私有Docker Registry搭建
- 依据《CentOS7实验机模板搭建部署》部署一台实验机:registry 192.168.77.200
- 依据《CentOS7部署安装Docker和Docker Compose工具简录》部署安装Docker环境
# 运行registry容器,并将其数据目录挂载到本地
docker pull registry:2.7
docker run -d -p 5000:5000 --restart always --name registry \
-v /opt/data/registry:/var/lib/registry registry:2.7
本机上传和拉取测试
- 本机上传测试,从公网拉取镜像,修改tag并上传到Registry
docker pull centos:6
docker tag centos:6 localhost:5000/centos:6
docker push localhost:5000/centos:6
curl localhost:5000/v2/_catalog
- 本机上传测试,使用主机名或者主机IP标记镜像并上传
sed -i "s/^.*registry-mirrors.*$/&\n ,\"insecure-registries\": [\"$(hostname):5000\",\"$(hostname -i):5000\"]/g" /etc/docker/daemon.json
# 注意,要在镜像加速配置行下方插入一行,并且以逗号分隔
sed -i 's|^\[Service\]$|&\nEnvironmentFile=-/etc/docker/daemon.json|g' /lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker
docker tag centos:6 $(hostname):5000/centos:6
docker tag centos:6 $(hostname -i):5000/centos:6
docker push $(hostname):5000/centos:6
docker push $(hostname -i):5000/centos:6
curl localhost:5000/v2/_catalog
- 本机拉取测试
docker rmi centos:6
docker rmi $(hostname):5000/centos:6
docker rmi $(hostname -i):5000/centos:6
docker rmi localhost:5000/centos:6
docker pull $(hostname):5000/centos:6
docker pull $(hostname -i):5000/centos:6
仓库浏览和镜像删除
- 开启镜像删除功能
# 需要逐条复制执行
docker exec -it registry sh -c 'cat /etc/docker/registry/config.yml'
docker exec -it registry sh -c "sed -i '/storage:/a\ delete:' /etc/docker/registry/config.yml"
docker exec -it registry sh -c "sed -i '/delete:/a\ enabled: true' /etc/docker/registry/config.yml"
docker exec -it registry sh -c 'cat /etc/docker/registry/config.yml'
docker restart registry
- 仓库浏览
curl localhost:5000/v2/_catalog
curl localhost:5000/v2/centos/tags/list
- 获取镜像的hash信息
curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-X GET localhost:5000/v2/centos/manifests/6 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}'
- 删除镜像的元数据
curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-X DELETE localhost:5000/v2/centos/manifests/sha256:9aae95c8043f4e401178d68006756dc68982ae6d0693b71a714754227ce0abc6
# 执行垃圾回收,最终删除镜像数据
docker exec -it registry /bin/registry garbage-collect /etc/docker/registry/config.yml
仓库浏览和镜像删除的简易脚本
- 显示所有仓库
# 需要开启镜像删除功能
# 安装json格式解析命令jq
yum -y install jq
# 显示所有仓库
echo "Repositories:";curl -s localhost:5000/v2/_catalog |jq '.repositories[]'|sed 's/"/ /g'
- 显示所有仓库的所有镜像
Repos=$(curl -s localhost:5000/v2/_catalog |jq '.repositories[]'|sed 's/"//g')
for Repo in ${Repos}
do
Tags=$(curl -s localhost:5000/v2/${Repo}/tags/list|jq '.tags[]'|sed 's/"//g')
for Tag in ${Tags};do echo "$(hostname):5000/${Repo}:${Tag}";done
done
- 删除特定镜像
Image=registry:2.0
Repo=$(echo ${Image}|awk -F':' '{print $1}')
Tag=$(echo ${Image}|awk -F':' '{print $2}')
HashValue=$(curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-X GET localhost:5000/v2/${Repo}/manifests/${Tag} 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}')
Url="http://localhost:5000/v2/${Repo}/manifests/${HashValue}"
Url=${Url%$'\r'}
curl -v --silent -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' -X DELETE ${Url}
docker exec -it registry /bin/registry garbage-collect /etc/docker/registry/config.yml &>/dev/null
- 删除所有镜像
Repos=$(curl -s localhost:5000/v2/_catalog |jq '.repositories[]'|sed 's/"//g')
for Repo in ${Repos}
do
Tags=$(curl -s localhost:5000/v2/${Repo}/tags/list|jq '.tags[]'|sed 's/"//g')
for Tag in ${Tags}
do
HashValue=$(curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-X GET localhost:5000/v2/${Repo}/manifests/${Tag} 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}')
Url="http://localhost:5000/v2/${Repo}/manifests/${HashValue}"
Url=${Url%$'\r'}
curl -v --silent -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' -X DELETE ${Url}
done
done
docker exec -it registry /bin/registry garbage-collect /etc/docker/registry/config.yml &>/dev/null
- 如果tag符合一定规则,如按时间先后排序的数字型tag,保留镜像的近期三个版本
Repos=$(curl -s localhost:5000/v2/_catalog |jq '.repositories[]'|sed 's/"//g')
for Repo in ${Repos}
do
curl -s localhost:5000/v2/${Repo}/tags/list|jq '.tags[]'|sed 's/"//g'>/tmp/.TAGs
Tags=$(sort -nr /tmp/.TAGs|sed -n '4,$p')
rm -f /tmp/.TAGs
echo "${Repo}"
echo "${Tags}"
for Tag in ${Tags}
do
HashValue=$(curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-X GET localhost:5000/v2/${Repo}/manifests/${Tag} 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}')
Url="http://localhost:5000/v2/${Repo}/manifests/${HashValue}"
Url=${Url%$'\r'}
curl -v --silent -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' -X DELETE ${Url}
done
done
docker exec -it registry /bin/registry garbage-collect /etc/docker/registry/config.yml &>/dev/null
- 注意:
该容器存在bug:某个镜像删除后再次上传则会出问题,镜像文件不会上传,变更tag依然无法上传
查看 localhost:5000/v2/${Repo}/tags/list 能够显示出来相应的版本号,但是无法再次删除,导致脚本出问题
或者是删除操作没有百度对正确方法
客户端主机上传和拉取测试
echo '192.168.77.200 registry'>>/etc/hosts
sed -i "s/^.*registry-mirrors.*$/&\n ,\"insecure-registries\": [\"registry:5000\",\"192.168.77.200:5000\"]/g" /etc/docker/daemon.json
# 注意,要在镜像加速配置行下方插入一行,并且以逗号分隔
sed -i 's|^\[Service\]$|&\nEnvironmentFile=-/etc/docker/daemon.json|g' /lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker
docker pull registry:5000/centos:6
docker pull wordpress
docker tag wordpress registry:5000/wordpress
docker push registry:5000/wordpress
[TOC]