Register镜像
Register镜像就是用来启动仓库的,其他docker平台可以从该仓库中下载镜像,不需要去官方下载镜像,仓库服务器需要安装Docker。
Docker仓库主要用于存放Docker镜像,Docker仓库分为公共仓库和私有仓库,基于registry可以搭建本地私有仓库,使用私有仓库的优点如下:
(1)节省网络带宽,针对于每个镜像不用去Docker官网仓库下载;
(2)下载Docker镜像从本地私有仓库中下载;
(3)组件公司内部私有仓库,方便各部门使用,服务器管理更加统一;
(4)可以基于GIT或者SVN、Jenkins更新本地Docker私有仓库镜像版本。
官方提供Docker Registry来构建本地私有仓库,目前最新版本为v2,最新版的docker已不再支持v1,Registry v2使用Go语言编写,在性能和安全性上做了很多优化,重新设计了镜像的存储格式。
环境如下
| Server1 |
192.168.179.99 |
上传镜像端 |
| Server2 |
192.168.179.100 |
仓库端 |
构建你的本地私有仓库
如下为在192.168.179.100服务器上构建Docker本地私有仓库的方法及步骤:
#我这里是在其他机器上面下载镜像再传输到192.168.179.100上面,再导入镜像
[root@localhost ~]# docker pull registry
[root@localhost ~]# docker save 2d4f4b5309b1 >registry.tar
[root@localhost ~]# scp registry.tar 192.168.179.100:/
[email protected]'s password:
registry.tar
[root@localhost ~]# docker load < registry.tar
[root@localhost ~]# docker tag 2d4f4b5309b1 registry:latest
#可以看到导入成功
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 2d4f4b5309b1 4 weeks ago 26.2MB
#做一个卷持久化,避免容器停止仓库的数据丢失,下面就构建好了你的私有仓库
[root@localhost ~]# mkdir -p /data/registry/
[root@localhost ~]# docker run -itd -p 5000:5000 -v /data/registry:/var/lib/registry docker.io/registry
7cc727be60ac0ae04d3e6b21dccb81ba7d6570fef7c3a1e368c9834d9f9ad090
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7cc727be60ac registry "/entrypoint.sh /etc?? 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp zen_fermi非常巧妙,这里是将镜像改名了,同时上传到192.168.179.100:5000仓库,因为docker push的时候会将192.168.179.100:5000识别为仓库,这样非常方便你的镜像上传到仓库。
[root@localhost ~]# docker tag 2622e6cca7eb 192.168.179.100:5000/nginx
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED
nginx latest 2622e6cca7eb 2 months ago 132MB
192.168.179.100:5000/nginx latest 2622e6cca7eb 2 months ago 132MB允许在上传镜像到私有仓库的时候使用http进行传输 ,需要修改docker的配置
#这里上传的是https,我们这不是https
[root@localhost ~]# docker push 192.168.179.100:5000/nginx:latest
The push refers to repository [192.168.179.100:5000/nginx]
Get https://192.168.179.100:5000/v2/: http: server gave HTTP response to HTTPS client
#--insecure-registry=192.168.179.100:5000加上这句话(Docker如果需要从非SSL源管理镜像,需要配置Docker配置文件的insecury-registry参数)
[root@localhost ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -b br0 -H fd:// --containerd=/run/containerd/containerd.sock --storage-opt overlay2.size=40G --insecure-registry=192.168.179.100:5000
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# cat /etc/docker/key.json
{"crv":"P-256","d":"ZAqAs7bcCTG4FUARTWynBOQWOjfA3tOK4c4VuJvjCBk","kid":"SN7X:WQC5:RBCB:DZZU:I234:EKUM:D6HD:VR4X:YQH7:ZEVI:3H4O:LFXP","kty":"EC","x":"EANl_vk1hHk30VipjfOcFzPDht-70-Kw-cuosXgJQQE","y":"SLLKp3Rd-9ihQjiNWNPqgJ7IRmqRT_6mgPuEIk8HxAM"}
-----------------------------------------------------------------------------------------
#如果启动docker报错
[root@harbor system]# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Wed 2020-03-04 13:45:54 CST; 9s ago
Docs: https://docs.docker.com
Process: 7669 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
Main PID: 7669 (code=exited, status=1/FAILURE)
Mar 04 13:45:52 harbor.hiibm.com systemd[1]: Failed to start Docker Application Container Engine.
Mar 04 13:45:52 harbor.hiibm.com systemd[1]: Unit docker.service entered failed state.
Mar 04 13:45:52 harbor.hiibm.com systemd[1]: docker.service failed.
Mar 04 13:45:54 harbor.hiibm.com systemd[1]: docker.service holdoff time over, scheduling restart.
Mar 04 13:45:54 harbor.hiibm.com systemd[1]: Stopped Docker Application Container Engine.
