![](https://img.laitimes.com/img/__Qf2AjLwojIjJCLyojI0JCLicmbw5SO1MGNmN2NhFDZ4kzN5EDNhJDN0MDMzkTYkN2NkJGOx8CX0JXZ252bj91Ztl2Lc52YucWbp5GZzNmLn9Gbi1yZtl2Lc9CX6MHc0RHaiojIsJye.png)
一、簡單介紹
前面已經介紹,可以使用Docker Hub公共倉庫,但是大多數情況企業都需要建立一個本地倉庫供自己使用。這裡介紹幾種搭建私庫的方法
私庫的好處有幾點
- 節約帶寬
- 可以自己定制系統
- 更加安全
二、我知道的幾種方法
1.利用官方提供的工具docker-registry來配置私庫
官方提供的鏡像,注意這個工具是個鏡像,直接下載下傳并使用registry鏡像啟動docker執行個體就可以了
2.利用Harbor-Registry,來搭建私庫
Harbor是一個用于存儲Docker鏡像的企業級Registry服務
三、通過官方docker-registry來配置私庫
1.環境
docker私庫位址:192.168.216.51 web1
docker伺服器位址:192.168.216.52 web2,此節點使用私庫伺服器來pull/push鏡像
2.拓撲
備注:這裡docker hub 就是私庫
docker engine :前面原理篇有介紹 ,是docker架構中的運作引擎,同時也Docker運作的核心子產品。它扮演Docker container存儲倉庫的角色,并且通過執行job的方式來操縱管理這些容器。
3.安裝docker私有倉庫
1)首先安裝
方式1
也可以下載下傳rpm包安裝
rpm包位址:https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
這裡下載下傳的是docker-ce-cli-19.03.2-3.el7.x86_64.rpm
為了解決依賴,配置本地源
[[email protected] yum.repos.d]# mv Centos-7.repo ./backup/[[email protected] yum.repos.d]# ll total 16drwxr-xr-x. 2 root root 27 Sep 23 14:56 backupdrwxr-xr-x. 2 root root 6 Sep 23 14:32 bakcup-rw-r--r--. 1 root root 65 Sep 23 14:53 docker-rpm.repo-rw-r--r--. 1 root root 664 Sep 23 12:54 epel-7.repo-rw-r--r--. 1 root root 951 Sep 23 12:54 epel.repo-rw-r--r--. 1 root root 1050 Sep 23 12:54 epel-testing.repo[[email protected] yum.repos.d]# cd /root/docker-rpm/[[email protected] docker-rpm]# createrepo ./
方式2
配置阿裡源,epel源裡面我這裡沒有docker,是以配置阿裡源的docker源
阿裡源位址:https://mirrors.aliyun.com/docker-ce/linux/centos/
[[email protected] yum.repos.d]# cat docker-ce.repo [docker-ce-stable]name=Docker CE Stable - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stableenabled=1gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-stable-debuginfo]name=Docker CE Stable - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/stableenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-stable-source]name=Docker CE Stable - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/stableenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-edge]name=Docker CE Edge - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/edgeenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-edge-debuginfo]name=Docker CE Edge - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/edgeenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-edge-source]name=Docker CE Edge - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/edgeenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-test]name=Docker CE Test - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/testenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-test-debuginfo]name=Docker CE Test - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/testenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-test-source]name=Docker CE Test - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/testenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-nightly]name=Docker CE Nightly - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/nightlyenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-nightly-debuginfo]name=Docker CE Nightly - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/nightlyenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-nightly-source]name=Docker CE Nightly - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/nightlyenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[[email protected] yum.repos.d]#
yum install dockre-ce -y
2)開啟防火牆
systemctl start firewalld.service
3)開啟私有倉庫服務端
systemctl start docker
systemctl enable docker
確定兩台幾點都安裝了docker,并啟動
4.私有倉庫伺服器拉取或load registry
方法1、直接拉取
[[email protected] yum.repos.d]# docker pull registryUsing default tag: latestTrying to pull repository docker.io/library/registry ... latest: Pulling from docker.io/library/registryDigest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146Status: Image is up to date for docker.io/registry:latest[[email protected] yum.repos.d]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEzxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MBzxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MBdocker.io/atlassian/jira-software latest c4b90dede4f3 5 weeks ago 624 MBzxg/my_nginx v1 b164f4c07c64 8 weeks ago 126 MBzxg/my_nginx latest f07837869dfc 8 weeks ago 126 MBdocker.io/nginx latest e445ab08b2be 2 months ago 126 MBdocker.io/alpine latest b7b28af77ffe 2 months ago 5.58 MBdocker.io/centos latest 9f38484d220f 6 months ago 202 MBdocker.io/registry latest f32a97de94e1 6 months ago 25.8 MB[[email protected] yum.repos.d]#
方法2、下載下傳registry.tar包,然後導入即可、
docker load -i registry.tar
5.私庫伺服器随便拉取一個鏡像,并且打好标簽
docker pull busyboxdocker tag docker.io/busybox:latest 192.168.216.51:5000/busybox:latest
打好标簽就是下面标紅的行
