目录
1. 什么是仓库?
- Docker 仓库是用来包含镜像的位置,Docker提供一个注册服务器(Register)来保存多个仓库,每个仓库又可以包含多个具备不同tag的镜像。
- Docker运行中使用的默认仓库是 Docker Hub 公共仓库。
Docker 的运行流程如下图所示:
2. Docker hub
Docker hub 是 docker 公司维护的公共仓库,用户可以免费使用,也可以购买私有仓库。
首先在https://hub.docker.com/网站注册一个账号;在docker hub上新建一个公共仓库。
接下来要从docker主机上传镜像,首先需要登录:
[root@node11 ~]# docker login
Username: zcx0216
Password: xxxxxxxx
docker hub为了区分不同用户的同名镜像,要求镜像的格式是:[username]/xxx.tag
[root@node11 ~]# docker tag busybox:latest zcx0216/busybox:latest
将busybox:latest改名为zcx0216/busybox:latest
[root@node11 ~]# docker push zcx0216/busybox:latest 上传镜像到docker hub
The push refers to repository [docker.io/zcx0216/busybox]
084326605ab6: Mounted from library/busybox
latest: digest: sha256:98de1ad411c6d08e50f26f392f3bc6cd65f686469b7c22a85c7b5fb1b820c154 size: 527
[root@node11 ~]# docker pull zcx0216 /busybox:latest 从docker hub拉取镜像
[root@node11 ~]# docker rmi zcx0216/busybox:latest 删除本地镜像
3. Registry 工作原理
- 一次docker pull 或 push背后发生的事情
index 服务主要提供镜像索引以及用户认证的功能。当下载一个镜像的时候,首先会去 index 服务上做认证,然后查找镜像所在的 registry的地址并放回给 docker 客户端,docker 客户端再从 registry 下载镜像,在下载过程中 registry 会去 index 校验客户端 token 的合法性,不同镜像可以保存在不同的 registry 服务上,其索引信息都放在 index 服务上。
Docker Registry有三个角色,分别是index、registry和registry client。
index :负责并维护有关用户帐户、镜像的校验以及公共命名空间的信息。
Web UI、元数据存储、认证服务、符号化。
registry:是镜像和图表的仓库,它不具有本地数据库以及不提供用户认证,通过Index Auth service的Token的方式进行认证。
Registry Client:Docker充当registry客户端来维护推送和拉取,以及客户端的授权。
情景A:用户要获取并下载镜像。
- 情景B:用户要推送镜像到registry中。
- 情景C:用户要从index或registry中删除镜像。
docker hub 虽然方便,但是还是有限制;需要 internet 连接,速度慢;所有人都可以访问;由于安全原因企业不允许将镜像放到外网,好消息是docker公司已经将registry开源,我们可以快速构建企业私有仓库。
https://docs.docker.com/registry/deploying/
之前搭建的仓库没有认证,相对来说可用度不是很高;接下来搭建私有仓库;
[root@node11 ~]# docker pull registry 拉取镜像
Using default tag: latest
latest: Pulling from library/registry
79e9f2f55bf5: Pull complete
0d96da54f60b: Pull complete
5b27040df4a2: Pull complete
e2ead8259a04: Pull complete
3790aef225b9: Pull complete
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@node11 ~]# docker history registry:latest
IMAGE CREATED CREATED BY SIZE COMMENT
b8604a3fe854 9 months ago /bin/sh -c #(nop) CMD ["/etc/docker/registr… 0B
<missing> 9 months ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.… 0B
<missing> 9 months ago /bin/sh -c #(nop) COPY file:507caa54f88c1f38… 155B
<missing> 9 months ago /bin/sh -c #(nop) EXPOSE 5000 0B
<missing> 9 months ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B
<missing> 9 months ago /bin/sh -c #(nop) COPY file:4544cc1555469403… 295B
<missing> 9 months ago /bin/sh -c #(nop) COPY file:21256ff7df5369f7… 20.1MB
<missing> 9 months ago /bin/sh -c set -ex && apk add --no-cache… 549kB
<missing> 9 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 9 months ago /bin/sh -c #(nop) ADD file:efe2d94a88cdbbd01… 5.62MB
[root@node11 ~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry 端口映射来运行仓库,前面的是宿主机的端口,后面是是容器的端口
1de34f6b93629541143f9560aefd55012cee35354b11161ca4f03670261024ad
[root@node11 ~]# docker ps 查看镜像
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1de34f6b9362 registry "/entrypoint.sh /etc…" 8 seconds ago Up 6 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp registry
2e6add81168f nginx:v4 "nginx -g 'daemon of…" 6 hours ago Up 6 hours 80/tcp, 443/tcp demo
ab384f31fdd9 nginx:v1 "/usr/local/nginx/sb…" 12 hours ago Up 12 hours 0.0.0.0:80->80/tcp, :::80->80/tcp web1
[root@node11 ~]# docker rm -f web1
[root@node11 ~]# docker rm -f demo 删掉多余镜像
[root@node11 ~]# docker rmi nginx:v1
