前言
本次搭建docker私有仓库的主机IP地址为:192.168.88.128,记住这个IP地址,后面容器做端口映射的时候会用到
一、在Centos 7 下安装docker
1.1、通过yum搜索适用的docker包
[root@mail ~]# yum search docker
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.ehost.vn
* extras: mirrors.123host.vn
* updates: mirrors.bangmod.cloud
=================================================================================== N/S matched: docker ===================================================================================
cockpit-docker.x86_64 : Cockpit user interface for Docker containers
docker-client.x86_64 : Client side files for Docker
docker-client-latest.x86_64 : Client side files for Docker
docker-common.x86_64 : Common files for docker and docker-latest
docker-distribution.x86_64 : Docker toolset to pack, ship, store, and deliver content
docker-latest-logrotate.x86_64 : cron job to run logrotate on Docker containers
docker-latest-v1.10-migrator.x86_64 : Calculates SHA256 checksums for docker layer content
docker-logrotate.x86_64 : cron job to run logrotate on Docker containers
docker-lvm-plugin.x86_64 : Docker volume driver for lvm volumes
docker-registry.x86_64 : Registry server for Docker
docker-v1.10-migrator.x86_64 : Calculates SHA256 checksums for docker layer content
pcp-pmda-docker.x86_64 : Performance Co-Pilot (PCP) metrics from the Docker daemon
podman-docker.noarch : Emulate Docker CLI using podman
python-docker-py.noarch : An API client for docker written in Python
python-docker-pycreds.noarch : Python bindings for the docker credentials store API
docker.x86_64 : Automates deployment of containerized applications
docker-latest.x86_64 : Automates deployment of containerized applications
docker-novolume-plugin.x86_64 : Block container starts with local volumes defined
oci-systemd-hook.x86_64 : OCI systemd hook for docker
oci-umount.x86_64 : OCI umount hook for docker
skopeo.x86_64 : Inspect Docker images and repositories on registries
Name and summary matches only, use "search all" for everything.
[root@mail ~]#
1.2、下载docker包
[root@mail ~]# yum install -y install docker.x86_64
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.ehost.vn
* extras: mirrors.123host.vn
* updates: mirrors.bangmod.cloud
当看到“complete”即代表docker服务安装成功
1.3、以服务的方式启动docker
[root@mail ~]# service docker start
Redirecting to /bin/systemctl start docker.service
[root@mail ~]#
1.4、查看docker是否启动成功
[root@mail ~]# service docker status
Redirecting to /bin/systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-07-27 10:30:59 PDT; 2h 26min ago
Docs: http://docs.docker.com
Main PID: 7521 (dockerd-current)
Tasks: 50
Memory: 42.3M
CGroup: /system.slice/docker.service
├─ 7521 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --use...
├─ 7526 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker...
├─ 7833 /usr/libexec/docker/docker-proxy-current -proto tcp -host-ip 0.0.0.0 -host-port 5000 -container-ip 172.17.0.2 -container-port 5000
├─ 7840 /usr/bin/docker-containerd-shim-current 81fb050be2b8d0653e9d538799819553a87e5f1403c50c27fafc46184b1ff70f /var/run/docker/libcontainerd/81fb050be2b8d0653e9d5387998195...
├─10404 /usr/libexec/docker/docker-proxy-current -proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.3 -container-port 8080
└─10419 /usr/bin/docker-containerd-shim-current 1e806659f9de9e5c0a791619e0348b6fd1486c1535311622e005e7b0090134f7 /var/run/docker/libcontainerd/1e806659f9de9e5c0a791619e0348b...
Jul 27 12:18:34 mail.alive.com dockerd-current[7521]: time="2019-07-27T19:18:34.470020164Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="192.168.88.128:50...
Jul 27 12:18:34 mail.alive.com dockerd-current[7521]: time="2019-07-27T19:18:34.495779775Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="192.168.88.128:50...
