天天看點
傳回

docker進階與實戰 4 倉庫進階

repository集中存儲鏡像,支援鏡像分發及更新,後端存儲常采用分布式,解決容災問題.

官方倉庫是docker hub,其中又有許多名稱相同,内容不同的子倉庫.

關系為:hub{repository{images}}

完整的倉庫包括鏡像存儲系統和賬戶管理系統.

# docker login --help

Usage:  docker login [OPTIONS] [SERVER]

Register or log in to a registry server, if no server is

specified "https://index.docker.io/v1/" is the default.

  -e, --email=       Email

  --help=false       Print usage

  -p, --password=    Password

  -u, --username=    Username

docker hub的完整路徑:域名/使用者名/倉庫:tag

可以通過docker指令對鏡像上傳,下載下傳,查詢等操作.docker的鏡像層會逐層按順序操作;不現的鏡像可以并行操作.

1.docker push上傳

2.docker pull下載下傳

3.docker search 查詢

另外docker hub還提供根據寫好的dockerfile線上編譯的功能.

docker registry是建構倉庫的核心,用于docker鏡像的釋出,開源使用者可以自行搭建.

docker registry元件:

        鏡像的建立,更新,分發,存儲等服務.用戶端通過docker API(http,https)與docker registry進行互動.

        registry API 是标準REST實作.

搭建自己的私用倉庫:

# rpm -qa |grep docker-registry

# yum install docker-registry -y

# docker run --hostname localhost --name registry-v2 -v /opt/data/distribution:/var/lib/registry/docker/registry/v2 -p 5000:5000 registry:2.0

Unable to find image 'registry:2.0' locally

08f78f46653a: Download complete

902b87aaaec9: Download complete

9a61b6b1315e: Download complete

1ff9f26f09fb: Download complete

607e965985c1: Download complete

0f5121dd42a6: Download complete

8d38711ccc0d: Download complete

8ddc08289e1a: Download complete

d86979befb72: Download complete

b279b4aae826: Download complete

63e9d2557cd7: Download complete

8fb45e60e014: Download complete

141b650c3281: Download complete

69c177f0c117: Download complete

124e2127157f: Download complete

aeb43bf230e4: Download complete

6a192b88c36f: Download complete

66780839eff4: Download complete

a0010d3b65cf: Download complete

000e0d27487f: Download complete

66b88493bcd9: Download complete

374f4314b164: Download complete

Status: Downloaded newer image for docker.io/registry:2.0

4 倉庫進階

4.1 什麼是倉庫 registry

鏡像分發與更新,後端盡量使用分布式存儲

4.1.1倉庫的組成

hub->repository->images->tag

倉庫包括鏡像存儲及使用者管理系統

4.1.2倉庫鏡像

上傳  docker push

下載下傳  docker poll

查詢  docer search

4.2 docker hub

4.2.1 docker hub優點

世界最大最知名的docker鏡像倉庫,官方出品.

4.2.2 網頁分布

4.2.3 賬戶管理系統

4.3 倉庫服務

4.3.1 registry功能和架構

鏡像建立,存儲,分發,更新

存儲:registry後端,tar包

鏡像建立分發和更新:

4.3.2 registry API

    REST設計标準

docker daemon => registry API => registry

組成: 方法(method)-路徑(path)-實體(entity)

API傳輸的對象主要是鏡像layer的塊資料(blob)和表單(manifest)

    mainfest是JSON格式,記錄鏡像中繼資料

    API采用内容尋址存儲(CAS)針對固定内容存儲.

[root@192-168-166-119 ~]# curl -X GET http://192.168.166.220:5000/v2/

{}

[root@192-168-166-119 ~]# curl -X GET http://192.168.166.220:5000/v2/centosmyregistry/tags/list

{"name":"centosmyregistry","tags":["latest"]}

[root@192-168-166-119 ~]# curl -X GET http://192.168.166.220:5000/v2/centosmyregistry/manifests/latest  #還有相應的操作 PUT更新,DELETE删除

{

   "schemaVersion": 1,

   "name": "centosmyregistry",

   "tag": "latest",

   "architecture": "amd64",

   "fsLayers": [

      {

         "blobSum": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"#内容摘要context digest,使用雜湊演算法,16進制生成.