[root@node11 ~]# docker tag nginx:v4 localhost:5000/nginx:v4 重新打标签用于区分不同用户的同名镜像
[root@node11 ~]# docker push localhost:5000/nginx:v4 上传镜像到本地仓库
The push refers to repository [localhost:5000/nginx]
f2de2408d1e1: Pushed
0b3d0512394d: Pushed
5b1fa8e3e100: Pushed
v4: digest: sha256:c3be65e3ffe25b9ffb13b0cff2a5760002f4d5e84b8758b040d7686fec292dc8 size: 949
4.搭建私有仓库
为了远程可以访问,此时再开一台虚拟机观察效果;先在第二台虚拟机上搭建 docker 软件仓库以及安装docker 工具;
[root@node22 ~]# cd /etc/yum.repos.d/
[root@node22 yum.repos.d]# vim docker-cr.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
gpgcheck=0
[root@node22 yum.repos.d]# vim CentOS-Base.repo
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
baseurl=http://mirrors.aliyun.com/centos/7/extras/$basearch/
gpgcheck=0
[root@node22 yum.repos.d]# yum install -y docker-ce
[root@node22 yum.repos.d]# systemctl enable --now docker 设定开机自启动
[root@node22 yum.repos.d]# docker info
[root@node22 yum.repos.d]# cd /etc/sysctl.d
[root@node22 sysctl.d]# vim docker.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
[root@node22 sysctl.d]# sysctl --system
完成以上之后,我们还需要告诉docker 所拉取的是一个非安全的仓库;
[root@node22 sysctl.d]# cd /etc/docker/
[root@node22 docker]# vim daemon.json
{
"insecure-registries": ["192.168.0.11:5000"]
}
[root@node22 docker]# systemctl reload docker
[root@node22 docker]# docker info
1).为Docker仓库添加证书加密功能
[root@node22 docker]# docker pull 192.168.0.11:5000/nginx:v4 拉取镜像
v4: Pulling from nginx
2df365faf0e3: Pull complete
c6f4d1a13b69: Pull complete
67a0bc48c5e6: Pull complete
Digest: sha256:c3be65e3ffe25b9ffb13b0cff2a5760002f4d5e84b8758b040d7686fec292dc8
Status: Downloaded newer image for 192.168.0.11:5000/nginx:v4
192.168.0.11:5000/nginx:v4
[root@node22 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.0.11:5000/nginx v4 17304c5b9302 15 hours ago 33.7MB
生成证书(域名westos.org要求在主机上有解析)
[root@node11 ~]# yum install -y openssl11-1.1.1k-2.el7.x86_64.rpm openssl11-libs-1.1.1k-2.el7.x86_64.rpm 升级openssl11版本
[root@node11 ~]# mkdir -p certs
[root@node11 ~]# openssl11 req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -addext "subjectAltName = DNS:reg.westos.org" -x509 -days 365 -out certs/westos.org.crt 生成证书
Can't load /root/.rnd into RNG
140093343622976:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:98:Filename=/root/.rnd
Generating a RSA private key
..............................................................................................................................................................++++
..........................................++++
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shananxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:docker
Common Name (eg, your name or your server's hostname) []:reg.westos.org
Email Address []:root@westos.org
[root@node11 ~]# docker rm -f registry 删除镜像
[root@node11 ~]# docker run -d --name registry -p 443:443 -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registry 重新运行
2fa14c3a17458764218241543e7f46ec958af701ba89e6a76d430570e9ab768f
[root@node11 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2fa14c3a1745 registry "/entrypoint.sh /etc…" 27 seconds ago Up 26 seconds 0.0.0.0:443->443/tcp, :::443->443/tcp, 5000/tcp registry
做地址解析:
[root@node11 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.6 localhost
192.168.0.11 node11 reg.westos.org
192.168.0.22 node22
192.168.0.33 node33
上传镜像:
[root@node11 ~]# docker tag yakexi007/game2048:latest reg.westos.org/game2048:latest