Jul 27 12:18:34 mail.alive.com dockerd-current[7521]: 172.17.0.1 - - [27/Jul/2019:19:18:34 +0000] "GET /v2/nginx/tags/list HTTP/1.1" 200 35 "" "Java/1.7.0_111"
Jul 27 12:18:45 mail.alive.com dockerd-current[7521]: 172.17.0.1 - - [27/Jul/2019:19:18:45 +0000] "GET /v2/nginx/tags/list HTTP/1.1" 200 35 "" "Java/1.7.0_111"
Jul 27 12:18:45 mail.alive.com dockerd-current[7521]: time="2019-07-27T19:18:45.070045618Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="192.168.88.128:50...
Jul 27 12:18:45 mail.alive.com dockerd-current[7521]: time="2019-07-27T19:18:45.080590167Z" level=info msg="rewriting manifest sha256:dc85890ba9763fe38b178b337d4ccc802874afe3c02e6c98c3...
Jul 27 12:18:45 mail.alive.com dockerd-current[7521]: time="2019-07-27T19:18:45.09297985Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="192.168...anifests/la
Jul 27 12:18:45 mail.alive.com dockerd-current[7521]: 172.17.0.1 - - [27/Jul/2019:19:18:45 +0000] "GET /v2/nginx/manifests/latest HTTP/1.1" 200 11058 "" "Java/1.7.0_111"
Jul 27 12:18:45 mail.alive.com dockerd-current[7521]: 172.17.0.1 - - [27/Jul/2019:19:18:45 +0000] "GET /v2/nginx/manifests/latest HTTP/1.1" 200 948 "" "Java/1.7.0_111"
Jul 27 12:18:45 mail.alive.com dockerd-current[7521]: time="2019-07-27T19:18:45.110536497Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="192.16...manifests/l
Hint: Some lines were ellipsized, use -l to show in full.
[root@mail ~]#
如上所示,界面中出现了**Active: active (running)**代表docker启动成功并正在运行中
二、安装docker的registry镜像
2.1、通过docker search 查询registry镜像
[root@mail ~]# docker search registry
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/registry The Docker Registry 2.0 implementation for... 2630 [OK]
docker.io docker.io/distribution/registry WARNING: NOT the registry official image!!... 57 [OK]
docker.io docker.io/stefanscherer/registry-windows Containerized docker registry for Windows ... 26
docker.io docker.io/budry/registry-arm Docker registry build for Raspberry PI 2 a... 18
docker.io docker.io/deis/registry Docker image registry for the Deis open so... 12
docker.io docker.io/anoxis/registry-cli You can list and delete tags from your pri... 6 [OK]
docker.io docker.io/vmware/registry 5
docker.io docker.io/allingeek/registry A specialization of registry:2 configured ... 4 [OK]
docker.io docker.io/pallet/registry-swift Add swift storage support to the official ... 4 [OK]
docker.io docker.io/jc21/registry-ui A nice web interface for managing your Doc... 2
docker.io docker.io/conjurinc/registry-oauth-server Docker registry authn/authz server backed ... 1
docker.io docker.io/goharbor/registry-photon 1
docker.io docker.io/ibmcom/registry Docker Image for IBM Cloud private-CE (Com... 1
docker.io docker.io/metadata/registry Metadata Registry is a tool which helps yo... 1 [OK]
docker.io docker.io/webhippie/registry Docker images for Docker Registry 1 [OK]
docker.io docker.io/concourse/registry-image-resource 0
docker.io docker.io/convox/registry 0
docker.io docker.io/euank/registry-v2 0
docker.io docker.io/ghmlee/registrybot registrybot 0 [OK]
docker.io docker.io/gisjedi/registry-proxy Reverse proxy of registry mirror image gis... 0
docker.io docker.io/kontena/registry Kontena Registry 0
docker.io docker.io/lorieri/registry-ceph Ceph Rados Gateway (and any other S3 compa... 0
docker.io docker.io/upmcenterprises/registry-creds 0
docker.io docker.io/vmware/registry-photon 0
docker.io docker.io/zoined/registry Private Docker registry based on registry:2 0
[root@mail ~]#
如上图中,第一个docker.io/registry即为我们需要的镜像文件
2.2、下载registry镜像文件
[root@mail ~]# docker pull docker.io/registry
[root@mail ~]# docker pull docker.io/registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ...
