docker registry push 覆寫_Docker4-docker私庫的搭建及常用方法-docker-registry方式

一、簡單介紹

前面已經介紹，可以使用Docker Hub公共倉庫，但是大多數情況企業都需要建立一個本地倉庫供自己使用。這裡介紹幾種搭建私庫的方法

私庫的好處有幾點

• 節約帶寬
• 可以自己定制系統
• 更加安全

二、我知道的幾種方法

1.利用官方提供的工具docker-registry來配置私庫

官方提供的鏡像，注意這個工具是個鏡像，直接下載下傳并使用registry鏡像啟動docker執行個體就可以了

2.利用Harbor-Registry，來搭建私庫

Harbor是一個用于存儲Docker鏡像的企業級Registry服務

三、通過官方docker-registry來配置私庫

1.環境

docker私庫位址：192.168.216.51 web1

docker伺服器位址：192.168.216.52 web2，此節點使用私庫伺服器來pull/push鏡像

2.拓撲

備注：這裡docker hub 就是私庫

docker engine ：前面原理篇有介紹 ，是docker架構中的運作引擎，同時也Docker運作的核心子產品。它扮演Docker container存儲倉庫的角色，并且通過執行job的方式來操縱管理這些容器。

3.安裝docker私有倉庫

1)首先安裝

方式1

也可以下載下傳rpm包安裝

rpm包位址：https://download.docker.com/linux/centos/7/x86_64/stable/Packages/

這裡下載下傳的是docker-ce-cli-19.03.2-3.el7.x86_64.rpm

為了解決依賴，配置本地源

[[email protected] yum.repos.d]# mv Centos-7.repo ./backup/[[email protected] yum.repos.d]# ll total 16drwxr-xr-x. 2 root root 27 Sep 23 14:56 backupdrwxr-xr-x. 2 root root 6 Sep 23 14:32 bakcup-rw-r--r--. 1 root root 65 Sep 23 14:53 docker-rpm.repo-rw-r--r--. 1 root root 664 Sep 23 12:54 epel-7.repo-rw-r--r--. 1 root root 951 Sep 23 12:54 epel.repo-rw-r--r--. 1 root root 1050 Sep 23 12:54 epel-testing.repo[[email protected] yum.repos.d]# cd /root/docker-rpm/[[email protected] docker-rpm]# createrepo ./
           

方式2

配置阿裡源，epel源裡面我這裡沒有docker，是以配置阿裡源的docker源

阿裡源位址：https://mirrors.aliyun.com/docker-ce/linux/centos/

[[email protected] yum.repos.d]# cat docker-ce.repo [docker-ce-stable]name=Docker CE Stable - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stableenabled=1gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-stable-debuginfo]name=Docker CE Stable - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/stableenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-stable-source]name=Docker CE Stable - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/stableenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-edge]name=Docker CE Edge - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/edgeenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-edge-debuginfo]name=Docker CE Edge - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/edgeenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-edge-source]name=Docker CE Edge - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/edgeenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-test]name=Docker CE Test - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/testenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-test-debuginfo]name=Docker CE Test - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/testenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-test-source]name=Docker CE Test - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/testenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-nightly]name=Docker CE Nightly - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/nightlyenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-nightly-debuginfo]name=Docker CE Nightly - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/nightlyenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[docker-ce-nightly-source]name=Docker CE Nightly - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/nightlyenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg[[email protected] yum.repos.d]#
           

yum install dockre-ce -y

2)開啟防火牆

systemctl start firewalld.service

3)開啟私有倉庫服務端

systemctl start docker

systemctl enable docker

確定兩台幾點都安裝了docker，并啟動

4.私有倉庫伺服器拉取或load registry

方法1、直接拉取

[[email protected] yum.repos.d]# docker pull registryUsing default tag: latestTrying to pull repository docker.io/library/registry ... latest: Pulling from docker.io/library/registryDigest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146Status: Image is up to date for docker.io/registry:latest[[email protected] yum.repos.d]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEzxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MBzxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MBdocker.io/atlassian/jira-software latest c4b90dede4f3 5 weeks ago 624 MBzxg/my_nginx v1 b164f4c07c64 8 weeks ago 126 MBzxg/my_nginx latest f07837869dfc 8 weeks ago 126 MBdocker.io/nginx latest e445ab08b2be 2 months ago 126 MBdocker.io/alpine latest b7b28af77ffe 2 months ago 5.58 MBdocker.io/centos latest 9f38484d220f 6 months ago 202 MBdocker.io/registry latest f32a97de94e1 6 months ago 25.8 MB[[email protected] yum.repos.d]# 
           

