repository集中存储镜像,支持镜像分发及更新,后端存储常采用分布式,解决容灾问题.
官方仓库是docker hub,其中又有许多名称相同,内容不同的子仓库.
关系为:hub{repository{images}}
完整的仓库包括镜像存储系统和账户管理系统.
# docker login --help
Usage: docker login [OPTIONS] [SERVER]
Register or log in to a registry server, if no server is
specified "https://index.docker.io/v1/" is the default.
-e, --email= Email
--help=false Print usage
-p, --password= Password
-u, --username= Username
docker hub的完整路径:域名/用户名/仓库:tag
可以通过docker命令对镜像上传,下载,查询等操作.docker的镜像层会逐层按顺序操作;不现的镜像可以并行操作.
1.docker push上传
2.docker pull下载
3.docker search 查询
另外docker hub还提供根据写好的dockerfile在线编译的功能.
docker registry是构建仓库的核心,用于docker镜像的发布,开源用户可以自行搭建.
docker registry组件:
镜像的创建,更新,分发,存储等服务.客户端通过docker API(http,https)与docker registry进行交互.
registry API 是标准REST实现.
搭建自己的私用仓库:
# rpm -qa |grep docker-registry
# yum install docker-registry -y
# docker run --hostname localhost --name registry-v2 -v /opt/data/distribution:/var/lib/registry/docker/registry/v2 -p 5000:5000 registry:2.0
Unable to find image 'registry:2.0' locally
08f78f46653a: Download complete
902b87aaaec9: Download complete
9a61b6b1315e: Download complete
1ff9f26f09fb: Download complete
607e965985c1: Download complete
0f5121dd42a6: Download complete
8d38711ccc0d: Download complete
8ddc08289e1a: Download complete
d86979befb72: Download complete
b279b4aae826: Download complete
63e9d2557cd7: Download complete
8fb45e60e014: Download complete
141b650c3281: Download complete
69c177f0c117: Download complete
124e2127157f: Download complete
aeb43bf230e4: Download complete
6a192b88c36f: Download complete
66780839eff4: Download complete
a0010d3b65cf: Download complete
000e0d27487f: Download complete
66b88493bcd9: Download complete
374f4314b164: Download complete
Status: Downloaded newer image for docker.io/registry:2.0
4 仓库进阶
4.1 什么是仓库 registry
镜像分发与更新,后端尽量使用分布式存储
4.1.1仓库的组成
hub->repository->images->tag
仓库包括镜像存储及用户管理系统
4.1.2仓库镜像
上传 docker push
下载 docker poll
查询 docer search
4.2 docker hub
4.2.1 docker hub优点
世界最大最知名的docker镜像仓库,官方出品.
4.2.2 网页分布
4.2.3 账户管理系统
4.3 仓库服务
4.3.1 registry功能和架构
镜像创建,存储,分发,更新
存储:registry后端,tar包
镜像创建分发和更新:
4.3.2 registry API
REST设计标准
docker daemon => registry API => registry
组成: 方法(method)-路径(path)-实体(entity)
API传输的对象主要是镜像layer的块数据(blob)和表单(manifest)
mainfest是JSON格式,记录镜像元数据
API采用内容寻址存储(CAS)针对固定内容存储.
[root@192-168-166-119 ~]# curl -X GET http://192.168.166.220:5000/v2/
{}
[root@192-168-166-119 ~]# curl -X GET http://192.168.166.220:5000/v2/centosmyregistry/tags/list
{"name":"centosmyregistry","tags":["latest"]}
[root@192-168-166-119 ~]# curl -X GET http://192.168.166.220:5000/v2/centosmyregistry/manifests/latest #还有相应的操作 PUT更新,DELETE删除
{
"schemaVersion": 1,
"name": "centosmyregistry",
"tag": "latest",
"architecture": "amd64",
"fsLayers": [
{
"blobSum": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"#内容摘要context digest,使用哈希算法,16进制生成.
},
"blobSum": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
"blobSum": "sha256:a734b0ff4ca6f104ccaa5c51230935de4b5f3fce6b1a34db31e3a59ce36a06d3"
}
],
"history": [
"v1Compatibility": "{\"id\":\"bb3d629a7cbc1ded0a8fdeb3756433ecea97f50f7c715f6995905567ecb4b6ac\",\"parent\":\"a63aae4d216f12e186c191cdb2dbe01008863590c00e8f163c8fca229d889e18\",\"created\":\"2016-03-04T17:40:08.127934693Z\",\"container\":\"d65f5103f40ca90775c9a748b17bfa6ee78c0c7f435edd4e08f436e7db56b452\",\"container_config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) CMD [\\\"/bin/bash\\\"]\"],\"Image\":\"a63aae4d216f12e186c191cdb2dbe01008863590c00e8f163c8fca229d889e18\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{\"build-date\":\"2016-03-04\",\"license\":\"GPLv2\",\"name\":\"CentOS Base Image\",\"vendor\":\"CentOS\"}},\"docker_version\":\"1.9.1\",\"author\":\"The CentOS Project \\[email protected]\\u003e\",\"config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/bash\"],\"Image\":\"a63aae4d216f12e186c191cdb2dbe01008863590c00e8f163c8fca229d889e18\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{\"build-date\":\"2016-03-04\",\"license\":\"GPLv2\",\"name\":\"CentOS Base Image\",\"vendor\":\"CentOS\"}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"