修改yakexi007/game2048:latest名字为reg.westos.org/game2048:lates
[root@node11 ~]# docker push reg.westos.org/game2048
Using default tag: latest
The push refers to repository [reg.westos.org/game2048]
Get "https://reg.westos.org/v2/": x509: certificate signed by unknown authority
此时上传会有证书问题,表示加密成功
让docker 自动获取到证书信息;
[root@node11 certs]# cd /etc/docker
[root@node11 docker]# cd certs.d/
[root@node11 certs.d]# mkdir reg.westos.org
[root@node11 certs.d]# cd reg.westos.org
[root@node11 reg.westos.org]# cp /root/certs/westos.org.crt ca.crt
[root@node11 reg.westos.org]# ls
ca.crt
此时再次上传查看:
[root@node11 reg.westos.org]# docker push reg.westos.org/game2048
Using default tag: latest
The push refers to repository [reg.westos.org/game2048]
88fca8ae768a: Pushed
6d7504772167: Pushed
192e9fad2abc: Pushed
36e9226e74f8: Pushed
011b303988d2: Pushed
latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364
[root@node22 docker]# vim daemon.json 镜像下载加速器
{
"registry-mirrors": ["https://reg.westos.org"]
}
[root@node22 docker]# systemctl reload docker 重启
[root@node22 docker]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.6 localhost
192.168.0.11 node11 reg.westos.org
192.168.0.22 node22
192.168.0.33 node33
[root@node22 docker]# docker pull reg.westos.org/game2048:latest 证书问题
Error response from daemon: Get "https://reg.westos.org/v2/": x509: certificate signed by unknown authority
[root@node11 docker]# scp -r certs.d/ node22:/etc/docker/ 将证书复制到node22
[root@node22 docker]# docker pull reg.westos.org/game2048:latest
latest: Pulling from game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for reg.westos.org/game2048:latest
reg.westos.org/game2048:latest
2).为Docker仓库添加用户认证功能
[root@node11 ~]# mkdir auth
[root@node11 ~]# yum install httpd-tools.x86_64 -y
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Package httpd-tools-2.4.6-88.el7.x86_64 already installed and latest version
Nothing to do
[root@node11 ~]# htpasswd -cB auth/htpasswd zcx生成用户密码文件
New password:
Re-type new password:
Adding password for user zcx
[root@node11 ~]# htpasswd -B auth/htpasswd admin -c 只有在第一次需要添加,后面用户要时依然加-c 会覆盖之前的;-B 是强制的意思
New password:
Re-type new password:
Adding password for user admin
[root@node11 ~]# cat auth/htpasswd
zcx:$2y$05$j3aaPEMQAHRLg25/iDJYHOGiyc2An.bhxO7M.YsyDQo1zGQ4l/VI2
admin:$2y$05$5astvAP1olDFhsF5QYAqtu1ZZf7AnefRBarzNOQJzRWaT5shQKUGO
删除之前的仓库再运行,删除仓库并不会删除数据;
[root@node11 ~]# docker rm -f registry
registry
[root@node11 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@node11 ~]# docker run -d --name registry -p 443:443 -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v /root/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry此次运行加入了认证之后既有加密又有用户认证
f32565f2bc23f71dc816e0ea611249b7b1b4f9323f6153f85ebe0ed9ba7526c0
[root@node11 ~]# docker push reg.westos.org/game2048
Using default tag: latest
The push refers to repository [reg.westos.org/game2048]
88fca8ae768a: Preparing
6d7504772167: Preparing
192e9fad2abc: Preparing
36e9226e74f8: Preparing
011b303988d2: Preparing
no basic auth credentials 没有认证
[root@node11 ~]# docker login reg.westos.org
Username: zcx
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@node11 ~]# docker push reg.westos.org/game2048 认证后就可以上传
Using default tag: latest
The push refers to repository [reg.westos.org/game2048]
88fca8ae768a: Layer already exists
6d7504772167: Layer already exists
192e9fad2abc: Layer already exists
36e9226e74f8: Layer already exists
011b303988d2: Layer already exists
latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364
[root@node11 ~]# docker tag nginx:latest reg.westos.org/nginx:latest
[root@node11 ~]# docker push reg.westos.org/nginx:latest 上传nginx也成功
The push refers to repository [reg.westos.org/nginx]
d874fd2bc83b: Pushed
32ce5f6a5106: Pushed
f1db227348d0: Pushed
b8d6e692a25e: Pushed
e379e8aedd4d: Pushed
2edcec3590a4: Pushed
latest: digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 size: 1570
3).全功能的仓库搭建:harbor 仓库
此处用 harbor 的离线包来实现;也可以从https://github.com/goharbor/harbor/releases 上下载;
[root@node11 ~]# tar zxf harbor-offline-installer-v2.5.0.tgz
[root@node11 ~]# ls
anaconda-ks.cfg docker harbor-offline-installer-v2.5.0.tgz
auth docker-compose-linux-x86_64-v2.5.0 openssl11-1.1.1k-2.el7.x86_64.rpm
base-debian11.tar docker.conf openssl11-libs-1.1.1k-2.el7.x86_64.rpm
certs harbor
[root@node11 ~]# cd harbor/
[root@node11 harbor]# ls
common.sh harbor.v2.5.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@node11 harbor]# cp harbor.yml.tmpl harbor.yml
[root@node11 harbor]# vim harbor.yml
[root@node11 harbor]# ./install.sh --help--with-notary 做镜像签名信任, --with-clair 对镜像做扫描;--with-chartmuseum 用来存hub 的包;
Note: Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https.
Please set --with-trivy if needs enable Trivy in Harbor
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor
[root@node11 harbor]# ./install.sh --with-chartmuseum
[Step 0]: checking if docker is installed ...检测本机docker版本是否符合要求
Note: docker version: 20.10.17
[Step 1]: checking docker-compose is installed ... 缺少docker-compose
✖ Need to install docker-compose(1.18.0+) by yourself first and run this script again.
[root@node11 harbor]# mv /root/docker-compose-linux-x86_64-v2.5.0 /usr/local/bin/docker-compose
[root@node11 ~]# chmod +x /usr/local/bin/docker-compose
[root@node11 harbor]# ./install.sh --with-chartmuseum 再次运行脚本还有问题,在脚本中写的证书目录不存在
FileNotFoundError: [Errno 2] No such file or directory: '/hostfs/data/certs/westos.org.key'
[root@node11 ~]# mv certs/ /data移动证书目录
[root@node11 harbor]# ./install.sh --with-chartmuseum 再次运行仍有问题,容器registry名字冲突
Error response from daemon: Conflict. The container name "/registry" is already in use by container "d3147bbabb9272f2b627f14f8b948462dce4f1c007462d46b452a1687dc9864f". You have to remove (or rename) that container to be able to reuse that name.
[root@node11 harbor]# docker rm -f registry删除容器
registry
[root@node11 harbor]# docker-compose ps 此命令的用法类类似于docker,但是一定要在对应的目录中,会读取对应的文件,此文件为执行脚本之后生成的文件。 ##此时还可以看到其端口信息
NAME COMMAND SERVICE STATUS PORTS
chartmuseum "./docker-entrypoint…" chartmuseum created
harbor-db "/docker-entrypoint.…" postgresql created
harbor-log "/bin/sh -c /usr/loc…" log created
harbor-portal "nginx -g 'daemon of…" portal created
redis "redis-server /etc/r…" redis created
registryctl "/home/harbor/start.…" registryctl created
[root@node11 harbor]# docker-compose start 如果有未运行的,可以使用此命令使其运行
[root@node11 harbor]# docker-compose up -d 启动打入后台
[+] Running 10/10
⠿ Container registry Started 2.6s
⠿ Container harbor-core Started 3.5s
⠿ Container nginx Started 8.0s
⠿ Container harbor-jobservice Started 4.8s
⠿ Container harbor-log Started 0.3s
⠿ Container registryctl Started 1.8s
⠿ Container harbor-db Started 1.8s
⠿ Container redis Started 2.1s
⠿ Container chartmuseum Started 1.0s
⠿ Container harbor-portal Started 1.5s
接下来就可以访问了:
往仓库里上传镜像:
[root@node11 ~]# docker tag nginx:latest reg.westos.org/library/nginx:latest
