docker-ce私有倉庫搭建
阿新 • • 發佈:2018-01-31
-i kernel perf process fault 系統 status secure nco 說明:本文中私有倉庫的ip地址為10.10.172.203:5000,操作系統為CentOS7.2;
服務端:10.10.172.203/24
1、從Docker官方倉庫裏下載registry鏡像
# docker pull registry
2、docker images命令查看本地鏡像;
[root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest d1fd7d86a825 2 weeks ago 33.3MB
默認情況下,會將私有倉庫存放於容器內的/tmp/registry目錄下,這樣如果容器被刪除,則存放於容器中的鏡像也會丟失。
所以一般情況下會指定本地一個目錄掛載到容器內的/tmp/registry下,命令如下:
docker run -d -it --restart always --name docker-hub -p 5000:5000 -v /docker-hub/registry:/var/lib/registry registry
查看容器運行
[root@docker ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 048805afbcf1 registry "/entrypoint.sh /etc…" 11 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp docker-hub
由上可以看到,已經啟動了一個容器,地址為:10.10.172.203:5000。
3、由於倉庫與客戶端的https問題,需要修改/usr/lib/systemd/system/docker.service文件,添加 ExecStart=/usr/bin/dockerd --registry-mirror=http://019a7061.m.daocloud.io --insecure-registry 10.10.172.203:5000
[root@docker ~]# cat /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd --storage-driver=devicemapper --storage-opt=dm.thinpooldev=/dev/mapper/docker-thinpool --storage-opt dm.use_deferred_removal=true --registry-mirror=http://019a7061.m.daocloud.io --insecure-registry 10.10.172.203:5000 ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process # restart the docker process if it exits prematurely Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target [root@docker ~]# 或者 [root@docker ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["http://df98fb04.m.daocloud.io"], "insecure-registries":["10.10.172.203:5000"] } [root@docker ~]# 重新加載docker服務 [root@docker ~]# systemctl daemon-reload [root@docker ~]# systemctl restart docker 註:因為Docker從1.3.X之後,與docker registry交互默認使用的是https,然而此處搭建的私有倉庫只提供http服務,所以當與私有倉庫交互時就會報上面的錯誤。 為了解決這個問題需要在啟動docker server時增加啟動參數為默認使用http訪問。 需要在docker的配置文件/etc/sysconfig/docker (ubuntu系統中的docker配置文件時/etc/default/docker )添加參數“--insecure-registry=10.10.172.203:5000”。 溫馨提示: 這個是在客戶機的docker配置文件裏添加的(即上傳鏡像到私有倉庫裏或從私有倉庫下載鏡像的客戶機)。
4、重新啟動docker。(如果是在虛擬機中運行,重啟一下虛擬機,要不然還是使用其他機器訪問此倉庫還是會有https的問題)
# systemctl restart docker
5、docker tag將鏡像打tag,語法格式如下
docker tag <image_name> <registry_ip>:5000/<image_name>:<version>
# docker tag centos:latest 10.10.172.203:5000/centos7 //修改了tag後的鏡像若要刪除,docker rmi後面不能用鏡像ID了,需要用docker rmi 10.10.172.203:5000/centos7:latest
[root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest d1fd7d86a825 3 weeks ago 33.3MB 10.10.172.203:5000/centos7 latest ff426288ea90 3 weeks ago 207MB centos latest ff426288ea90 3 weeks ago 207MB
6、鏡像的上傳與下載,語法格式如下
docker push <registry_ip>:5000/<image_name>:<version>;上傳鏡像至私有倉庫 docker pull <registry_ip>:5000/<image_name>:<version>;從私有倉庫pull鏡像
# docker push 10.10.172.203:5000/centos7
[root@docker ~]# docker push 10.10.172.203:5000/centos7 The push refers to repository [10.10.172.203:5000/centos7] e15afa4858b6: Pushed latest: digest: sha256:7e94d6055269edb455bcfb637292573117e4a8341e9b9abbc09b17d8aafe8fbe size: 529 [root@docker ~]#
7、使用curl 10.10.172.203:5000/v2/_catalog 查看倉庫中的鏡像情況
[root@docker ~]# curl 10.10.172.203:5000/v2/_catalog {"repositories":["centos7"]} [root@docker ~]#
註意查看鏡像方法(docker pull registry:2.1.1):
# curl -XGET http://registry_ip:5000/v2/_catalog # curl -XGET http://registry_ip:5000/v2/image_name/tags/list
客戶端下載私有倉庫鏡像:
配置docker信任私有倉庫地址(http)
[root@localhost ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["http://df98fb04.m.daocloud.io"], "insecure-registries":["10.10.172.203:5000"] }
2.查看客戶端本機鏡像列表
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos latest ff426288ea90 3 weeks ago 207MB
3.從私有倉庫下載centos鏡像
[root@localhost ~]# docker pull 10.10.172.203:5000/centos7 Using default tag: latest latest: Pulling from centos7 Digest: sha256:7e94d6055269edb455bcfb637292573117e4a8341e9b9abbc09b17d8aafe8fbe Status: Downloaded newer image for 10.10.172.203:5000/centos7:latest
4.再次查看客戶端本機鏡像列表
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 10.10.172.203:5000/centos7 latest ff426288ea90 3 weeks ago 207MB centos latest ff426288ea90 3 weeks ago 207MB [root@localhost ~]#
總結:使用企業內部私有鏡像倉庫中的鏡像,大大節省了鏡像下載的時間。
docker-ce私有倉庫搭建