Docker支持采用仓库(本处指的是registry)来支持镜像的分发和更新管理。这极大的便利了用户。
官方提供了dockerhub网站来作为一个公开的集中仓库。然而,本地访问dockerhub速度往往很慢,并且很多时候我们需要一个本地的私有仓库只供网内使用。
关于如何创建和使用本地仓库,其实已经有很多文章介绍了。但是这些文章要么内容已经过时,要么给出了错误的配置,导致无法正常创建仓库。 本文以CoreOS系统为基础,讲解如何通过register镜像创建一个本地Repo
1 使用registry启动私有仓库的容器
docker run -d -p 5000:5000 -v /root/my_registry:/tmp/registry registry
说明:若之前没有安装registry容器则会自动下载并启动一个registry容器,创建本地的私有仓库服务。默认情况下,会将仓库创建在容器的/tmp/registry目录下,可以通过 -v 参数来将镜像文件存放在本地的指定路径上(例如,放在本地目录/root/my_registry下)。
2 向私有仓库push镜像
启动完register的镜像后,将register镜像上传到本地仓库上作为测试
说明:根据第一步启动的registry容器所在宿主主机的IP和Port,push某环境的本地容器。
localhost images # docker push 10.0.0.142:5000/register
The push refers to a repository [10.0.0.142:5000/register] (len: 1)
Sending image list
Pushing repository 10.0.0.142:5000/register (1 tags)
e9e06b06e14c: Image successfully pushed
a82efea989f9: Image successfully pushed
37bea4ee0c81: Image successfully pushed
07f8e8c5e660: Image successfully pushed
1f4ab7282e19: Image successfully pushed
0e4483abe66b: Image successfully pushed
c6153b5d8f1f: Image successfully pushed
2bc4611f2ed7: Image successfully pushed
30887473610f: Image successfully pushed
3f8e22c413b1: Image successfully pushed
22b1c756fa19: Image successfully pushed
90607d8d09d1: Image successfully pushed
4f4a5acb19eb: Image successfully pushed
204704ce3137: Image successfully pushed
Pushing tag for rev [204704ce3137] on {http://10.0.0.142:5000/v1/repositories/register/tags/latest}
宿主主机my_registry的目录结构
localhost my_registry # ls -R
.:
images repositories
./images:
07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95 2bc4611f2ed7611f46c4aaee05e34b7a490671c79c41b827dc168377da95b041 90607d8d09d11e65ed8f4e4f5b20d99ecc1db1539b7c96ef28884dcebb1cbee6
0e4483abe66bcc57ffe504a9baf65432f4931e5f91da3d5257e9990580d4beb0 30887473610f3f9354a34931cc43b8dd744d93375d6d95704d45313f843008dd a82efea989f94b1d9fac76e26e37b0bbde11047a3afcaa47064949dfa3b3209b
1f4ab7282e19ba4c80106bb4f6adf631c7d7ac7f48dd05bcb10b42768eb57913 37bea4ee0c816e3a3fa025f36127ef8ef0817b3f8fcd7b49eb7b26064f647bb0 c6153b5d8f1ff7de06410275d26bed8163e39cee970d052d457aef2d1658c383
204704ce31375bcf4afecf672563b4881bbef0d59135c68d273235bb7254fb4b 3f8e22c413b1783145e785a4729c4d5f98f9baca025b74d73774ed438ac82ba2 e9e06b06e14c2f7d8df0251e3bb852c3a10a70639498163d4f180a823c18fdfc
22b1c756fa19552df56cee7d7dc685ba2411878dbfda0950e849941af91a7f43 4f4a5acb19eb919eac7b507368e36b9a1d55b79974c20704de9b3ed32d258429
./images/07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95:
_checksum ancestry json layer
./images/0e4483abe66bcc57ffe504a9baf65432f4931e5f91da3d5257e9990580d4beb0:
_checksum ancestry json layer
./images/1f4ab7282e19ba4c80106bb4f6adf631c7d7ac7f48dd05bcb10b42768eb57913:
_checksum ancestry json layer
./images/204704ce31375bcf4afecf672563b4881bbef0d59135c68d273235bb7254fb4b:
_checksum ancestry json layer
./images/22b1c756fa19552df56cee7d7dc685ba2411878dbfda0950e849941af91a7f43:
_checksum ancestry json layer
./images/2bc4611f2ed7611f46c4aaee05e34b7a490671c79c41b827dc168377da95b041:
_checksum ancestry json layer
./images/30887473610f3f9354a34931cc43b8dd744d93375d6d95704d45313f843008dd:
_checksum ancestry json layer
./images/37bea4ee0c816e3a3fa025f36127ef8ef0817b3f8fcd7b49eb7b26064f647bb0:
_checksum ancestry json layer
./images/3f8e22c413b1783145e785a4729c4d5f98f9baca025b74d73774ed438ac82ba2:
_checksum ancestry json layer
./images/4f4a5acb19eb919eac7b507368e36b9a1d55b79974c20704de9b3ed32d258429:
_checksum ancestry json layer
./images/90607d8d09d11e65ed8f4e4f5b20d99ecc1db1539b7c96ef28884dcebb1cbee6:
_checksum ancestry json layer
./images/a82efea989f94b1d9fac76e26e37b0bbde11047a3afcaa47064949dfa3b3209b:
_checksum ancestry json layer
./images/c6153b5d8f1ff7de06410275d26bed8163e39cee970d052d457aef2d1658c383:
_checksum ancestry json layer
./images/e9e06b06e14c2f7d8df0251e3bb852c3a10a70639498163d4f180a823c18fdfc:
_checksum ancestry json layer
./repositories:
library
./repositories/library:
register
./repositories/library/register:
_index_images json tag_latest taglatest_json
关于https的问题
root@gerryyang:~# docker push 104.131.173.242:5000/Ubuntu_sshd_gcc_gerry:14.04
FATA[0002] Error: Invalid registry endpoint https://104.131.173.242:5000/v1/: Get https://104.131.173.242:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `–insecure-registry 104.131.173.242:5000` to the daemon’s arguments. In the case of HTTPS, if you have access to the registry’s CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/104.131.173.242:5000/ca.crt
解决方法:
解决方案:
vi /usr/lib/systemd/system/docker.service
内容修改如下:
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
ExecStart=/usr/bin/docker -d –insecure-registry 10.0.0.142:5000 -H fd:// $OPTIONS $DOCKER_STORAGE_OPTIONS
LimitNOFILE=1048576
LimitNPROC=1048576
[Install]
WantedBy=multi-user.target
在CoreOS系统中,执行方法一,可能会遇到/usr/lib/systemd/system/docker.service 文件ReadOnly 无法修改的情况,这时可以手工启动并添加 –insecure-registry参数
localhost ~ # /usr/lib/coreos/dockerd –daemon –insecure-registry 10.0.0.142:5000
3 私有仓库查询方法
curl http://10.0.0.142:5000/v1/search
说明:使用curl查看仓库104.131.173.242:5000中的镜像。在结果中可以查看到ubuntu_sshd_gcc_gerry,说明已经上传成功了。
4 在其他的机器上访问和下载私有仓库的镜像
在客户机上手工启动docker:localhost ~ # /usr/lib/coreos/dockerd –daemon –insecure-registry 10.0.0.142:5000
执行pull命令
localhost ~ # docker pull 10.0.0.142:5000/jdk7
Pulling repository 10.0.0.142:5000/jdk7
134625e9d4d7: Download complete
134625e9d4d7: Pulling image (latest) from 10.0.0.142:5000/jdk7
6941bfcbbfca: Download complete
41459f052977: Download complete
fd44297e2ddb: Download complete
40eba1bcf993: Download complete
e60bdcf6f45f: Download complete
367c013cf9ca: Download complete
81812b96beec: Download complete
776f6d47bdf7: Download complete
2c96f979a63a: Download complete
f33b1fffe108: Download complete
71f589de03a8: Download complete
2115aa302043: Download complete
6a498e83fe1b: Download complete
591be66f0e03: Download complete
c468a9de6202: Download complete
a510d6919954: Download complete
14b73f7c3942: Download complete
b591b7e6f5da: Download complete
f1a90a0630e1: Download complete
131a069bbe25: Download complete
Status: Downloaded newer image for 10.0.0.142:5000/jdk7:latest
更多CentOS相关信息见CentOS 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=14
本文永久更新链接地址:http://www.linuxidc.com/Linux/2015-06/118545.htm