      },

         "blobSum": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"

         "blobSum": "sha256:a734b0ff4ca6f104ccaa5c51230935de4b5f3fce6b1a34db31e3a59ce36a06d3"

      }

   ],

   "history": [

         "v1Compatibility": "{\"id\":\"bb3d629a7cbc1ded0a8fdeb3756433ecea97f50f7c715f6995905567ecb4b6ac\",\"parent\":\"a63aae4d216f12e186c191cdb2dbe01008863590c00e8f163c8fca229d889e18\",\"created\":\"2016-03-04T17:40:08.127934693Z\",\"container\":\"d65f5103f40ca90775c9a748b17bfa6ee78c0c7f435edd4e08f436e7db56b452\",\"container_config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) CMD [\\\"/bin/bash\\\"]\"],\"Image\":\"a63aae4d216f12e186c191cdb2dbe01008863590c00e8f163c8fca229d889e18\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{\"build-date\":\"2016-03-04\",\"license\":\"GPLv2\",\"name\":\"CentOS Base Image\",\"vendor\":\"CentOS\"}},\"docker_version\":\"1.9.1\",\"author\":\"The CentOS Project \\[email protected]\\u003e\",\"config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/bash\"],\"Image\":\"a63aae4d216f12e186c191cdb2dbe01008863590c00e8f163c8fca229d889e18\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{\"build-date\":\"2016-03-04\",\"license\":\"GPLv2\",\"name\":\"CentOS Base Image\",\"vendor\":\"CentOS\"}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"

         "v1Compatibility": "{\"id\":\"a63aae4d216f12e186c191cdb2dbe01008863590c00e8f163c8fca229d889e18\",\"parent\":\"6fdebd7b0eb5e0695812a42189609799fd743ea37dd55d4dc374eca0c57924cc\",\"created\":\"2016-03-04T17:40:07.401406359Z\",\"container\":\"5738b6818a74427f7538a5ebadd00f04c31fc126db11a028fb0dd63a7624fd6e\",\"container_config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) LABEL name=CentOS Base Image vendor=CentOS license=GPLv2 build-date=2016-03-04\"],\"Image\":\"6fdebd7b0eb5e0695812a42189609799fd743ea37dd55d4dc374eca0c57924cc\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{\"build-date\":\"2016-03-04\",\"license\":\"GPLv2\",\"name\":\"CentOS Base Image\",\"vendor\":\"CentOS\"}},\"docker_version\":\"1.9.1\",\"author\":\"The CentOS Project \\[email protected]\\u003e\",\"config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"6fdebd7b0eb5e0695812a42189609799fd743ea37dd55d4dc374eca0c57924cc\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{\"build-date\":\"2016-03-04\",\"license\":\"GPLv2\",\"name\":\"CentOS Base Image\",\"vendor\":\"CentOS\"}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"

         "v1Compatibility": "{\"id\":\"6fdebd7b0eb5e0695812a42189609799fd743ea37dd55d4dc374eca0c57924cc\",\"parent\":\"47d44cb6f252ea4f6aecf8a447972de5d9f9f2e2bec549a2f1d8f92557f4d05a\",\"created\":\"2016-03-04T17:40:02.981353314Z\",\"container\":\"0bc4c5093a7b29576c7b0ca09da0dc4ca1fdfd203bb7913f9fd025295de09168\",\"container_config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ADD file:72852fc7626d233343a04e4eae70b5bc2925271b42cbe823aa0aca0a75a153dd in /\"],\"Image\":\"47d44cb6f252ea4f6aecf8a447972de5d9f9f2e2bec549a2f1d8f92557f4d05a\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"docker_version\":\"1.9.1\",\"author\":\"The CentOS Project \\[email protected]\\u003e\",\"config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"47d44cb6f252ea4f6aecf8a447972de5d9f9f2e2bec549a2f1d8f92557f4d05a\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":196617264}\n"

