创建和使用私有仓库
环境:
docker version:Docker version 1.7.1, build 786b29d/1.7.1
uname -a:Linux docker1 4.4.163-1.el6.elrepo.x86_64 #1 SMP Sat Nov 10 14:24:39 EST 2018 x86_64 x86_64 x86_64 GNU/Linux
docker1:192.168.88.129
docker2(registry):192.168.88.130
1.使用registry镜像创建私有仓库
[root@docker2 ~]# docker pull registry:2.2
Digest: sha256:a9128f456da044c4132c41973b065d2e2c46b04682c65f23dbb5d0c51071d595
Status: Downloaded newer image for registry:2.2
[root@docker2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE registry latest 642c5398c648 11 weeks ago 33.29 MB registry 2.2 1fff2b77d9b3 2 years ago 224.5 MB
2.启动私有仓库
默认情况下,会将仓库创建在容器的/tmp/registry目录下,具体位置可以等仓库创建完查看,我看到的镜像是存放在仓库的/var/lib/registry。可以通过-v参数来将镜像文件存放在本地的指定路径上。
下面将上传的镜像放到/opt/data/registry目录。
[root@docker2 ~]#docker run -d --name=my_registry -p 5000:5000 -v /opt/data/registry:/tmp/registry registry:2.2
ce5d8afbbe7c0b5500de159a74bf42bb2ce1fb2accc3fef70e608fa03201c48d
[root@docker2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ce5d8afbbe7c registry:2.2 "/bin/registry /etc/ 11 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp my_registry
仓库镜像存储位置查看:
[root@docker2 ~]# docker exec -it ce5d sh # # ls /tmp/registry # # find / -name registry /tmp/registry /var/lib/ucf/registry /var/lib/registry /var/lib/registry/docker/registry /etc/docker/registry /bin/registry # ls /var/lib/registry/docker/registry/v2/repositories centos test(centos和test是上传的镜像文件) #
另一种启动和创建registry的方式:
挂载卷的方式覆盖配置:
可以使用挂载卷的方式来用本地提前配置的文件取代仓库的配置文件
本地文件:/data/config.yml,较于仓库的config.yml文件添加了delect这一项,用于镜像删除。
docker run -d --name=my_registry_1 -p 5000:5000 -v /opt/data/registry:/var/lib/registry -v /data/config.yml:/etc/docker/registry/config.yml registry:2.2
cat config.yml version: 0.1 log: fields: service: registry storage: delete: enabled: true cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] health: storagedriver: enabled: true interval: 10s threshold: 3
3.镜像上传
先以以下参数来启动docker1上的docker服务:
[root@docker1 ~]# docker -d --insecure-registry 192.168.88.130:5000 &
[1] 4035
[root@docker1 ~]# INFO[0000] Listening for HTTP on unix (/var/run/docker.sock)
INFO[0000] [graphdriver] using prior storage driver "devicemapper"
WARN[0000] Running modprobe bridge nf_nat failed with message: , error: exit status 1
INFO[0000] Loading containers: start.
......
INFO[0000] Loading containers: done.
INFO[0000] Daemon has completed initialization
INFO[0000] Docker daemon commit=786b29d/1.7.1 execdriver=native-0.2 graphdriver=devicemapper version=1.7.1
在我这台机器上不使用'--insecure-registry 192.168.88.130:5000 '参数启动docker服务,上传镜像时会出现以下报错
Error response from daemon: invalid registry endpoint https://192.168.88.130:3000/v0/: unable to ping registry endpoint https://192.168.88.130:3000/v0/
v2 ping attempt failed with error: Get https://192.168.88.130:3000/v2/: dial tcp 192.168.88.130:3000: connection refused
v1 ping attempt failed with error: Get https://192.168.88.130:3000/v1/_ping: dial tcp 192.168.88.130:3000: connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate,
please add `--insecure-registry 192.168.88.130:3000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag;
simply place the CA certificate at /etc/docker/certs.d/192.168.88.130:3000/ca.crt
修改一下该镜像的tag标识
[root@docker1 ~]# docker tag test 192.168.88.130:5000/test
镜像查看
[root@docker1 ~]# docker images INFO[0089] GET /v1.19/images/json REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE sshd centos6.6 2fc5a70673de 20 hours ago 247.1 MB 192.168.88.130:5000/test latest d71fc6939e16 12 days ago 86.18 MB ubuntu latest d71fc6939e16 12 days ago 86.18 MB centos 6.6 b68d4c55c484 7 weeks ago 202.6 MB centos latest ea4b646d9000 7 weeks ago 200.4 MB
上传镜像:
[root@docker1 ~]# docker push 192.168.88.130:5000/test
查看私有仓库里的镜像
[root@docker1 ~]# curl -XGET http://192.168.88.130:5000/v2/_catalog {"repositories":["test"]}
4.测试
删除现有的标签和镜像
[root@docker1 ~]# docker rmi 192.168.88.130:5000/test
[root@docker1 ~]# docker rmi d71fc
[root@docker1 ~]# docker images
INFO[2205] GET /v1.19/images/json REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE sshd centos6.6 2fc5a70673de 21 hours ago 247.1 MB ubuntu latest d71fc6939e16 12 days ago 86.18 MB 192.168.88.130:5000/test latest d71fc6939e16 12 days ago 86.18 MB centos 6.6 b68d4c55c484 7 weeks ago 202.6 MB centos latest ea4b646d9000 7 weeks ago 200.4 MB
从私有仓库中下载该镜像:
[root@docker1 ~]# docker pull 192.168.88.130:5000/test
[root@docker1 ~]# docker images INFO[2281] GET /v1.19/images/json REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE sshd centos6.6 2fc5a70673de 21 hours ago 247.1 MB 192.168.88.130:5000/test latest d71fc6939e16 12 days ago 86.18 MB centos 6.6 b68d4c55c484 7 weeks ago 202.6 MB centos latest ea4b646d9000 7 weeks ago 200.4 MB
5.registry镜像删除
用docker run -d --name=my_registry_1 -p 5000:5000 -v /opt/data/registry:/var/lib/registry -v /data/config.yml:/etc/docker/registry/config.yml registry:2.2 创建的my_registry_1可以删除镜像,当然也可以同过修改/etc/docker/registry/config.yml
来达到删除镜像的目的。
方案一
curl -I -X DELETE <protocol>://<registry_host>/v2/<repo_name>/manifests/<digest_hash>
方案二
docker exec -ti rm -rf /var/lib/registry/docker/registry/v2/repositories/<image_name>
registry2.2不具备镜像回收机制
docker exec -it my_registry_1 /bin/registry garbage-collect /etc/docker/registry/config.yml
Docker Registry v2.4.0
Garbage Collector
A garbage collector tool has been added to the registry. For more details see the garbage collector documentation.
