[Updated every Monday]-(Issue 45): Docker private image warehouse configuration and access to Alibaba Cloud OSS

Insert image description here

Docker Registry 2 official image creates a private image warehouse and uploads the Docker image to the corresponding path of OSS.

reference:

BatchCompute Docker support: https://help.aliyun.com/document_detail/143334.html?spm=a2c4g.143333.0.0.4a6f8752ls18FR
Docker Registry：https://docs.docker.com/registry
Build a private Docker Registry based on OSS: https://developer.aliyun.com/article/57310
http://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download%2Fpdf%2F60721%2F%25E5%25B8%25B8%25E8%25A7%2581%25E9%2597%25AE%25E9%25A2%2598_cn_zh-CN.pdf
Container image FAQ: https://help.aliyun.com/document_detail/312336.html?spm=a2c4g.60761.0.0.330c6b62i2y0df
Configure the registry: https://dockerdocs.cn/registry/configuration/
Configuration of ossfs: https://help.aliyun.com/document_detail/153893.htm?spm=a2c4g.405812.0.0.4b854b78kph4DE In this way, mount OSS to the specified host directory, and specify the corresponding mounting directory as - v mapping.

Customize a Docker image and upload it to Alibaba Cloud's container image service warehouse or use the registry tool to upload it to Alibaba Cloud OSS.

Use the registry tool to upload to Alibaba Cloud OSS

1. Docker image production

Dockerfile making image
In this example, we use Dockerfile to make an Ubuntu image with built-in Python, and the image name is: myubuntu.

Create a new directory dockerUbuntu with the following structure:

dockerUbuntu
|-- Dockerfile

Contents of the file Dockerfile:

FROM ubuntu:14.04

# 这里要替换 your_name 为您的名字, 和your_email 为您的Email
MAINTAINER your_name <your_email>

# 更新源
RUN apt-get update

# 清除缓存
RUN apt-get autoclean

# 安装python
RUN apt-get install -y python

# 启动时运行这个命令
CMD ["/bin/bash"]

-----

From ubuntu:14.04

MAINTAINER wangruoyu <[email protected]>

#更新源
RUN apt-get update
#清除缓存
RUN apt-get autoclean
#安装python
RUN apt-get install -y python
#启动时运行这个命令
CMD ["/bin/bash"]

Run the following command to build the image:

cd dockerUbuntu              #进入 dockerUbuntu 目录
docker build -t myubuntu ./  #正式build, 命名为 myubuntu

Note: The docker command requires sudo to be run by default in Ubuntu, but in Mac/Windows, it needs to be run from the command line tool started in the "Docker Quickstart Terminal".

After the build is completed, run the following command to view:

docker images

2. Install OSS Docker Registry 2

Assume that the directory path where docker is stored in OSS is oss://your-bucket/dockers/. To create a private image warehouse using the Docker Registry 2 official image, you need to configure OSS's Access Key ID, Access Key Secret, Region, Bucket and other information. .

The specific installation steps are as follows:

i. Generate the file config.yml in the current directory


version: 0.1
log:
level: debug
storage:
oss:
accesskeyid: your_access_key_id
accesskeysecret: your_access_key_secret
region: oss-cn-shenzhen
bucket: your-bucket
rootdirectory: dockers
secure: false
internal: false
http:
addr: 0.0.0.0:5000

-- 实际栗子(推荐yml文件) --
version: 0.1
log:
level: debug
storage:
oss:
accesskeyid: xxx
accesskeysecret: xxx
region: oss-cn-shenzhen
bucket: genekangshenzhen
rootdirectory: dockers
secure: false
internal: false
http:
addr: 0.0.0.0:5000

- **直接运行的方式**
- 1、启动容器
docker run -d -p 5000:5000 \
-e "REGISTRY_STORAGE=oss" \
-e "REGISTRY_STORAGE_OSS_REGION=oss-cn-shenzhen" \
-e "REGISTRY_STORAGE_OSS_BUCKET=genekangshenzhen" \
-e "REGISTRY_STORAGE_OSS_PREFIX=/registry" \
-e "REGISTRY_STORAGE_OSS_ACCESSKEYID=xxx" \
-e "REGISTRY_STORAGE_OSS_ACCESSKEYSECRET=xxx" \
registry:2

- 2、创建Dockerfile并写入生成镜像
FROM nginx
COPY index.html /usr/share/nginx/html/index.html
RUN echo 'hello world' > /usr/share/nginx/html/hello.txt
RUN echo 'this is a sample docker image' > /usr/share/nginx/html/description.txt
CMD ["nginx", "-g", "daemon off;"]

# 构建镜像
docker build -t nginx-image:v1 .

docker build -t localhost:5000/nginx-image:latest .
docker build -t 127.0.0.1:5000/nginx-image:latest .