         "v1Compatibility": "{\"id\":\"47d44cb6f252ea4f6aecf8a447972de5d9f9f2e2bec549a2f1d8f92557f4d05a\",\"created\":\"2015-09-07T19:05:48.678585881Z\",\"container\":\"aa61f9423ec3654a523b23db8beeb801ce1ba1e82bfd15c71f317a8e723dfe2c\",\"container_config\":{\"Hostname\":\"aa61f9423ec3\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) MAINTAINER The CentOS Project \\[email protected]\\u003e\"],\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"docker_version\":\"1.7.1\",\"author\":\"The CentOS Project \\[email protected]\\u003e\",\"config\":{\"Hostname\":\"aa61f9423ec3\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"

   "signatures": [

         "header": {

            "jwk": {

               "crv": "P-256",

               "kid": "B5QK:W2H2:BYAM:KRBL:ARNV:RZAU:FMPW:K3YR:MX7F:PPKR:NKY4:YFR7",

               "kty": "EC",

               "x": "Z_Q4FfFkR7VUtb-q1Ikmlc7FyUwYWfaLW2MVi8qIQz0",

               "y": "8yE6hnFA6d8VN0bm847yb798AfoC94ax0EC5bz4WxEE"

            },

            "alg": "ES256"

         },

         "signature": "LwnkgFIKOtgYkL1CzASuiqOW0huqyPk23p6d-r2uNCOZOcVlqvaMlNAovX6GpO14vhaDGNSRzGvdF-ChQmfgUA",

         "protected": "eyJmb3JtYXRMZW5ndGgiOjcyMjMsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNi0wMy0yMFQxMDo0OTo0MVoifQ"

   ]

}

API傳輸分析:

    1.下載下傳

        1.1下載下傳manifest->layers blob

    2.上傳

        2.1上傳初始化:POST blob uploads ->Registry傳回accepted->上傳過程(可選2種方式:整體或分段)layer blob-> manifest

    3.查詢

    4.删除

鑒權機制:V2版本後添加的新功能,主要給私有倉庫使用.

4.4部署docker registry 私有倉庫

    優點:可控,省帶寬,自主賬戶體系,定制化

yum install docker-registry -y

docker run -d --hostname dockerhost --name registry-v2 -v /opt/data/distribution:/var/lib/registry/docker/registry/v2 -p 5000:5000 registry:2.0 

#-d:背景運作,主機名:dockerhost,倉庫名稱:registry-v2,-v:本地路徑綁定到volume,-p:端口映射,

為了安全,可以使用反向代理為docker registry轉發請求.

從官方docker hub下載下傳centos最新版

docker pull centos

[root@192-168-166-119 ~]# docker images 

REPOSITORY                         TAG                 IMAGE ID            CREATED             VIRTUAL SIZE

docker.io/centos                   latest              bb3d629a7cbc        2 weeks ago         196.6 MB

為下載下傳好的鏡像打上tag

[root@192-168-166-119 ~]# docker tag bb3d629a7cbc 192.168.166.220:5000/centosmyregistry

[root@192-168-166-119 ~]# docker images

REPOSITORY                              TAG                 IMAGE ID            CREATED             VIRTUAL SIZE

docker.io/centos                        latest              bb3d629a7cbc        2 weeks ago         196.6 MB

192.168.166.220:5000/centosmyregistry   latest              bb3d629a7cbc        2 weeks ago         196.6 MB

[root@192-168-166-119 ~]# docker push 192.168.166.220:5000/centosmyregistry

The push refers to a repository [192.168.166.220:5000/centosmyregistry] (len: 1)

bb3d629a7cbc: Pushed 

a63aae4d216f: Pushed 

6fdebd7b0eb5: Pushed 

47d44cb6f252: Pushed 

latest: digest: sha256:3fca4350643d07d50244b3f24d2b47aabf493c3f7e6c9739af84129bbc52cb5f size: 7225

可以看到倉庫中已經有了剛才上傳的image

存儲 Linux api Docker 容器 shell 網絡架構 容災 算法 安全 docker實戰倉庫 docker進階實戰 docker倉庫 docker進階實戰介紹 Docker鏡像實戰倉庫
上一篇: ceph架構簡單流程
下一篇: python學習手冊18 參數

繼續閱讀