[Docker] Docker 私有倉庫搭建教程(帶使用者驗證)
阿新 • • 發佈:2018-12-26
1. 基礎環境
作業系統:CentOS/Redhat 7 x86-64
Docker:1.12.6
2. 搭建步驟(伺服器端)
2.1 下載 Registry 映象
# docker pull registry:2.5
2.2 生成 使用者名稱/密碼 訪問金鑰 (這裡設定使用者名稱 abc , 密碼 abc123)
2.3 設定配置檔案,啟用刪除映象功能(也可以不啟用,看業務需要,修改 storage - delete - enable 為 false 即可)# mkdir -p /opt/registry-var/auth/ # docker run --entrypoint htpasswd registry:2.5 -Bbn abc abc123 >> /opt/registry-var/auth/htpasswd
# mkdir -p /opt/registry-var/config
# vim /opt/registry-var/config/config.yml
2.4 啟動服務(這裡將映象路徑對映到宿主機的 /opt/registry-var/ 資料夾下,可以根據需要修改)version: 0.1 log: fields: service: registry storage: delete: enabled: true cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] health: storagedriver: enabled: true interval: 10s threshold: 3
3. 使用步驟(客戶端)# docker run -d -p 5000:5000 --restart=always --name=registry\ -v /opt/registry-var/config/:/etc/docker/registry/ \ -v /opt/registry-var/auth/:/auth/ \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -v /opt/registry-var/:/var/lib/registry/ \ registry:2.5
3.1 開啟 http 形式訪問私有倉庫模式
# vim /etc/docker/daemon.json
# systemctl daemon-reload
# systemctl restart docker
3.2 上傳映象到私有倉庫(以 ubuntu:14.04 為例)
# docker tag ubuntu:14.04 192.9.100.127:5000/ubuntu:14.04
# docker login 192.9.100.127:5000
# docker push 192.9.100.127:5000/ubuntu:14.04
3.3 下載映象
# docker pull 192.9.100.127:5000/ubuntu:14.04
4. 額外操作
4.1 查詢私有倉庫映象
# curl -u abc:abc123 http://192.9.100.127:5000/v2/_catalog
# curl -u abc:abc123 http://192.9.100.127:5000/v2/ubuntu/tags/list
4.2 刪除私有倉庫映象(不推薦)
a. 僅刪除映象某個版本 (以ubuntu:14.04為例)
a.1 首先拿到digest_hash 引數
# curl -u abc:abc123 --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET http://192.9.100.127:5000/v2/ubuntu/manifests/14.04
a.2 刪除映象清單
# curl -u abc:abc123 -I -X DELETE http://192.9.100.127:5000/v2/ubuntu/manifests/sha256:2db86761fb24843ed0741646573e14aa4262daf6f78186e61cb0c2ae5d414a52
a.3 清理檔案系統
# docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml
b 刪除某映象所有版本
# docker exec registry rm -rf /var/lib/registry/docker/registry/v2/repositories/ubuntu
# docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml
刪除後需要重啟registry容器
儘量不要刪除映象,以免損壞Layer,更新映象直接上傳覆蓋即可