[root@node11 ~]# docker push reg.westos.org/library/nginx:latest 上传时缺少认证
The push refers to repository [reg.westos.org/library/nginx]
d874fd2bc83b: Preparing
32ce5f6a5106: Preparing
f1db227348d0: Preparing
b8d6e692a25e: Preparing
e379e8aedd4d: Preparing
2edcec3590a4: Waiting
unauthorized: unauthorized to access repository: library/nginx, action: push: unauthorized to access repository: library/nginx, action: push
[root@node11 ~]# docker logout reg.westos.org 先将zcx用户登出
Removing login credentials for reg.westos.org
[root@node11 ~]# docker login reg.westos.org登陆admin用户
Username: admin
Password: westos
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@node11 ~]# docker push reg.westos.org/library/nginx:latest 上传成功
The push refers to repository [reg.westos.org/library/nginx]
d874fd2bc83b: Pushed
32ce5f6a5106: Pushed
f1db227348d0: Pushed
b8d6e692a25e: Pushed
e379e8aedd4d: Pushed
2edcec3590a4: Pushed
latest: digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 size: 1570
远程上传:
[root@node22 ~]# cd /etc/docker
[root@node22 docker]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
50783e0dfb64: Pull complete
Digest: sha256:98de1ad411c6d08e50f26f392f3bc6cd65f686469b7c22a85c7b5fb1b820c154
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
创建私有仓库并上传:
[root@node11 ~]# docker tag yakexi007/game2048:latest reg.westos.org/westos/game2048:latest
[root@node11 ~]# docker push reg.westos.org/westos/game2048:latest
The push refers to repository [reg.westos.org/westos/game2048]
88fca8ae768a: Pushed
6d7504772167: Pushed
192e9fad2abc: Pushed
36e9226e74f8: Pushed
011b303988d2: Pushed
latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364
删除远端的仓库:
[root@node22 docker]# docker rmi reg.westos.org/game2048
Untagged: reg.westos.org/game2048:latest
Untagged: reg.westos.org/game2048@sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Deleted: sha256:19299002fdbedc133c625488318ba5106b8a76ca6e34a6a8fec681fb54f5e4c7
Deleted: sha256:a8ba4f00c5b89c2994a952951dc7b043f18e5ef337afdb0d4b8b69d793e9ffa7
Deleted: sha256:e2ea5e1f4b9cfe6afb588167bb38d833a5aa7e4a474053083a5afdca5fff39f0
Deleted: sha256:1b2dc5f636598b4d6f54dbf107a3e34fcba95bf08a7ab5a406d0fc8865ce2ab2
Deleted: sha256:af457147a7ab56e4d77082f56d1a0d6671c1a44ded1f85fea99817231503d7b4
Deleted: sha256:011b303988d241a4ae28a6b82b0d8262751ef02910f0ae2265cb637504b72e36
[root@node22 docker]# docker rmi 192.168.0.11:5000/nginx:v4
Untagged: 192.168.0.11:5000/nginx:v4
Untagged: 192.168.0.11:5000/nginx@sha256:c3be65e3ffe25b9ffb13b0cff2a5760002f4d5e84b8758b040d7686fec292dc8
Deleted: sha256:17304c5b9302b27c4cc5ca0728c815fe8d46e1248fd34604df3eec7dc3a65de7
Deleted: sha256:0a88dd35c786f2699ed34fb7f4b95933804b384c4e2b8d74133945e060fec38e
Deleted: sha256:62fe0e1f278051c37e0e636c0f75aa114d0b156f5c9cf6f0e554e6206c31e1ee
Deleted: sha256:5b1fa8e3e100361047c8bcd5553ab6329b9c713c1d4eb87a646760329cea5b3a
[root@node22 docker]# docker pull reg.westos.org/westos/game2048:latest 拉取时需要认证
Error response from daemon: unauthorized: unauthorized to access repository: westos/game2048, action: pull: unauthorized to access repository: westos/game2048, action: pull
[root@node22 docker]# docker login reg.westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@node22 docker]# docker pull reg.westos.org/westos/game2048:latest认证之后就可以拉取了
latest: Pulling from westos/game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for reg.westos.org/westos/game2048:latest
reg.westos.org/westos/game2048:latest