latest: Pulling from docker.io/library/registry
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Image is up to date for docker.io/registry:latest
[root@mail ~]#
由于我的主机上面已经下载过了registry镜像所以这里显示的是“Image is up to date for docker.io/registry:latest ”,等待docker自动pull镜像完成
2.3、通过docker images 查看镜像是否下载成功
[root@mail ~]#
[root@mail ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.88.128:5000/nginx latest e445ab08b2be 4 days ago 126 MB
docker.io/nginx latest e445ab08b2be 4 days ago 126 MB
docker.io/registry latest f32a97de94e1 4 months ago 25.8 MB
docker.io/hyper/docker-registry-web latest 0db5683824d8 2 years ago 599 MB
[root@mail ~]#
上图中可以看到registry镜像已经下载完成了
2.4、在主机上创建一个存放私有仓库的目录
[root@mail ~]# mkdir -p /opt/data/registry
2.5、通过仓库启动registry镜像
docker run -d -p 5000:5000 --name private_registry -v /opt/data/registry/:/var/lib/registry --restart=always docker.io/registry
Tips:
- “-d”:代表容器在后台运行
- “-p 5000:5000”:表示将容器的5000端口映射到虚拟机192.168.88.128的5000端口
- “–name”:代表容器启动后的名字(设置容器名)
- “-v /opt/data/registry/:/var/lib/registry”:将容器中的“/var/lib/registry”目录映射到主机192.168.88.128的“/opt/data/registry”;“/var/lib/registry”是私有仓库容器存放镜像的目录
- “-restart=always”:表示容器随着docker启动而启动,同时若容器异常终止,则会自动启动
容器启动后可通过docker ps 查看其运行状态、端口映射等信息
[root@mail ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1e806659f9de docker.io/hyper/docker-registry-web "start.sh" About an hour ago Up About an hour 0.0.0.0:8080->8080/tcp registry-web
81fb050be2b8 docker.io/registry "/entrypoint.sh /e..." 2 hours ago Up 2 hours 0.0.0.0:5000->5000/tcp private_registry
[root@mail ~]#
上图的第二个即为registry的容器信息,此时需要记住registry容器的名称(NAMES,如这里的private_registry),后续配置WebUI界面会使用到
三、为docker仓库增加Web UI访问
3.1、增加WebUI 的好处
- 增加仓库的可读性
- 方便所有使用仓库的人查看
3.2、用哪个WebUI 来做
- docker-registry-web
3.3、安装WebUI步骤
3.3.1、搜索镜像
[root@mail ~]# docker search docker-registry-web
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/hyper/docker-registry-web Web UI, authentication service and event r... 172 [OK]
docker.io docker.io/dockerpenguin/registry-web-envsubst 基于hyper/docker-registry-web增加模版化生成配置文件功能 1
docker.io docker.io/tomaskral/docker-registry-web 1 [OK]
docker.io docker.io/alsonchang/docker-registry-web 0
docker.io docker.io/andriichyzh/docker-registry-web 0 [OK]
docker.io docker.io/cloudaku/docker-registry-web 0 [OK]
docker.io docker.io/fsio/docker-registry-web 0
docker.io docker.io/gladiatr72/docker-registry-web 0
docker.io docker.io/hellertime/docker-registry-web docker-registry-web fork 0 [OK]
docker.io docker.io/jinnabalu/docker-registry-web Docker Registry Web UI, authentication ser... 0
docker.io docker.io/joker514/docker-registry-web 0
docker.io docker.io/labdocker/docker-registry-web Web UI for docker registry web page 0
docker.io docker.io/lfkeitel/docker-registry-web 0
docker.io docker.io/madtech/docker-registry-web 0
docker.io docker.io/muzyka/docker-registry-web 0
docker.io docker.io/peterjakobs/docker-registry-web-armv7 0
docker.io docker.io/pnymetapack/docker-registry-web hyper/docker-registry-web + alpine + openj... 0
docker.io docker.io/quantsresearch/docker-registry-web Simple web ui for docker private registry v2. 0 [OK]
docker.io docker.io/rongimpi/hyper-docker-registry-web hyper/docker-registry-web latest with curl... 0
docker.io docker.io/sazap10/docker-registry-webapp A frontend for a private docker registry(v2). 0 [OK]
docker.io docker.io/tatleung/docker-registry-web-arm Web UI, authentication service and event r... 0
docker.io docker.io/tbeck/docker-registry-web Adds https support in a Let's Encrypt frie... 0 [OK]
docker.io docker.io/vaix/docker-registry-web 0
docker.io docker.io/zhuang1125/greek8s docker-registry-web 0 [OK]
[root@mail ~]#
第一个镜像文件为我们所需要的
3.3.2、拉取镜像
[root@mail ~]# docker pull docker.io/hyper/docker-registry-web
Using default tag: latest
Trying to pull repository docker.io/hyper/docker-registry-web ...