方法2、下載下傳registry.tar包，然後導入即可、

docker load -i registry.tar

5.私庫伺服器随便拉取一個鏡像,并且打好标簽

docker pull busyboxdocker tag docker.io/busybox:latest 192.168.216.51:5000/busybox:latest
           

打好标簽就是下面标紅的行

[[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEzxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MB192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MBbusybox v1 19485c79a9bb 3 weeks ago 1.22 MBdocker.io/busybox latest 19485c79a9bb 3 weeks ago 1.22 MBzxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MB
           

6.修改配置檔案，指定私庫url

需要安裝docker-common，檢查一下有沒有安裝

[[email protected] yum.repos.d]# rpm -qf /etc/sysconfig/dockerdocker-common-1.13.1-96.gitb2f74b2.el7.centos.x86_64[[email protected] yum.repos.d]# 
           

配置檔案添加–insecure-registry 192.168.216.51:5000

[[email protected] yum.repos.d]# cat /etc/sysconfig/docker# /etc/sysconfig/docker## Modify these options if you want to change the way the docker daemon runsOPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000'if [ -z "${DOCKER_CERT_PATH}" ]; then DOCKER_CERT_PATH=/etc/dockerdfi
           

7.重新開機docker

[[email protected] yum.repos.d]# systemctl restart docker
           

8.啟動私有倉庫，使用registry鏡像運作一個docker就可以了

[[email protected] yum.repos.d]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry###-v 指定本地持久路徑27d56aa54e167c26c76e25136b247072883aa29dde247f20c45f97fafedb650b[[email protected] yum.repos.d]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES27d56aa54e16 registry "/entrypoint.sh /e..." About a minute ago Up 58 seconds 0.0.0.0:5000->5000/tcp frosty_ptolemy[[email protected] yum.repos.d]# netstat -antlop |grep 5000tcp6 0 0 :::5000 :::* LISTEN 27767/docker-proxy- off (0.00/0/0)[[email protected] yum.repos.d]# netstat -antup |grep 5000 tcp6 0 0 :::5000 :::* LISTEN 27767/docker-proxy- [[email protected] yum.repos.d]# 
           

[[email protected] yum.repos.d]# ls /opt/registry###目錄已經自動建立
           

9.本機上傳鏡像，成功後使用tree檢視

docker push 192.168.216.51:5000/busybox
           

[[email protected] ~]# tree /opt/registry/docker/registry//opt/registry/docker/registry/└── v2 ├── blobs │ └── sha256 │ ├── 19 │ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── data │ ├── 7c │ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ │ └── data │ └── dd │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── data └── repositories └── busybox ├── _layers │ └── sha256 │ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── link │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── tags │ └── latest │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── link └── _uploads26 directories, 8 files[[email protected] ~]# 
           

10.使用52節點下載下傳busybox鏡像

我這裡已經裝好docker，就不示範怎麼安裝docker，這裡都是按照之前原理篇的安裝方式，請見如下連結：

安裝docker請參考：Docker1 架構原理及簡單使用

###修改配置檔案添加"--insecure-registry不安全的注冊"[[email protected] ~]# cat /etc/sysconfig/docker |grep 5000OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000'###拉取鏡像[[email protected] ~]# docker pull 192.168.216.51:5000/busyboxUsing default tag: latestTrying to pull repository 192.168.216.51:5000/busybox ... latest: Pulling from 192.168.216.51:5000/busybox7c9d20b9b6cd: Pull complete Digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808Status: Downloaded newer image for 192.168.216.51:5000/busybox:latest###檢視鏡像[[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB###運作執行個體-成功[[email protected] ~]# docker run 192.168.216.51:5000/busybox echo "1111" 1111[[email protected] ~]####建立鏡像連結并命名[[email protected] ~]# docker tag 192.168.216.51:5000/busybox busybox:v1###删除鏡像[[email protected] ~]# docker rmi 192.168.216.51:5000/busybox [[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEbusybox v1 19485c79a9bb 3 weeks ago 1.22 MB###運作新的執行個體[[email protected] ~]# docker run busybox:v1 echo 222222
           

