访问Docker仓库

仓库是集中存放镜像的地方，又分为公共仓库和私有仓库。

注册服务器：存放仓库的具体服务器，一个注册服务器上可以有多个仓库，而每个仓库下面可以有多个镜像。

一、Docker Hub公共镜像市场

 Docker Hub是Docker官方提供的最大的公共镜像仓库，地址：https://hub.docker.com

登录

可以通过命令：docker login 输入用户名和密码完成登录。登录成功后，本地用户目录下会自动创建.docker/config.json文件，保存用户的认证信息。登录成功后可以上传个人制作的镜像到Docker Hub上。

[root@web01 ~]# ll -a .docker/
total 4
drwx------ 2 root root 25 Sep 14 20:34 .
dr-xr-x---. 6 root root 226 Sep 14 20:34 ..
-rw------- 1 root root 178 Sep 14 20:34 config.json

#查找官方仓库中的镜像

[root@web01 ~]# docker search centos

二、搭建本地私有仓库

1.使用registry镜像创建私有仓库

通过官方提供的registry镜像来简单的搭建一套本地私有仓库环境

1）下载一个registry镜像

[root@web01 ~]# docker pull registry

2）启动一个registry容器，创建本地的私有仓库服务

默认情况下，仓库会被创建在容器的/var/lib/registry目录下。可以通过-v参数来将镜像文件存放在本地的指定路径。

[root@web02 ~]# mkdir /opt/myregistry

[root@web02 ~]# docker run -d -p 5000:5000 --restart=always -v /opt/myregistry:/var/lib/registry registry
82c54be2bbdae506a56f9bb2c0d6bc81738fee1d9d69429fcb2bdc952d8df446

[root@web02 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
82c54be2bbda registry "/entrypoint.sh /etc…" 47 seconds ago Up 45 seconds 0.0.0.0:5000->5000/tcp blissful_burnell

此时，在本地将启动一个私有仓库服务，监听端口为5000

2.上传镜像到私有仓库

1）给要上传的镜像打tag

[root@web01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 0d120b6ccaa8 5 weeks ago 215MB

[root@web01 ~]# docker tag centos:latest 192.168.0.184:5000/centos:latest

[root@web01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.0.184:5000/centos latest 0d120b6ccaa8 5 weeks ago 215MB
centos latest 0d120b6ccaa8 5 weeks ago 215MB

2）上传

[root@web01 ~]# docker push 192.168.0.184:5000/centos:latest
The push refers to repository [192.168.0.184:5000/centos]
Get https://192.168.0.184:5000/v2/: http: server gave HTTP response to HTTPS client

# 显示上述报错，解决办法：
[root@web01 ~]# vi /etc/docker/daemon.json

[root@web01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["192.168.0.184:5000"]
}
[root@web01 ~]# systemctl restart docker

#重新上传

[root@web01 ~]# docker push 192.168.0.184:5000/centos:latest
The push refers to repository [192.168.0.184:5000/centos]
291f6e44771a: Pushed
latest: digest: sha256:fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71 size: 529

3. 在私有仓库服务器上查看上传的镜像

[root@web02 ~]# tree /opt/myregistry/docker/registry/v2/repositories/centos
/opt/myregistry/docker/registry/v2/repositories/centos
├── _layers
│   └── sha256
│   ├── 0d120b6ccaa8c5e149176798b3501d4dd1885f961922497cd0abef155c869566
│   │   └── link
│   └── 3c72a8ed68140139e483fe7368ae4d9651422749e91483557cbd5ecf99a96110
│   └── link
├── _manifests
│   ├── revisions
│   │   └── sha256
│   │   └── fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71
│   │   └── link
│   └── tags
│   └── latest
│   ├── current
│   │   └── link
│   └── index
│   └── sha256
│   └── fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71
│   └── link
└── _uploads

15 directories, 5 files

三、带base认证的私有仓库

1. base认证密码文件准备

[root@web02 ~]# yum install httpd-tools -y

[root@web02 ~]# mkdir /opt/registry-var/auth/ -p

[root@web02 ~]# htpasswd -Bbn test_registry 123456 >> /opt/registry-var/auth/htpasswd

[root@web02 ~]# cat /opt/registry-var/auth/htpasswd
test_registry:$2y$05$4sGZILAgU4FsilNvlvPJNur4a8HGi0hjVpo0yjGRdRaoT6AlPn1XG

2. 启动docker私有仓库

[root@web02 ~]# docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
65a9359bf9521aa1171e9487832aa963f78ef5c1ab1c72e88fcd8622eb4155f0

[root@web02 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
65a9359bf952 registry "/entrypoint.sh /etc…" 3 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp elegant_galileo

3.在客户端从私有仓库下载镜像

[root@web01 ~]# docker pull 192.168.0.184:5000/busybox:latest
Error response from daemon: Get http://192.168.0.184:5000/v2/busybox/manifests/latest: no basic auth credentials

#报错提示需要认证，解决办法如下

[root@web01 ~]# docker login 192.168.0.184:5000
Username: test_registry
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

#查看认证信息

[root@web01 ~]# cat /root/.docker/config.json
{
"auths": {
"192.168.0.184:5000": {
"auth": "dGVzdF9yZWdpc3RyeToxMjM0NTY="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.12 (linux)"
}
}[root@web01 ~]#

#重新下载镜像

[root@web01 ~]# docker pull 192.168.0.184:5000/busybox:latest
latest: Pulling from busybox
df8698476c65: Pull complete
Digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002
Status: Downloaded newer image for 192.168.0.184:5000/busybox:latest
192.168.0.184:5000/busybox:latest

[root@web01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.0.184:5000/busybox latest 6858809bf669 6 days ago 1.23MB
192.168.0.184:5000/centos latest 0d120b6ccaa8 5 weeks ago 215MB
centos latest 0d120b6ccaa8 5 weeks ago 215MB

#退出登录

[root@web01 ~]# docker logout 192.168.0.184:5000
Removing login credentials for 192.168.0.184:5000