latest: Pulling from docker.io/hyper/docker-registry-web
Digest: sha256:723ffa29aed2c51417d8bd32ac93a1cd0e7ef857a0099c1e1d7593c09f7910ae
Status: Image is up to date for docker.io/hyper/docker-registry-web:latest
[root@mail ~]#
我的主机已经下载过了所以这里显示的是已经安装了最新版
3.3.3、查询镜像文件是否下载成功
[root@mail ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.88.128:5000/nginx latest e445ab08b2be 4 days ago 126 MB
docker.io/nginx latest e445ab08b2be 4 days ago 126 MB
docker.io/registry latest f32a97de94e1 4 months ago 25.8 MB
docker.io/hyper/docker-registry-web latest 0db5683824d8 2 years ago 599 MB
[root@mail ~]#
可以看到最后一个镜像即为刚刚拉取的镜像文件
3.3.4、启动WebUI同时连接到仓库容器(通过仓库容器名称连接)
通过如下命令执行该步骤:
[root@mail ~]# docker run -d --restart=always -p 8080:8080 --name registry-web --link private_registry -e REGISTRY_URL=http://192.168.88.128:5000/v2 -e REGISTRY_NAME=192.168.88.128:5000 docker.io/hyper/docker-registry-web
此时通过docker ps查看WebUI容器是否启动成功,如果成功则可以通过浏览器输入192.168.22.128:8080访问到WebUI的docker仓库,此时没有任何镜像文件
四、上传镜像文件到镜像仓库
写在前面的话:
- 禁用seliunx–>重设 /etc/selinux/config中的SELINUX为SELINUX=disabled
- 由于docker私有仓库服务器默认使用的是HTTPS传输的,所以要在客户端配置不适用HTTPS传输,方法如下:
4.1、修改docker配置文件,使其不适用HTTPS加密协议传输
[root@mail ~]# vim /etc/docker/daemon.json
将如下内容加入到其中并保存退出:
{"insecure-registries":["192.168.88.128:5000"]}
4.2、下载一个用于测试的镜像文件,修改名字之后推送到私有仓库中
用于测试的镜像文件为 docker.io/nginx
[root@mail ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest e445ab08b2be 4 days ago 126 MB
docker.io/registry latest f32a97de94e1 4 months ago 25.8 MB
docker.io/hyper/docker-registry-web latest 0db5683824d8 2 years ago 599 MB
[root@mail ~]#
下载成功后通过修改其名字为:IP/域名:5000/nginx
[root@mail ~]# docker tag docker.io/nginx 192.168.88.128:5000/nginx
执行命令后可以通过docker images查看到更改后的镜像
[root@mail ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.88.128:5000/nginx latest e445ab08b2be 4 days ago 126 MB
docker.io/nginx latest e445ab08b2be 4 days ago 126 MB
docker.io/registry latest f32a97de94e1 4 months ago 25.8 MB
docker.io/hyper/docker-registry-web latest 0db5683824d8 2 years ago 599 MB
4.3、推送镜像到仓库中
docker push 192.168.88.128:5000/nginx
操作完成后镜像推送到仓库完成,此时浏览器中输入192.168.88.128:8080即可看到推送的Nginx镜像
----教程结束