搭建Docker私有仓库&用户密码认证&web可视化界面
1.拉取镜像
docker pull hyper/docker-registry-web docker pull registry
2.安装
yum install docker-compose
3.搭建过程
(1)创建存放配置文件和私有仓库镜像的存储目录
mkdir -p /usr/local/docker-registry/conf/registry #存放仓库的配置信息 mkdir -p /usr/local/docker-registry/conf/registry-web #存放仓库UI界面的配置信息 mkdir -p /usr/local/docker-registry/registry #存放仓库的镜像 mkdir -p /usr/local/docker-registry/db #仓库的访问信息
(2)生成证书
openssl req -new -newkey rsa:4096 -days 365 \
-subj "/CN=192.168.199.189" \
-nodes -x509 \
-keyout /usr/local/docker-registry/conf/registry-web/auth.key \
-out /usr/local/docker-registry/conf/registry/auth.cert
(3)创建仓库的配置文件
vi /usr/local/docker-registry/conf/registry/config.yml
内容如下:
version: 0.1
storage:
filesystem:
rootdirectory: /var/lib/registry
http:
addr: 0.0.0.0:5000
auth:
token:
realm: http://192.168.199.189:50000/api/auth
service: 192.168.199.189:5000
issuer: 'admin'
rootcertbundle: /etc/docker/registry/auth.cert
(4)创建仓库UI的配置文件
vi /usr/local/docker-registry/conf/registry-web/config.yml
内容如下:
registry:
url: http://192.168.199.189:5000/v2
name: 192.168.199.189:5000
readonly: false
auth:
enabled: true
issuer: 'admin'
key: /conf/auth.key
(5)创建docker-compose启动配置文件
version: '2'
services:
registry-web:
image: hyper/docker-registry-web:latest
ports:
- 50000:8080
volumes:
- /usr/local/docker-registry/conf/registry-web:/conf:ro
- /usr/local/docker-registry/db:/data
networks:
- registry-net
depends_on:
- registry
restart: always
registry:
image: registry:2.4.1
ports:
- 5000:5000
volumes:
- /usr/local/docker-registry/conf/registry:/etc/docker/registry:ro
- /usr/local/docker-registry/registry:/var/lib/registry
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
networks:
- registry-net
restart: always
networks:
registry-net:
#driver: default #如果报错就注掉
yml文件主要格式,每一级都要缩进,最好用一个tab键,切记,如果启动失败,一定好好检查这几个配置文件,特别是空格(tab键)。
(6)通过docker-compose拉取镜像启动容器
docker-compose up -d
(7) vim /lib/systemd/system/docker.service
添加 ExecStart=/usr/bin/dockerd --insecure-registry 192.168.199.189:5000
然后执行下面命令刷新配置:
systemctl daemon-reload
重启docker:
systemctl restart docker
(8) 配置docker pull默认从本地仓库拉去镜像
vim /usr/lib/systemd/system/docker.service
启动参数增加
--add-registry=192.168.199.189:5000 --insecure-registry=192.168.199.189:5000重启docker:
# systemctl daemon-reload # systemctl restart docker
验证:
docker info
其他主机下载镜像:
在另外一台需要获取镜像的主机上配置registry为无CA模式:
vim /etc/docker/daemon.json
{
"insecure-registries" : ["192.168.199.189:5000"]
}
搭建完成!
可以打开浏览器输入:192.168.199.189:50000
输入账号密码登录,默认是admin/admin,可以登录后修改,默认账号只有ui的管理功能,如果需要push功能还需要自己配置权限。
也可以使用docker命令登录:
docker login 192.168.199.189:5000
4. 提交镜像
(1)执行命令docker pull tomcat,从hub.docker.com下载最新版本的tomcat镜像
docker pull tomcat
(2) 执行命令docker images查看镜像列表
docker images
(3) 镜像添加一个带有私有仓库IP的TAG
docker tag dd6ff929584a 192.168.199.189:5000/tomcat
(4) 登录本地仓库
docker login 192.168.199.189:5000
(5) 提交镜像到本地仓库
docker push 192.168.199.189:5000/tomcat
