ubuntu 14.04 x64
2、安装docker & docker-compose
2.1.安装docker
http://www.widuu.com/chinese_docker/installation/ubuntu.html#Ubuntu安装Docker
$ sudo apt-get update $ sudo apt-get install linux-image-generic-lts-trusty $ sudo reboot $ wget -qO- https://get.docker.com/ | sh $ sudo docker -v
#Create the docker group 可做可不做
$ sudo groupadd docker
#Add your user to docker group
$ sudo usermod -aG docker ubuntu(用户名)
注:提示docker版本如“Docker version 1.11.1, build 20f81dd”则安装成功
2.2.安装docker-compose
https://docs.docker.com/compose/install/
$ which curl # apt-get install curl -y # apt-get install python-pip python-dev -y # pip install -U docker-compose # docker-compose --v
注:提示docker-compose版本如“docker-compose version 1.7.1, build 6c29830”则安装成功
3、搭建registry私库
创建数据和证书目录
$ sudo mkdir -p /opt/docker/registry/data $ sudo mkdir -p /opt/docker/registry/certs
Docker的私有Registry要求使用https访问。需要生成ssl证书。
$ cd /opt/docker/registry/
验证是否安装了openssl
$ which openssl
如果已安装则显示openssl所在路径,没安装则什么也不显示
$ sudo apt-get install openssl libssl-dev (libssl-dev:openssl开发库)
创建密码文件
$ openssl genrsa -out registry_tomhat_com.key 2048
生成密钥
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/registry_tomhat_com.key -x509 -days 365 -out certs/registry_tomhat_com.crt
下面是输出,需要填写一些信息:
Generating a 4096 bit RSA private key
........................................++
..........................................++
writing new private key to 'certs/registry_tomhat_com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ChinaOPS
Organizational Unit Name (eg, section) []:ChinaOPS
Common Name (e.g. server FQDN or YOUR name) []:registry.tomhat.com
Email Address []:
注意:上面提示里的Common Name必须要添写完整域名
使用编辑器编辑 /opt/docker/registry/docker-compose.yml,内容如下:
(docker/registry为源文档的docker_registry)
registry:
container_name : tomhat_registry
restart : always
image : registry:2
ports:
- 443:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry_tomhat_com.crt
REGISTRY_HTTP_TLS_KEY: /certs/registry_tomhat_com.key
volumes:
- /opt/docker/registry/data:/var/lib/registry
- /opt/docker/registry/certs:/certs
使用docker-compose启动registry容器。
# docker-compose up -d
注意:用root用户执行命令在docker-compose.yml所在目录
如下是正确提示
Pulling registry (registry:2)...
2: Pulling from library/registry
efd26ecc9548: Pull complete
a3ed95caeb02: Pull complete
39091a8d8094: Pull complete
c5ad04c01f33: Pull complete
e441cc69d374: Pull complete
Digest: sha256:5206f99cc4d06dedc6d291324935ef134001f30fe05bf47e8d0b58d7e93e3843
Status: Downloaded newer image for registry:2
Creating cops_registry
# docker pull registry.ecloud.com.cn/tomcat # docker tag 660259e51042 registry.tomhat.com/tomcat # cp /opt/docker/registry/certs/registry_tomhat_com.crt /etc/docker/certs.d/regist.tomhat.com/ # echo '127.0.0.1 registry.tomhat.com' > /etc/hosts # service docker restart # docker push registry.tomhat.com/tomcat
访问:https://registry.tomhat.com/v2/_catalog