到這裡已經完成了私庫搭建方方法，不過應該在上傳一個新版本測試：

[[email protected] ~]# docker tag busybox:v1 192.168.216.51:5000/busybox:v1[[email protected] ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES[[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MBbusybox v1 19485c79a9bb 3 weeks ago 1.22 MB[[email protected] ~]# docker push 192.168.216.51:5000/busyboxThe push refers to a repository [192.168.216.51:5000/busybox]6c0ea40aef9d: Layer already exists v1: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527[[email protected] ~]# 
           

11.回到51節點測試檢視有沒有新的版本上傳上來

在51節點，上用tree指令檢視，可以看到v1版本

[[email protected] ~]# tree /opt/registry/docker/registry//opt/registry/docker/registry/└── v2 ├── blobs │ └── sha256 │ ├── 19 │ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── data │ ├── 7c │ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ │ └── data │ └── dd │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── data └── repositories └── busybox ├── _layers │ └── sha256 │ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── link │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── tags │ ├── latest │ │ ├── current │ │ │ └── link │ │ └── index │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── v1 │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── link └── _uploads
           

四、總結大家私有倉庫的步驟

配置前可以先把防火牆及selinux全部關閉

1.安裝docker

2.修改配置檔案兩台節點一樣，有兩種方式：(注意！！！)

1)添加參數到/etc/sysconfig/docker檔案

OPTIONS=’–selinux-enabled –log-driver=journald –signature-verification=false –insecure-registry 192.168.216.51:5000′

2)還可以把這行添加到啟動參數裡，/usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd-current –insecure-registry 192.168.216.51:5000

注意：新版本已經沒有/etc/sysconfig/docker配置檔案了，是以可以統一放到啟動參數/usr/lib/systemd/system/docker.service

3.拉取registry鏡像

4.運作registry鏡像并映射5000端口

5.打标簽上傳下載下傳鏡像完成

五、帶授權的registry

注意：這裡是建立密碼認證，而不是證書的認證

1.建立授權目錄

mkdir /auth

2.使用registry鏡像生成 htpasswd加密檔案其中加密了密碼

建立使用者名：zxg，密碼123456，并加密

docker run --entrypoint htpasswd registry -Bbn zxg 123456 >/auth/htpasswd
           

可以看到密碼123456已經加密了

docker run --entrypoint htpasswd registry -Bbn zxg 123456 >/auth/htpasswd
           

注釋：

–entrypoint ：是docker的一種指令，用于給出容器啟動後預設入口

3.啟動帶參數的鏡像

[[email protected] /]# docker run -d -p 5000:5000 --restart=always --name registry1 > -v /opt/registry:/var/lib/registry> -v /auth:/auth > -e "REGISTRY_AUTH=htpasswd" > -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" > -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd > registry37f0ce01ea327e6cd62798e0df683d5d2a4317c3fd865c0f1e19b654f052fe66
           

4.52節點建立busybox便簽v2上傳，先登陸，然後上傳

[[email protected] ~]# docker login 192.168.216.51:5000Username: zxgPassword: Login Succeeded[[email protected] ~]# docker tag busybox:v2 192.168.216.51:5000/busybox:v2busybox v2 19485c79a9bb 3 weeks ago 1.22 MB[[email protected] ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MB192.168.216.51:5000/busybox v2 19485c79a9bb 3 weeks ago 1.22 MBbusybox v1 19485c79a9bb 3 weeks ago 1.22 MBbusybox v2 19485c79a9bb 3 weeks ago 1.22 MB[[email protected] ~]# docker push 192.168.216.51:5000/busybox:v2The push refers to a repository [192.168.216.51:5000/busybox]6c0ea40aef9d: Pushed v2: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527[[email protected] ~]# 
           

5.回到51上确認是否上傳成功

[[email protected] auth]# tree /opt/registry/docker/registry/v2//opt/registry/docker/registry/v2/├── blobs│ └── sha256│ ├── 19│ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d│ │ └── data│ ├── 7c│ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b│ │ └── data│ └── dd│ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808│ └── data└── repositories └── busybox ├── _layers │ └── sha256 │ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── link │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── tags │ ├── latest │ │ ├── current │ │ │ └── link │ │ └── index │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ ├── v1 │ │ ├── current │ │ │ └── link │ │ └── index │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── v2 │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── link └── _uploads35 directories, 12 files
           

可以看到已經有v2版本，成功，下一篇将介紹Harbor-Registry的方式。