docker私有仓库操作(搭建、运行、添加、删除)

目录

• 运行私有仓库
  • TIPS:
• 上传
  • 把镜像放入私有仓库
  • 验证
• 查看
  • TIPS：
• 垃圾回收
• 问题排查

参考：https://yeasy.gitbooks.io/docker_practice/content/repository/registry.html

运行私有仓库

直接用docker的方式运行registry镜像省了搭建步骤

$ docker run -d 
    -p 5000:5000 
    -v /opt/data/registry:/var/lib/registry 
    registry

---

TIPS:

数据目录和库文件目录可以自己设置，甚至可以给私有仓库取名字,如下：

$ docker run -d -p 5000:5000 --privileged=true -v /home/.registry/data:/home/.registry/lib  --restart=always --name pirvi_registry registry

指定了名字之后，如果想重启，可以使用命令：

$ docker restart pirvi_registry

如果是执行run的话相当于启动了一个新的容器，容器ID就会变，如果还是使用刚才的参数并且--name相同，那么会报如下错误：

docker: Error response from daemon: Conflict. The container name "/pirvi_registry" is already in use by container "194a22f33b1af366f036cc7691a1d1d918e55150bbc170e8e8fd171e52f0f273". You have to remove (or rename) that container to be able to reuse that name.

因此如果要重新启动容器请使用docker restart [name]命令。

---

上传

把镜像放入私有仓库

$ docker image ls
REPOSITORY                        TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
ubuntu                            latest              ba5877dc9bec        6 weeks ago         192.7 MB
$ docker tag ubuntu:latest 127.0.0.1:5000/ubuntu:latest
$ docker image ls
REPOSITORY                        TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
ubuntu                            latest              ba5877dc9bec        6 weeks ago         192.7 MB
127.0.0.1:5000/ubuntu:latest      latest              ba5877dc9bec        6 weeks ago         192.7 MB

验证

$ docker image rm 127.0.0.1:5000/ubuntu:latest

$ docker pull 127.0.0.1:5000/ubuntu:latest
Pulling repository 127.0.0.1:5000/ubuntu:latest
ba5877dc9bec: Download complete
511136ea3c5a: Download complete
9bad880da3d2: Download complete
25f11f5fb0cb: Download complete
ebc34468f71d: Download complete
2318d26665ef: Download complete

$ docker image ls
REPOSITORY                         TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
127.0.0.1:5000/ubuntu:latest       latest              ba5877dc9bec        6 weeks ago         192.7 MB

查看

查看私有仓库中的镜像

$ curl 127.0.0.1:5000/v2/_catalog
{"repositories":["ubuntu","nginx"]}

查看具体的某个镜像的版本

[root@kub2 ~]# curl 127.0.0.1:5000/v2/nginx/tags/list
{"name":"nginx","tags":["1.7.9"]}

有人写了现成的脚本:查看仓库镜像脚本

查看某个镜像的sha256值：

curl -v --silent "127.0.0.1:5000/v2/nginx/manifests/1.7.9" 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}'

删除私有仓库的镜像

$ curl -I -X DELETE http://127.0.0.1:5000/v2/fbgweb/manifests/sha256:6a67ba482a8dd4f8143ac96b1dcffa5e45af95b8d3e37aeba72401a5afd7ab8e

---

TIPS：

这里需要注意：
1 这里的删除镜像只是删除了一些元数据，需要执行下面的垃圾回收才能真正地从硬盘上删除镜像数据。
2 因为缺省Docker private registry不允许删除镜像，如果遇到“405 Unsupported” 错误，需要在运行registry容器时设置REGISTRY_STORAGE_DELETE_ENABLED环境变量或参数为true。
错误信息如下：

HTTP/1.1 405 Method Not Allowed
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Wed, 28 Aug 2019 07:31:34 GMT
Content-Length: 78

docker-compose.yaml 例子：

 environment:
    REGISTRY_STORAGE_DELETE_ENABLED: "true"

docker run 例子：

-e REGISTRY_STORAGE_DELETE_ENABLED="true"

另外, 要删除的镜像的sha256也可以从docker pull该镜像之后的打印中获得：

$ docker push 127.0.0.1:5000/radial/busyboxplus:curl
The push refers to repository [127.0.0.1:5000/radial/busyboxplus]
5f70bf18a086: Mounted from nginx 
430380561a4f: Pushed 
165264a81ac2: Pushed 
curl: digest: sha256:ef538eae80f40015736f1ee308d74b4f38f74e978c65522ce64abdf8c8c5e0d6 size: 1765

---

垃圾回收

查看私有仓库的容器

$ docker ps
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS              PORTS                    NAMES
194a22f33b1a        registry               "/entrypoint.sh /etc…"   4 days ago          Up 4 days           0.0.0.0:5000->5000/tcp   pirvi_registry                                 

用tty登录到容器

$ docker exec -it 194a22f33b1a /bin/sh

执行垃圾回收命令

~ # registry garbage-collect /etc/docker/registry/config.yml 
31 blobs marked, 5 blobs eligible for deletion
blob eligible for deletion: sha256:5e7cf06c8745d0985f94191c60aad8b87371c8a674162525bff0efccdb805931
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/5e/5e7cf06c8745d0985f94191c60aad8b87371c8a674162525bff0efccdb805931  go.version=go1.7.6 instance.id=c38f4c35-9914-4b77-a59f-ea584137fae0
...

问题排查

1. push到127.0.0.1:500/XXX没有问题，但是别的服务器push到私服报错：“The push refers to repository [192.168.15.175:5000/centos]
   Get https://192.168.15.175:5000/v2/: http: server gave HTTP response to HTTPS client”
   解决办法：
   在/etc/docker/daemon.json文件中添加" "insecure-registries": ["192.168.15.175:5000"]"一句

{
  ......
  "insecure-registries": ["192.168.15.175:5000"],
 ......
}

然后重启docker

$ systemctl restart docker.service