[[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEzxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MB192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MBbusybox v1 19485c79a9bb 3 weeks ago 1.22 MBdocker.io/busybox latest 19485c79a9bb 3 weeks ago 1.22 MBzxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MB
6.修改配置檔案,指定私庫url
需要安裝docker-common,檢查一下有沒有安裝
[[email protected] yum.repos.d]# rpm -qf /etc/sysconfig/dockerdocker-common-1.13.1-96.gitb2f74b2.el7.centos.x86_64[[email protected] yum.repos.d]#
配置檔案添加–insecure-registry 192.168.216.51:5000
[[email protected] yum.repos.d]# cat /etc/sysconfig/docker# /etc/sysconfig/docker## Modify these options if you want to change the way the docker daemon runsOPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000'if [ -z "${DOCKER_CERT_PATH}" ]; then DOCKER_CERT_PATH=/etc/dockerdfi
7.重新開機docker
[[email protected] yum.repos.d]# systemctl restart docker
8.啟動私有倉庫,使用registry鏡像運作一個docker就可以了
[[email protected] yum.repos.d]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry###-v 指定本地持久路徑27d56aa54e167c26c76e25136b247072883aa29dde247f20c45f97fafedb650b[[email protected] yum.repos.d]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES27d56aa54e16 registry "/entrypoint.sh /e..." About a minute ago Up 58 seconds 0.0.0.0:5000->5000/tcp frosty_ptolemy[[email protected] yum.repos.d]# netstat -antlop |grep 5000tcp6 0 0 :::5000 :::* LISTEN 27767/docker-proxy- off (0.00/0/0)[[email protected] yum.repos.d]# netstat -antup |grep 5000 tcp6 0 0 :::5000 :::* LISTEN 27767/docker-proxy- [[email protected] yum.repos.d]#
[[email protected] yum.repos.d]# ls /opt/registry###目錄已經自動建立
9.本機上傳鏡像,成功後使用tree檢視
docker push 192.168.216.51:5000/busybox
[[email protected] ~]# tree /opt/registry/docker/registry//opt/registry/docker/registry/└── v2 ├── blobs │ └── sha256 │ ├── 19 │ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── data │ ├── 7c │ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ │ └── data │ └── dd │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── data └── repositories └── busybox ├── _layers │ └── sha256 │ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── link │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── tags │ └── latest │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── link └── _uploads26 directories, 8 files[[email protected] ~]#
10.使用52節點下載下傳busybox鏡像
我這裡已經裝好docker,就不示範怎麼安裝docker,這裡都是按照之前原理篇的安裝方式,請見如下連結:
安裝docker請參考:Docker1 架構原理及簡單使用
###修改配置檔案添加"--insecure-registry不安全的注冊"[[email protected] ~]# cat /etc/sysconfig/docker |grep 5000OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000'###拉取鏡像[[email protected] ~]# docker pull 192.168.216.51:5000/busyboxUsing default tag: latestTrying to pull repository 192.168.216.51:5000/busybox ... latest: Pulling from 192.168.216.51:5000/busybox7c9d20b9b6cd: Pull complete Digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808Status: Downloaded newer image for 192.168.216.51:5000/busybox:latest###檢視鏡像[[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB###運作執行個體-成功[[email protected] ~]# docker run 192.168.216.51:5000/busybox echo "1111" 1111[[email protected] ~]####建立鏡像連結并命名[[email protected] ~]# docker tag 192.168.216.51:5000/busybox busybox:v1###删除鏡像[[email protected] ~]# docker rmi 192.168.216.51:5000/busybox [[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEbusybox v1 19485c79a9bb 3 weeks ago 1.22 MB###運作新的執行個體[[email protected] ~]# docker run busybox:v1 echo 222222
到這裡已經完成了私庫搭建方方法,不過應該在上傳一個新版本測試:
[[email protected] ~]# docker tag busybox:v1 192.168.216.51:5000/busybox:v1[[email protected] ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES[[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MBbusybox v1 19485c79a9bb 3 weeks ago 1.22 MB[[email protected] ~]# docker push 192.168.216.51:5000/busyboxThe push refers to a repository [192.168.216.51:5000/busybox]6c0ea40aef9d: Layer already exists v1: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527[[email protected] ~]#
11.回到51節點測試檢視有沒有新的版本上傳上來
在51節點,上用tree指令檢視,可以看到v1版本
[[email protected] ~]# tree /opt/registry/docker/registry//opt/registry/docker/registry/└── v2 ├── blobs │ └── sha256 │ ├── 19 │ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── data │ ├── 7c │ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ │ └── data │ └── dd │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── data └── repositories └── busybox ├── _layers │ └── sha256 │ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── link │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── tags │ ├── latest │ │ ├── current │ │ │ └── link │ │ └── index │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── v1 │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── link └── _uploads
四、總結大家私有倉庫的步驟
配置前可以先把防火牆及selinux全部關閉
1.安裝docker
2.修改配置檔案兩台節點一樣,有兩種方式:(注意!!!)
