一、Registry私有仓库搭建与部署
1.1、Registry部署
1)下载registry镜像
[root@docker01 ~]# docker pull registry Using default tag: latest latest: Pulling from library/registry c87736221ed0: Pull complete 1cc8e0bb44df: Pull complete 54d33bcb37f5: Pull complete e8afc091c171: Pull complete b4541f6d3db6: Pull complete Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146 Status: Downloaded newer image for registry:latest docker.io/library/registry:latest
2)创建registry容器
[root@docker01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx alpine a624d888d69f 6 days ago 21.5MB centos 6.9 2199b8eb8390 8 months ago 195MB registry latest f32a97de94e1 8 months ago 25.8MB [root@docker01 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry [root@docker01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a4041df96c54 registry "/entrypoint.sh /etc…" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp registry
3)推送镜像至仓库
#给镜像打标签
[root@docker01 ~]# docker tag centos:6.9 192.168.11.10:5000/centos:6.9
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx alpine a624d888d69f 6 days ago 21.5MB
192.168.11.10:5000/centos 6.9 2199b8eb8390 8 months ago 195MB
centos 6.9 2199b8eb8390 8 months ago 195MB
registry latest f32a97de94e1 8 months ago 25.8MB
#推送镜像只仓库
[root@docker01 ~]# docker push 192.168.11.10:5000/centos:6.9
The push refers to repository [192.168.11.10:5000/centos]
Get https://192.168.11.10:5000/v2/: http: server gave HTTP response to HTTPS client
#第一次推送镜像会报如上的错误
解决方法:
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"], #注意有逗号
"insecure-registries": ["192.168.11.10:5000"]
}
#重启docker,再次推送
[root@docker01 ~]# systemctl restart docker
[root@docker01 ~]# docker push 192.168.11.10:5000/centos:6.9
The push refers to repository [192.168.11.10:5000/centos]
aaa5621d7c01: Pushed
6.9: digest: sha256:7e172600dff1903f186061ce5f5295664ec9942ca120e4e5b427ddf01bb2b35b size: 529
4)另一台测试拉取镜像(需要安装docker)
#添加仓库地址
[root@docker02 ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.11.10:5000"]
}
#重启docker
[root@docker02 ~]# systemctl restart docker
#拉取镜像
[root@docker02 ~]# docker pull 192.168.11.10:5000/centos:6.9
6.9: Pulling from centos
831490506c47: Pull complete
Digest: sha256:7e172600dff1903f186061ce5f5295664ec9942ca120e4e5b427ddf01bb2b35b
Status: Downloaded newer image for 192.168.11.10:5000/centos:6.9
192.168.11.10:5000/centos:6.9
1.2、仓库basic认证
#创建账号密码 [root@docker01 ~]# yum install httpd-tools -y [root@docker01 ~]# mkdir /opt/registry-var/auth/ -p [root@docker01 ~]# htpasswd -Bbn oldboy 123456 >> /opt/registry-var/auth/htpasswd #创建容器 [root@docker01 ~]# docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry #测试 [root@docker01 ~]# docker push 192.168.11.10:5000/centos:6.9 The push refers to repository [192.168.11.10:5000/centos] aaa5621d7c01: Preparing no basic auth credentials ##提示没有认证,需要登录后才能push [root@docker01 ~]# docker login 192.168.11.10:5000 #需要登录 Username: oldboy Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker01 ~]# docker tag nginx:alpine 192.168.11.10:5000/nginx:alpine #打标签 [root@docker01 ~]# docker push 192.168.11.10:5000/nginx:alpine The push refers to repository [192.168.11.10:5000/nginx] f4cef7054e83: Pushed 77cae8ab23bf: Pushed alpine: digest: sha256:2993f9c9a619cde706ae0e34a1a91eb9cf5225182b6b76eb637392d2ce816538 size: 739 #每次docker login很麻烦,可以把生成的配置文件传送给其他服务器(/root/.docker/config.json) [root@docker01 ~]# scp -rp /root/.docker/ 192.168.11.11:/root/ [root@docker02 .docker]# docker pull 192.168.11.10:5000/nginx:alpine alpine: Pulling from nginx 89d9c30c1d48: Pull complete 24f1c4f0b2f4: Pull complete Digest: sha256:2993f9c9a619cde706ae0e34a1a91eb9cf5225182b6b76eb637392d2ce816538 Status: Downloaded newer image for 192.168.11.10:5000/nginx:alpine 192.168.11.10:5000/nginx:alpine
1.3、查看仓库镜像
#方式一:查看目录
[root@docker01 ~]# ll /opt/myregistry/docker/registry/v2/repositories/ #查看镜像个数
drwxr-xr-x 5 root root 55 Nov 26 10:40 centos
drwxr-xr-x 5 root root 55 Nov 26 11:06 nginx
[root@docker01 ~]# ll /opt/myregistry/docker/registry/v2/repositories/centos/_manifests/tags/ #镜像版本信息
drwxr-xr-x 4 root root 34 Nov 26 10:40 6.9
#方式二:浏览器访问
http://192.168.11.10:5000/v2/_catalog
http://192.168.11.10:5000/v2/nginx/tags/list
#方式三:wget方法(可以安装jq ==>json分析工具,需要epel源)
[root@docker01 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@docker01 ~]# yum install jq -y
#查看镜像文件
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/_catalog
{"repositories":["centos","nginx"]}
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/_catalog|jq .
{
"repositories": [
"centos",
"nginx"
]
}
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/_catalog|jq .repositories
[
"centos",
"nginx"
]
#查看镜像版本
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/nginx/tags/list|jq .
{
"name": "nginx",
"tags": [
"alpine"
]
}
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/nginx/tags/list|jq .tags
[
"alpine"
]
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/nginx/tags/list|jq .tags[]
"alpine"
#方法四:curl命令
# curl -XGET http://registry_ip:5000/v2/_catalog
# curl -XGET http://registry_ip:5000/v2/image_name/tags/list
[root@docker01 ~]# curl -XGET http://192.168.11.10:5000/v2/_catalog
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
[root@docker01 ~]# curl -XGET --user oldboy:123456 http://192.168.11.10:5000/v2/_catalog
{"repositories":["centos","nginx"]}
[root@docker01 ~]# curl -XGET --user oldboy:123456 http://192.168.11.10:5000/v2/nginx/tags/list
{"name":"nginx","tags":["alpine"]}
1.4、仓库镜像删除
参考文档:https://www.qstack.com.cn/archives/350.html
方法比较麻烦,推荐使用harbor私有化仓库
#进入容器 [root@docker01 ~]# docker exec -it zealous_leakey /bin/sh / # #查看当前大小 / # du -smh /var/lib/registry/ 75.4M /var/lib/registry/ #删除镜像 / # rm -fr /var/lib/registry/docker/registry/v2/repositories/centos/ / # du -smh /var/lib/registry/ ##空间并没有删除 75.3M /var/lib/registry/ #垃圾回收 / # registry garbage-collect /etc/docker/registry/config.yml / # du -smh /var/lib/registry/ 8.4M /var/lib/registry/ / #