"v1Compatibility": "{\"id\":\"a63aae4d216f12e186c191cdb2dbe01008863590c00e8f163c8fca229d889e18\",\"parent\":\"6fdebd7b0eb5e0695812a42189609799fd743ea37dd55d4dc374eca0c57924cc\",\"created\":\"2016-03-04T17:40:07.401406359Z\",\"container\":\"5738b6818a74427f7538a5ebadd00f04c31fc126db11a028fb0dd63a7624fd6e\",\"container_config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) LABEL name=CentOS Base Image vendor=CentOS license=GPLv2 build-date=2016-03-04\"],\"Image\":\"6fdebd7b0eb5e0695812a42189609799fd743ea37dd55d4dc374eca0c57924cc\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{\"build-date\":\"2016-03-04\",\"license\":\"GPLv2\",\"name\":\"CentOS Base Image\",\"vendor\":\"CentOS\"}},\"docker_version\":\"1.9.1\",\"author\":\"The CentOS Project \\[email protected]\\u003e\",\"config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"6fdebd7b0eb5e0695812a42189609799fd743ea37dd55d4dc374eca0c57924cc\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{\"build-date\":\"2016-03-04\",\"license\":\"GPLv2\",\"name\":\"CentOS Base Image\",\"vendor\":\"CentOS\"}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"
"v1Compatibility": "{\"id\":\"6fdebd7b0eb5e0695812a42189609799fd743ea37dd55d4dc374eca0c57924cc\",\"parent\":\"47d44cb6f252ea4f6aecf8a447972de5d9f9f2e2bec549a2f1d8f92557f4d05a\",\"created\":\"2016-03-04T17:40:02.981353314Z\",\"container\":\"0bc4c5093a7b29576c7b0ca09da0dc4ca1fdfd203bb7913f9fd025295de09168\",\"container_config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ADD file:72852fc7626d233343a04e4eae70b5bc2925271b42cbe823aa0aca0a75a153dd in /\"],\"Image\":\"47d44cb6f252ea4f6aecf8a447972de5d9f9f2e2bec549a2f1d8f92557f4d05a\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"docker_version\":\"1.9.1\",\"author\":\"The CentOS Project \\[email protected]\\u003e\",\"config\":{\"Hostname\":\"0bc4c5093a7b\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"47d44cb6f252ea4f6aecf8a447972de5d9f9f2e2bec549a2f1d8f92557f4d05a\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":196617264}\n"
"v1Compatibility": "{\"id\":\"47d44cb6f252ea4f6aecf8a447972de5d9f9f2e2bec549a2f1d8f92557f4d05a\",\"created\":\"2015-09-07T19:05:48.678585881Z\",\"container\":\"aa61f9423ec3654a523b23db8beeb801ce1ba1e82bfd15c71f317a8e723dfe2c\",\"container_config\":{\"Hostname\":\"aa61f9423ec3\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) MAINTAINER The CentOS Project \\[email protected]\\u003e\"],\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"docker_version\":\"1.7.1\",\"author\":\"The CentOS Project \\[email protected]\\u003e\",\"config\":{\"Hostname\":\"aa61f9423ec3\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"ExposedPorts\":null,\"PublishService\":\"\",\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"
"signatures": [
"header": {
"jwk": {
"crv": "P-256",
"kid": "B5QK:W2H2:BYAM:KRBL:ARNV:RZAU:FMPW:K3YR:MX7F:PPKR:NKY4:YFR7",
"kty": "EC",
"x": "Z_Q4FfFkR7VUtb-q1Ikmlc7FyUwYWfaLW2MVi8qIQz0",
"y": "8yE6hnFA6d8VN0bm847yb798AfoC94ax0EC5bz4WxEE"
},
"alg": "ES256"
},
"signature": "LwnkgFIKOtgYkL1CzASuiqOW0huqyPk23p6d-r2uNCOZOcVlqvaMlNAovX6GpO14vhaDGNSRzGvdF-ChQmfgUA",
"protected": "eyJmb3JtYXRMZW5ndGgiOjcyMjMsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNi0wMy0yMFQxMDo0OTo0MVoifQ"
]
}
API传输分析:
1.下载
1.1下载manifest->layers blob
2.上传
2.1上传初始化:POST blob uploads ->Registry返回accepted->上传过程(可选2种方式:整体或分段)layer blob-> manifest
3.查询
4.删除
鉴权机制:V2版本后添加的新功能,主要给私有仓库使用.
4.4部署docker registry 私有仓库
优点:可控,省带宽,自主账户体系,定制化
yum install docker-registry -y
docker run -d --hostname dockerhost --name registry-v2 -v /opt/data/distribution:/var/lib/registry/docker/registry/v2 -p 5000:5000 registry:2.0
#-d:后台运行,主机名:dockerhost,仓库名称:registry-v2,-v:本地路径绑定到volume,-p:端口映射,
为了安全,可以使用反向代理为docker registry转发请求.
从官方docker hub下载centos最新版
docker pull centos
[root@192-168-166-119 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/centos latest bb3d629a7cbc 2 weeks ago 196.6 MB
为下载好的镜像打上tag
[root@192-168-166-119 ~]# docker tag bb3d629a7cbc 192.168.166.220:5000/centosmyregistry
[root@192-168-166-119 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/centos latest bb3d629a7cbc 2 weeks ago 196.6 MB
192.168.166.220:5000/centosmyregistry latest bb3d629a7cbc 2 weeks ago 196.6 MB
[root@192-168-166-119 ~]# docker push 192.168.166.220:5000/centosmyregistry
The push refers to a repository [192.168.166.220:5000/centosmyregistry] (len: 1)
bb3d629a7cbc: Pushed
a63aae4d216f: Pushed
6fdebd7b0eb5: Pushed
47d44cb6f252: Pushed
latest: digest: sha256:3fca4350643d07d50244b3f24d2b47aabf493c3f7e6c9739af84129bbc52cb5f size: 7225
可以看到仓库中已经有了刚才上传的image
![ACS基本配置-权限等级管理[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)