1)添加參數到/etc/sysconfig/docker檔案
OPTIONS=’–selinux-enabled –log-driver=journald –signature-verification=false –insecure-registry 192.168.216.51:5000′
2)還可以把這行添加到啟動參數裡,/usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd-current –insecure-registry 192.168.216.51:5000
注意:新版本已經沒有/etc/sysconfig/docker配置檔案了,是以可以統一放到啟動參數/usr/lib/systemd/system/docker.service
3.拉取registry鏡像
4.運作registry鏡像并映射5000端口
5.打标簽上傳下載下傳鏡像完成
五、帶授權的registry
注意:這裡是建立密碼認證,而不是證書的認證
1.建立授權目錄
mkdir /auth
2.使用registry鏡像生成 htpasswd加密檔案其中加密了密碼
建立使用者名:zxg,密碼123456,并加密
docker run --entrypoint htpasswd registry -Bbn zxg 123456 >/auth/htpasswd
可以看到密碼123456已經加密了
docker run --entrypoint htpasswd registry -Bbn zxg 123456 >/auth/htpasswd
注釋:
–entrypoint :是docker的一種指令,用于給出容器啟動後預設入口
3.啟動帶參數的鏡像
[[email protected] /]# docker run -d -p 5000:5000 --restart=always --name registry1 > -v /opt/registry:/var/lib/registry> -v /auth:/auth > -e "REGISTRY_AUTH=htpasswd" > -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" > -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd > registry37f0ce01ea327e6cd62798e0df683d5d2a4317c3fd865c0f1e19b654f052fe66
4.52節點建立busybox便簽v2上傳,先登陸,然後上傳
[[email protected] ~]# docker login 192.168.216.51:5000Username: zxgPassword: Login Succeeded[[email protected] ~]# docker tag busybox:v2 192.168.216.51:5000/busybox:v2busybox v2 19485c79a9bb 3 weeks ago 1.22 MB[[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MB192.168.216.51:5000/busybox v2 19485c79a9bb 3 weeks ago 1.22 MBbusybox v1 19485c79a9bb 3 weeks ago 1.22 MBbusybox v2 19485c79a9bb 3 weeks ago 1.22 MB[[email protected] ~]# docker push 192.168.216.51:5000/busybox:v2The push refers to a repository [192.168.216.51:5000/busybox]6c0ea40aef9d: Pushed v2: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527[[email protected] ~]#
5.回到51上确認是否上傳成功
[[email protected] auth]# tree /opt/registry/docker/registry/v2//opt/registry/docker/registry/v2/├── blobs│ └── sha256│ ├── 19│ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d│ │ └── data│ ├── 7c│ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b│ │ └── data│ └── dd│ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808│ └── data└── repositories └── busybox ├── _layers │ └── sha256 │ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── link │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── tags │ ├── latest │ │ ├── current │ │ │ └── link │ │ └── index │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ ├── v1 │ │ ├── current │ │ │ └── link │ │ └── index │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── v2 │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── link └── _uploads35 directories, 12 files
可以看到已經有v2版本,成功,下一篇将介紹Harbor-Registry的方式。