Docker私有库搭建过程

Posted by 聪少 on 2018-08-08

我们知道Docker官方提供了一个公有的registry服务–Docker Hub。但是在实际企业内部可能有些镜像不便放到公网上,所以Docker也提供了私有registry来让有需要的用户自己搭建私有仓库。本文就来简单介绍一下Docker Registry的搭建。

基础环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@web-helm-6 ~]# uname -a
Linux web-helm-6 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@web-helm-6 ~]# docker version
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-68.gitdded712.el7.centos.x86_64
Go version: go1.9.4
Git commit: dded712/1.13.1
Built: Tue Jul 17 18:34:48 2018
OS/Arch: linux/amd64

Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-68.gitdded712.el7.centos.x86_64
Go version: go1.9.4
Git commit: dded712/1.13.1
Built: Tue Jul 17 18:34:48 2018
OS/Arch: linux/amd64
Experimental: false

下载Registry镜像

1
docker pull registry
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@web-helm-6 ~]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ...
latest: Pulling from docker.io/library/registry
4064ffdc82fe: Pull complete
c12c92d1c5a2: Pull complete
4fbc9b6835cc: Pull complete
765973b0f65f: Pull complete
3968771a7c3a: Pull complete
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for docker.io/registry:latest
[root@web-helm-6 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest b2b03e9146e1 4 weeks ago 33.3 MB

启动

1
2
mkdir -p /root/date/registry
docker run -d --name registry -p 5000:5000 -v /root/date/registry:/var/lib/registry registry
1
2
3
[root@web-helm-6 ~]# mkdir -p /root/date/registry
[root@web-helm-6 ~]# docker run -d --name registry -p 5000:5000 -v /root/date/registry:/var/lib/registry registry
9055fc8beb539a3911aa09994186aa4dfd5197a976e2920255d4f276aee8121a
  • -d 后台运行
  • –name 给服务命名
  • -p 指定端口
  • -v把registry的镜像路径/var/lib/registry映射到本机的/mnt/date/registry

检查端口正常启动,nice

1
2
3
4
5
6
[root@web-helm-6 ~]# netstat -anp | grep 5000
tcp6 0 0 :::5000 :::* LISTEN 280998/docker-proxy

[root@web-helm-6 ~/date/registry]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c79a57dadba8 registry "/entrypoint.sh /e..." 3 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp registry

修改docker配置文件

1
vim /etc/sysconfig/docker

在文件中加入下面信息

1
2
3
ADD_REGISTRY='--add-registry 10.77.0.130:5000'

INSECURE_REGISTRY='--insecure-registry 10.77.0.130:5000'
注意:上面的IP地址是Docker Registry的监听地址,需要替换成自己的

重启Docker和服务

1
2
[root@web-helm-6 ~]# systemctl daemon-reload
[root@web-helm-6 ~]# systemctl restart docker

上传镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@web-helm-6 ~]# docker pull busybox
Using default tag: latest
Trying to pull repository docker.io/library/busybox ...
latest: Pulling from docker.io/library/busybox
8c5a7da1afbc: Pull complete
Digest: sha256:cb63aa0641a885f54de20f61d152187419e8f6b159ed11a251a09d115fdff9bd
Status: Downloaded newer image for docker.io/busybox:latest

[root@web-helm-6 ~]# docker tag busybox 10.77.0.130:5000/busybox
[root@web-helm-6 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.77.0.130:5000/busybox latest e1ddd7948a1c 7 days ago 1.16 MB
docker.io/busybox latest e1ddd7948a1c 7 days ago 1.16 MB
docker.io/registry latest b2b03e9146e1 4 weeks ago 33.3 MB
注意:上面的IP地址是Docker Registry的监听地址,需要替换成自己的
1
2
3
4
[root@web-helm-6 ~/date/registry]# docker push 10.77.0.130:5000/busybox
The push refers to a repository [10.77.0.130:5000/busybox]
f9d9e4e6e2f0: Pushed
latest: digest: sha256:5e8e0509e829bb8f990249135a36e81a3ecbe94294e7a185cc14616e5fad96bd size: 527

测试服务

1
2
[root@web-helm-6 ~/date/registry]#  curl  10.77.0.130:5000/v2/_catalog
{"repositories":["busybox"]}

OK ! 非用户认证的到此为止!
如果需要账户认证的请继续:

注意: 下面是配置账户认证的registry服务,可以把之前配置的服务给stop、rm掉 docker stop registry; docker rm registry

设置账户密码

1
2
mkdir -p /root/date/registry/auth/
docker run --entrypoint htpasswd registry:latest -Bbn username passwd >> /root/date/registry/auth/htpasswd

设置配置

1
2
[root@web-helm-6 ~/date]# mkdir -p /root/date/registry/config
[root@web-helm-6 ~/date]# vim /root/date/registry/config/config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3

启动服务

1
2
3
4
5
6
7
8
docker run -d --name registry -p 5000:5000 --restart=always  --name=registry\
-v /root/date/registry/config/:/etc/docker/registry/ \
-v /root/date/registry/auth/:/auth/ \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /root/date/registry:/var/lib/registry/ \
registry:latest

登录服务

1
2
3
4
[root@web-helm-6 ~/date]# docker login  10.77.0.130:5000
Username: username
Password:
Login Succeeded

测试

和之前一样的测试方式,不过curl需要加上用户名和密码:

 curl -u username:passwd   10.77.0.130:5000/v2/_catalog

OK 本文到此为止,后面会研究一下Harbor安装,到时候在落文档吧。😄