Mar 04 13:45:54 harbor.hiibm.com systemd[1]: start request repeated too quickly for docker.service
Mar 04 13:45:54 harbor.hiibm.com systemd[1]: Failed to start Docker Application Container Engine.
Mar 04 13:45:54 harbor.hiibm.com systemd[1]: Unit docker.service entered failed state.
Mar 04 13:45:54 harbor.hiibm.com systemd[1]: docker.service failed.
#问题可能出在配置了国内镜像加速了,而且配置文件写成了/etc/docker/daemon.json,
解决办法:修改配置文件/etc/docker/daemon.json为/etc/docker/daemon.conf。然后systemctl daemon-reload,systemctl restart docker。
[root@localhost ~]# cat /etc/docker/daemon.conf
{
"registry-mirrors":["http://019a7061.m.daocloud.io"],
"insecure-registries":["192.168.179.100:5000"]
}
[root@localhost docker]# systemctl daemon-reload
[root@localhost docker]# systemctl restart docker测试一下,上传是否能够成功
#可以看到上传到私有仓库成功
[root@localhost ~]# docker push 192.168.179.100:5000/nginx:latest
The push refers to repository [192.168.179.100:5000/nginx]
f978b9ed3f26: Pushed
9040af41bb66: Pushed
7c7d7f446182: Pushed
d4cf327d8ef5: Pushed
13cb14c2acd3: Pushed
latest: digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f size: 1362
#将本地镜像删除,从搭建好的私有仓库上将上面上传的镜像拉取下来
[root@localhost ~]# docker rmi -f 192.168.179.100:5000/nginx:latest
Untagged: 192.168.179.100:5000/nginx:latest
Untagged: 192.168.179.100:5000/nginx@sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f
Deleted: sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163
#可以看到,可以从仓库拉取
[root@localhost ~]# docker pull 192.168.179.100:5000/nginx:latest
latest: Pulling from nginx
8559a31e96f4: Already exists
8d69e59170f7: Already exists
3f9f1ec1d262: Already exists
d1f5ff4f210d: Already exists
1e22bfa8652e: Already exists
Digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f
Status: Downloaded newer image for 192.168.179.100:5000/nginx:latest
192.168.179.100:5000/nginx:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.179.100:5000/nginx latest 2622e6cca7eb 2 months ago 132MB
#要是觉得镜像名字很别扭,可以使用tag自行定义
[root@localhost ~]# docker tag 2622e6cca7eb nginx:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.179.100:5000/nginx latest 2622e6cca7eb 2 months ago 132MB
nginx latest 2622e6cca7eb 2 months ago 132MB仓库对镜像的管理
镜像多版本的上传,假设你有nginx v1 v2 v3版本,需要上传,如下所示
[root@localhost ~]# docker push 192.168.179.100:5000/nginx:v1
The push refers to repository [192.168.179.100:5000/nginx]
f978b9ed3f26: Layer already exists
....................................................................
v1: digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f size: 1362
[root@localhost ~]# docker push 192.168.179.100:5000/nginx:v2
The push refers to repository [192.168.179.100:5000/nginx]
f978b9ed3f26: Layer already exists
.....................................................................
v2: digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f size: 1362
[root@localhost ~]# docker push 192.168.179.100:5000/nginx:v3
The push refers to repository [192.168.179.100:5000/nginx]
.....................................................................
13cb14c2acd3: Layer already exists
使用curl来查看仓库里面存放的镜像以及版本
[root@localhost ~]# curl -XGET http://192.168.179.100:5000/v2/_catalog
{"repositories":["mytomcat","nginx"]}
[root@localhost ~]# curl -XGET http://192.168.179.100:5000/v2/nginx/tags/list
{"name":"nginx","tags":["latest","v1","v2","v3"]}私有仓库删除已经上传的镜像
#将nginx所有版本镜像全部删除
[root@localhost repositories]# pwd
/data/registry/docker/registry/v2/repositories
[root@localhost repositories]# ls
mytomcat nginx
[root@localhost repositories]# rm -rf nginx/
[root@localhost ~]# curl -XGET http://192.168.179.100:5000/v2/_catalog
{"repositories":["mytomcat"]}
[root@localhost ~]# curl -XGET http://192.168.179.100:5000/v2/nginx/tags/list
{"errors":[{"code":"NAME_UNKNOWN","message":"repository name not known to registry","detail":{"name":"nginx"}}]}
---------------------------------------------------------------------------------------
#只删除nginx v3版本镜像
[root@localhost tags]# ls
v1 v2 v3
[root@localhost tags]# pwd
/data/registry/docker/registry/v2/repositories/nginx/_manifests/tags
[root@www tags]# rm -rf v3
[root@localhost ~]# curl -XGET http://192.168.179.100:5000/v2/nginx/tags/list
{"name":"nginx","tags":["v2","v1"]}