Docker私有库搭建

1. 搜索registry镜像文件

docker search registry

2. 下载docker仓库镜像

docker pull registry

3. 检查镜像文件是否下载成功

[root@bogon ~]# docker images registry
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
registry     latest    b8604a3fe854   14 months ago   26.2MB

4. 运行registry镜像文件，生成仓库容器实例

[root@bogon /]# docker run -d -p 5000:5000 -v /data/docker_registry:/var/lib/registry --privileged=true --restart=always --name my_docker_registry registry
93537e8b9c4265a5a1bef5cb50970198b7685d18f3171c0f2994fe1770bb71ee
[root@bogon /]# docker ps
CONTAINER ID   IMAGE      COMMAND                  CREATED          STATUS          PORTS                                       NAMES
93537e8b9c42   registry   "/entrypoint.sh /etc…"   13 seconds ago   Up 12 seconds   0.0.0.0:5000->5000/tcp, :::5000->5000/tcp   my_docker_registry

--privileged=true 设置文件夹权限

--restart=always 设置docker启动后自启动

--name 设置容器名

-v /data/docker_registry:/var/lib/registry 设置容器卷挂载的宿主机目录，/data/docker_registry宿主机目录，/var/lib/registry docker容器卷

-d 后台运行

-p 设置端口映射，宿主机端口：容器内部端口

5. 私有仓库使用的是http协议，修改配置docker配置文件，并重启doker

cd /etc/docker/
vi daemon.json

在文件中增加 "insecure-registries": ["192.168.28.18:5000"] 配置，修改后文件如下：

{
  "insecure-registries": ["192.168.28.18:5000"]
}

192.168.28.18为私有仓库宿主机IP地址。

重启docker

systemctl daemon-reload
systemctl restart docker

6. 配置仓库用户名密码

  1) 检查服务器是否存在htpasswd命令

[root@bogon docker]# htpasswd --help
bash: htpasswd: 未找到命令...

  2) 若不存在，则下载httpd-tools

yum install httpd-tools -y

  3) 设置用户密码文件

mkdir -p /data/docker_registry/auth
htpasswd -Bbn mgy 123456 > /data/docker_registry/auth/htpasswd

  4) 删除当前容器，重新启动registry

[root@bogon /]# docker ps
CONTAINER ID   IMAGE      COMMAND                  CREATED       STATUS             PORTS                                       NAMES
93537e8b9c42   registry   "/entrypoint.sh /etc…"   2 hours ago   Up About an hour   0.0.0.0:5000->5000/tcp, :::5000->5000/tcp   my_docker_registry
[root@bogon /]# docker rm -f 93537e8b9c42
93537e8b9c42
[root@bogon /]# docker run -d -p 5000:5000 -v /data/docker_registry:/var/lib/registry -v /data/docker_registry/auth:/auth -e REGISTRY_AUTH=htpasswd -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e  REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd --privileged=true --restart=always --name my_docker_registry registry
f280e18bf84624e6a67ffa6ad8cf276b1da8488c2d2a83873c32a4192013d9f3
[root@bogon /]# docker ps
CONTAINER ID   IMAGE      COMMAND                  CREATED         STATUS         PORTS                                       NAMES
f280e18bf846   registry   "/entrypoint.sh /etc…"   5 seconds ago   Up 4 seconds   0.0.0.0:5000->5000/tcp, :::5000->5000/tcp   my_docker_registry

  5) 检查用户名密码是否增加成功

//无密码，失败
[root@bogon /]# curl -X GET http://192.168.28.18:5000/v2/_catalog
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
//有密码，成功
[root@bogon /]# curl -X GET http://192.168.28.18:5000/v2/_catalog -u mgy:123456
{"repositories":[]}

7.上传文件到私服

[root@bogon /]# docker images 
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
tomcat       latest    fb5657adc892   13 months ago   680MB

//修改要上传的文件为私服规定格式  hostip:port/镜像名:tag
[root@bogon /]# docker tag tomcat:latest 192.168.28.18:5000/tomcat:latest
[root@bogon /]# docker images
REPOSITORY                    TAG       IMAGE ID       CREATED         SIZE
tomcat                        latest    fb5657adc892   13 months ago   680MB
192.168.28.18:5000/tomcat   latest    fb5657adc892   13 months ago   680MB

//无用户名密码可直接上传，有用户名密码失败
[root@bogon /]# docker push 192.168.28.18:5000/tomcat:latest
The push refers to repository [192.168.28.18:5000/tomcat]
3e2ed6847c7a: Preparing 
bd2befca2f7e: Preparing 
31892cc314cb: Waiting 
11936051f93b: Waiting 
no basic auth credentials

//登录私服
[root@bogon /]# docker login -u mgy -p 123456 http://192.168.28.18:5000/v2/_catalog
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

//再次上传镜像
[root@bogon /]# docker push 192.168.28.18:5000/tomcat:latest
The push refers to repository [192.168.28.18:5000/tomcat]
3e2ed6847c7a: Pushed 
26a504e63be4: Pushed 
8bf42db0de72: Pushed 
31892cc314cb: Pushed 
11936051f93b: Pushed 
latest: digest: sha256:e6d65986e3b0320bebd85733be1195179dbce481201a6b3c1ed27510cfa18351 size: 2422

//检查是否上传成功
[root@bogon /]# curl -X GET http://192.168.28.18:5000/v2/_catalog -u mgy:123456
{"repositories":["tomcat"]}

8. 从私服下载镜像文件

[root@bogon /]# docker images
REPOSITORY                    TAG       IMAGE ID       CREATED         SIZE
192.168.28.18:5000/tomcat   latest    fb5657adc892   13 months ago   680MB
tomcat                        latest    fb5657adc892   13 months ago   680MB

//删除本地镜像
[root@bogon /]# docker rmi 192.168.28.18:5000/tomcat
Untagged: 192.168.28.18:5000/tomcat:latest
Untagged: 192.168.28.18:5000/tomcat@sha256:e6d65986e3b0320bebd85733be1195179dbce481201a6b3c1ed27510cfa18351
[root@bogon /]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
tomcat       latest    fb5657adc892   13 months ago   680MB

//下载镜像文件
[root@bogon /]# docker pull 192.168.28.18:5000/tomcat
Using default tag: latest
latest: Pulling from tomcat
Digest: sha256:e6d65986e3b0320bebd85733be1195179dbce481201a6b3c1ed27510cfa18351
Status: Downloaded newer image for 192.168.28.18:5000/tomcat:latest
192.168.28.18:5000/tomcat:latest

//检查是否下载成功
[root@bogon /]# docker images
REPOSITORY                    TAG       IMAGE ID       CREATED         SIZE
192.168.28.18:5000/tomcat   latest    fb5657adc892   13 months ago   680MB
tomcat                        latest    fb5657adc892   13 months ago   680MB