1. About the Registry
The official Docker hub is a great place to manage public images, where we can find the images we want, or push our own images. However, sometimes, our usage scenarios require us to have a private image repository for managing our own images. This can be achieved through the open source software Registry .
Registry has two codebases on github : the old codebase and the new codebase . The old code is written in python , and there are performance problems of pull and push . After version 0.9.1 , it is marked as deprecated , and no further development is continued. Since version 2.0 , it has been developed in the new code base. The new code base is written in the go language, and the generation algorithm of the image id and the storage structure of the image on the registry are modified, which greatly optimizes the efficiency of pull and push images.
The official registry image ( details ) is provided on the Docker hub . We can directly use the registry image to build a container and build our own private warehouse service. The registry image whose tag is latest is version 0.9.1 , and we directly use version 2.1.1 .
2. Registry deployment
Run the following command to get the registry image,
$ sudo docker pull registry:2.1.1
Then start a container,
$ sudo docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:2.1.1
The Registry service will save the uploaded image in the container's /var/lib/registry by default. We mount the host's /opt/registry directory to this directory to save the image to the host's /opt/registry directory.
Run docker ps to see the container situation,
lienhua34@lienhua34-Compaq-Presario-CQ35-Notebook-PC ~ $ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f3766397a458 registry:2.1.1 "/bin/registry /etc/d" 46 seconds ago Up 45 seconds 0.0.0.0:5000->5000/tcp registry
It means that we have started the registry service, open the browser and enter http://127.0.0.1:5000/v2 , the following situation shows that the registry is running normally,
3. Verify
Now let's verify it by pushing the image to the registry .
There is an image of hello-world on my machine. We need to mark the image as to be pushed to the private repository through the docker tag .
$ sudo docker tag hello-world 127.0.0.1:5000/hello-world
Then look at the following local mirrors,
lienhua34@lienhua34-Compaq-Presario-CQ35-Notebook-PC ~ $ sudo docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE registry 2.1.1 b91f745cd233 5 days ago 220.1 MB ubuntu 14.04 a5a467fddcb8 6 days ago 187.9 MB hello-world latest 975b84d108f1 2 weeks ago 960 B 127.0.0.1:5000/hello-world latest 975b84d108f1 2 weeks ago 960 B
接下来,我们运行docker push将hello-world镜像push到我们的私有仓库中,
lienhua34@lienhua34-Compaq-Presario-CQ35-Notebook-PC ~ $ sudo docker push 127.0.0.1:5000/hello-world The push refers to a repository [127.0.0.1:5000/hello-world] (len: 1) 975b84d108f1: Image successfully pushed 3f12c794407e: Image successfully pushed latest: digest: sha256:1c7adb1ac65df0bebb40cd4a84533f787148b102684b74cb27a1982967008e4b size: 2744
现在我们可以查看我们本地/opt/registry目录下已经有了刚推送上来的hello-world。我们也在浏览器中输入http://127.0.0.1:5000/v2/_catalog,如下图所示,
现在我们可以先将我们本地的127.0.0.1:5000/hello-world和hello-world先删除掉,
$ sudo docker rmi hello-world $ sudo docker rmi 127.0.0.1:5000/hello-world
然后使用docker pull从我们的私有仓库中获取hello-world镜像,
lienhua34@lienhua34-Compaq-Presario-CQ35-Notebook-PC ~ $ sudo docker pull 127.0.0.1:5000/hello-world Using default tag: latest latest: Pulling from hello-world b901d36b6f2f: Pull complete 0a6ba66e537a: Pull complete Digest: sha256:1c7adb1ac65df0bebb40cd4a84533f787148b102684b74cb27a1982967008e4b Status: Downloaded newer image for 127.0.0.1:5000/hello-world:latest lienhua34@lienhua34-Compaq-Presario-CQ35-Notebook-PC ~ $ sudo docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE registry 2.1.1 b91f745cd233 5 days ago 220.1 MB ubuntu 14.04 a5a467fddcb8 6 days ago 187.9 MB 127.0.0.1:5000/hello-world latest 0a6ba66e537a 2 weeks ago 960 B
4. 可能问题
可能会出现无法push镜像到私有仓库的问题。这是因为我们启动的registry服务不是安全可信赖的。这是我们需要修改docker的配置文件/etc/default/docker,添加下面的内容,
DOCKER_OPTS="--insecure-registry xxx.xxx.xxx.xxx:5000"
然后重启docker后台进程,
$ sudo service docker restart
这是再push即可。
问题:
成功安装docker registry,在浏览器中输入http://192.168.1.100:5000/v2,成功返回json数据。在push 到docker registry时,报:
[root@master sysconfig]# docker push 192.168.1.100:5000/registry:2.4.1 The push refers to a repository [192.168.1.100:5000/registry] Get https://192.168.1.100:5000/v1/_ping: http: server gave HTTP response to HTTPS client
这个问题可能是由于客户端采用https,docker registry未采用https服务所致。一种处理方式是把客户对地址“192.168.1.100:5000”请求改为http。
目前很多文章都是通过修改docker的配置文件“etc/systemconfig/docker",重启docker来解决这个问题。但发现docker1.12.3版本并无此文件,根据网上创建此文件,并填入相应内容,重启docker无效果,仍然报此错误。
解决方法:
在”/etc/docker/“目录下,创建”daemon.json“文件。在文件中写入:
{ "insecure-registries":["192.168.1.100:5000"] }
保存退出后,重启docker。问题解决:
[root@master docker]# docker push 192.168.1.100:5000/registry:2.4.1 The push refers to a repository [192.168.1.100:5000/registry] ee8e809cfde5: Pushed ba20d499f984: Pushed 705e35f12f24: Pushed 42755cf4ee95: Pushed 2.4.1: digest: sha256:b66c4af9577744ae6d32e975808230e2ff558a5d50a7968d5102a900e147f3d5 size: 1158