Docker私有仓库搭建与部署

一、Registry私有仓库搭建与部署

1.1、Registry部署

1）下载registry镜像

[root@docker01 ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
c87736221ed0: Pull complete 
1cc8e0bb44df: Pull complete 
54d33bcb37f5: Pull complete 
e8afc091c171: Pull complete 
b4541f6d3db6: Pull complete 
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest

2）创建registry容器

[root@docker01 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               alpine              a624d888d69f        6 days ago          21.5MB
centos              6.9                 2199b8eb8390        8 months ago        195MB
registry            latest              f32a97de94e1        8 months ago        25.8MB
[root@docker01 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry  registry
[root@docker01 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
a4041df96c54        registry            "/entrypoint.sh /etc…"   2 minutes ago       Up 2 minutes        0.0.0.0:5000->5000/tcp   registry

3）推送镜像至仓库

#给镜像打标签
[root@docker01 ~]# docker tag centos:6.9 192.168.11.10:5000/centos:6.9
[root@docker01 ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
nginx                       alpine              a624d888d69f        6 days ago          21.5MB
192.168.11.10:5000/centos   6.9                 2199b8eb8390        8 months ago        195MB
centos                      6.9                 2199b8eb8390        8 months ago        195MB
registry                    latest              f32a97de94e1        8 months ago        25.8MB

#推送镜像只仓库
[root@docker01 ~]# docker push 192.168.11.10:5000/centos:6.9 
The push refers to repository [192.168.11.10:5000/centos]
Get https://192.168.11.10:5000/v2/: http: server gave HTTP response to HTTPS client

#第一次推送镜像会报如上的错误
解决方法：
[root@docker01 ~]# vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://registry.docker-cn.com"],  #注意有逗号
  "insecure-registries": ["192.168.11.10:5000"]
}

#重启docker，再次推送
[root@docker01 ~]# systemctl restart docker
[root@docker01 ~]# docker push 192.168.11.10:5000/centos:6.9 
The push refers to repository [192.168.11.10:5000/centos]
aaa5621d7c01: Pushed 
6.9: digest: sha256:7e172600dff1903f186061ce5f5295664ec9942ca120e4e5b427ddf01bb2b35b size: 529

4）另一台测试拉取镜像（需要安装docker）

 #添加仓库地址
[root@docker02 ~]# vim /etc/docker/daemon.json
{
  "insecure-registries": ["192.168.11.10:5000"]
}

#重启docker
[root@docker02 ~]# systemctl restart docker

#拉取镜像
[root@docker02 ~]# docker pull 192.168.11.10:5000/centos:6.9
6.9: Pulling from centos
831490506c47: Pull complete 
Digest: sha256:7e172600dff1903f186061ce5f5295664ec9942ca120e4e5b427ddf01bb2b35b
Status: Downloaded newer image for 192.168.11.10:5000/centos:6.9
192.168.11.10:5000/centos:6.9

1.2、仓库basic认证

#创建账号密码
[root@docker01 ~]# yum install httpd-tools -y
[root@docker01 ~]# mkdir /opt/registry-var/auth/ -p
[root@docker01 ~]# htpasswd  -Bbn oldboy 123456  >> /opt/registry-var/auth/htpasswd

#创建容器
[root@docker01 ~]# docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e  "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry

#测试
[root@docker01 ~]# docker push 192.168.11.10:5000/centos:6.9 
The push refers to repository [192.168.11.10:5000/centos]
aaa5621d7c01: Preparing 
no basic auth credentials  ##提示没有认证，需要登录后才能push

[root@docker01 ~]# docker login 192.168.11.10:5000  #需要登录
Username: oldboy
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

[root@docker01 ~]# docker tag nginx:alpine 192.168.11.10:5000/nginx:alpine  #打标签
[root@docker01 ~]# docker push 192.168.11.10:5000/nginx:alpine 
The push refers to repository [192.168.11.10:5000/nginx]
f4cef7054e83: Pushed 
77cae8ab23bf: Pushed 
alpine: digest: sha256:2993f9c9a619cde706ae0e34a1a91eb9cf5225182b6b76eb637392d2ce816538 size: 739

#每次docker login很麻烦，可以把生成的配置文件传送给其他服务器（/root/.docker/config.json）
[root@docker01 ~]# scp -rp /root/.docker/ 192.168.11.11:/root/
[root@docker02 .docker]# docker pull 192.168.11.10:5000/nginx:alpine
alpine: Pulling from nginx
89d9c30c1d48: Pull complete 
24f1c4f0b2f4: Pull complete 
Digest: sha256:2993f9c9a619cde706ae0e34a1a91eb9cf5225182b6b76eb637392d2ce816538
Status: Downloaded newer image for 192.168.11.10:5000/nginx:alpine
192.168.11.10:5000/nginx:alpine

1.3、查看仓库镜像

#方式一：查看目录
[root@docker01 ~]# ll /opt/myregistry/docker/registry/v2/repositories/   #查看镜像个数
drwxr-xr-x 5 root root 55 Nov 26 10:40 centos
drwxr-xr-x 5 root root 55 Nov 26 11:06 nginx
[root@docker01 ~]# ll /opt/myregistry/docker/registry/v2/repositories/centos/_manifests/tags/  #镜像版本信息
drwxr-xr-x 4 root root 34 Nov 26 10:40 6.9

#方式二：浏览器访问
http://192.168.11.10:5000/v2/_catalog
http://192.168.11.10:5000/v2/nginx/tags/list

#方式三：wget方法（可以安装jq ==>json分析工具，需要epel源）
[root@docker01 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@docker01 ~]# yum install jq -y

#查看镜像文件
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/_catalog
{"repositories":["centos","nginx"]}
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/_catalog|jq .
{
  "repositories": [
    "centos",
    "nginx"
  ]
}
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/_catalog|jq .repositories
[
  "centos",
  "nginx"
]

#查看镜像版本
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/nginx/tags/list|jq .
{
  "name": "nginx",
  "tags": [
    "alpine"
  ]
}
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/nginx/tags/list|jq .tags
[
  "alpine"
]
[root@docker01 ~]# wget -O- -q --user=oldboy --password=123456 http://192.168.11.10:5000/v2/nginx/tags/list|jq .tags[]
"alpine"

#方法四：curl命令
# curl -XGET http://registry_ip:5000/v2/_catalog
# curl -XGET http://registry_ip:5000/v2/image_name/tags/list
[root@docker01 ~]# curl -XGET  http://192.168.11.10:5000/v2/_catalog
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
[root@docker01 ~]# curl -XGET --user oldboy:123456 http://192.168.11.10:5000/v2/_catalog
{"repositories":["centos","nginx"]}
[root@docker01 ~]# curl -XGET --user oldboy:123456 http://192.168.11.10:5000/v2/nginx/tags/list
{"name":"nginx","tags":["alpine"]}

1.4、仓库镜像删除

参考文档：https://www.qstack.com.cn/archives/350.html

方法比较麻烦，推荐使用harbor私有化仓库

#进入容器
[root@docker01 ~]# docker exec -it zealous_leakey /bin/sh
/ # 

#查看当前大小
/ # du -smh /var/lib/registry/
75.4M	/var/lib/registry/

#删除镜像
/ # rm -fr /var/lib/registry/docker/registry/v2/repositories/centos/
/ # du -smh /var/lib/registry/  ##空间并没有删除
75.3M	/var/lib/registry/

#垃圾回收
/ # registry garbage-collect /etc/docker/registry/config.yml
/ # du -smh /var/lib/registry/
8.4M	/var/lib/registry/
/ #