365 -out /certs/docker.crt
输出略
配置域名解析
vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.2 ceph-01 docker
启动私有仓库
docker run -d --restart=always --name registry -v /certs/:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker.crt -e REGISTRY_HTTP_TLS_KEY=/certs/docker.key -p 443:443 registry:2
配置docker使用私有仓库
cat /usr/lib/systemd/system/docker.service
[Service]
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry docker:443
MountFlags=shared
或者如下进行配置
cat > /etc/docker/daemon.json << EOF
{
"insecure-registries":["docker:443"]
}
EOF
配置docker证书认证
mkdir /etc/docker/certs.d/docker -p
cp /certs/docker.crt /etc/docker/certs.d/docker/ca.crt
重载配置
systemctl daemon-reload
systemctl restart docker
验证
本地推送镜像到仓库
[root@ceph-01 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis 6.0.15 2da55ba11193 4 weeks ago 104MB
registry 2 b2cb11db9d3d 5 weeks ago 26.2MB
改镜像标签为仓库地址/镜像名
docker tag redis:6.0.15 docker:443/redis:6.0.15
推送镜像到仓库
docker push docker:443/redis:6.0.15
查看仓库中镜像
curl -k https://docker:443/v2/_catalog
{"repositories":["redis"]}
远端拉取镜像
配置docker使用私有仓库
cat /usr/lib/systemd/system/docker.service
[Service]
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry docker:443
MountFlags=shared
或者如下进行配置
cat > /etc/docker/daemon.json << EOF
{
"insecure-registries":["docker:443"]
}
EOF
重载配置
systemctl daemon-reload
systemctl restart docker
配置域名解析
vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.2 docker
拉取镜像
[root@ceph-03 ~]# docker pull docker:443/redis:6.0.15
6.0.15: Pulling from redis
Digest: sha256:6d47dd4018838c3f5aabbda89ae082a8974bfebfd2c29d3a0ca9c309f2831528
Status: Image is up to date for docker:443/redis:6.0.15
docker:443/redis:6.0.15
配置仓库用户认证
安装htpasswd工具
[root@ceph-01 auth]# yum -y install httpd
生成密码文件
[root@ceph-01 auth]# htpasswd -Bbn admin admin > /auth/htpasswd
[root@ceph-01 auth]# cat /auth/passwd
admin:$2y$05$qwz979dCgZ7Sz.Xoby1uj.JowP3HiCDtfUdrrkJ.luHjvOzq25rvW
删除旧的registry容器
docker rm -f registry
启动带认证的registry容器
docker run -d --restart=always --name registry -v /certs/:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker.crt -e REGISTRY_HTTP_TLS_KEY=/certs/docker.key -p 443:443 -v /auth:/auth -e REGISTRY_AUTH=htpasswd -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2
测试
curl测试
注意:需要使用-u参数跟上镜像仓库的用户名
[root@ceph-01 auth]# curl -k -u admin https://docker:443/v2/_catalog
Enter host password for user 'admin':
{"repositories":[]}
推送镜像测试
[root@ceph-01 auth]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis 6.0.15 2da55ba11193 4 weeks ago 104MB
docker:443/redis 1 2da55ba11193 4 weeks ago 104MB
docker:443/redis 6.0.15 2da55ba11193 4 weeks ago 104MB
docker:443/redis test 2da55ba11193 4 weeks ago 104MB
registry 2 b2cb11db9d3d 5 weeks ago 26.2MB
registry latest b2cb11db9d3d 5 weeks ago 26.2MB
[root@ceph-01 auth]# docker tag redis:6.0.15 docker:443/redis:test1
[root@ceph-01 auth]# docker push docker:443/redis:test1
The push refers to repository [docker:443/redis]
9ed2da73b598: Preparing
cb105e912848: Preparing
3ed8891c7fbb: Preparing
6a7992ac4800: Preparing
bdad86443e47: Preparing
d000633a5681: Preparing
no basic auth credentials
由报错可知,未登陆,故推送不成功。
登陆私有仓库
[root@ceph-01 auth]# docker login docker:443
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
再次推送镜像
[root@ceph-01 auth]# docker push docker:443/redis:test1
The push refers to repository [docker:443/redis]
9ed2da73b598: Pushed
cb105e912848: Pushed
3ed8891c7fbb: Pushed
6a7992ac4800: Pushed
bdad86443e47: Pushed
d000633a5681: Pushed
test1: digest: sha256:6d47dd4018838c3f5aabbda89ae082a8974bfebfd2c29d3a0ca9c309f2831528 size: 1573
远端主机推送镜像测试
[root@ceph-03 ~]# docker login docker:443
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@ceph-03 ~]# docker tag redis:6.0.15 docker:443/redis:test2
[root@ceph-03 ~]# docker push docker:443/redis:test2
The push refers to repository [docker:443/redis]
9ed2da73b598: Layer already exists
cb105e912848: Layer already exists
3ed8891c7fbb: Layer already exists
6a7992ac4800: Layer already exists
bdad86443e47: Layer already exists
d000633a5681: Layer already exists
test2: digest: sha256:6d47dd4018838c3f5aabbda89ae082a8974bfebfd2c29d3a0ca9c309f2831528 size: 1573