- docker tag myubuntu（旧） localhost:5000/myubuntu（新）
docker tag nginx-image:v1 localhost:5000/nginx-image:v1

# 推送到 Docker Registry
docker push localhost:5000/nginx-image:latest
docker push 127.0.0.1:5000/nginx-image:latest
docker push localhost:5000/nginx-image:v1
docker push nginx-image:v1

- 3、拉取 Docker 镜像
docker pull localhost:5000/nginx-image:latest

- 4、删除 Docker 镜像
docker rmi localhost:5000/nginx-image:latest

The variables need to be replaced:

parameter	describe
your_access_key_id	Alibaba Cloud access key id
your_access_key_secret	Alibaba Cloud access key secret
your-bucket	Alibaba Cloud bucket
oss-cn-shenzhen	The region where the bucket is located

For detailed information about OSS configuration, please refer to Docker official documentation .

Two configuration methods to upload the image to the OSS path

Mount the OSS directory to the host. First configure the mounting directory, and then specify the directory name mapping with -v.
The above case is the docker storage driver calling OSS interface management

ii. Run the command to install

docker pull registry:2
docker run -v `pwd`/config.yml:/etc/docker/registry/config.yml -p 5000:5000 --name registry -d registry:2

# **17服务器**

## 1、指定yml，registry:2.6.0 failed - 权限问题，版本2.6可pull+管理对象存储服务(OSS)权限
docker run -it -d -p 5000:5000 -v `pwd`/config.yml:/etc/docker/registry/config.yml  --restart=always --privileged=true --name registry04 registry:2.6.0

## 2、无指定yml，registry:2.6.0 success
docker run -it -d -p 5000:5000 -v /BioDB2/wangruoyu/dockerUbuntu:/var/lib/registry/docker/registry --restart=always --privileged=true --name registry01 registry:2.6.0


# **232服务器**

## 1、指定yml，registry:2.6.0 failed - 权限不足，push 500报错，也可能是 registry:2,建议用最新版或2.6.0
docker run -v /home/humx/config.yml:/etc/docker/registry/config.yml -p 5000:5000 --name registry2.6.0 -d registry:2.6.0

## 2、指定yml，registry:latest  success  （第一种yml）
docker run -it -d -v `pwd`/config.yml:/etc/docker/registry/config.yml -p 5000:5000 --restart=always --privileged=true --name registry01  registry:latest

## 3、无指定yml，registry:2.6.0  success （第二种挂载方式）
**（1）需要挂载操作**
echo genekangshenzhen:xxx:xxx > /etc/passwd-ossfs
chmod 640 /etc/passwd-ossfs
mkdir /tmp/ossfs-1
ossfs genekangshenzhen /tmp/ossfs-1 -ourl=http://oss-cn-shenzhen.aliyuncs.com

**（2）运行容器**
docker run -it -d -p 8080:5000 -v /tmp/ossfs-1:/var/lib/registry/docker/registry --restart=always --privileged=true --name registry02 registry:2.6.0

-v参数 ： /tmp/ossfs-1（宿主机本地目录）:/var/lib/registry/docker/registry  （docker 内pod 目录）（这里的目录是进入到容器启动的pod内查看到的目录路径）

Note: The region uses oss-cn-shenzhen, which means the OSS of the South China 1 (Shenzhen) region is used, and subsequent submitted jobs also need to be submitted to the corresponding region to work properly.

iii. View results

docker ps       #查看运行的container

If the installation is successful, you can see registry:2

Image upload to OSS

docker push localhost:5000/nginx-image:v1
docker push localhost:8080/nginx-image-01:v1
docker push localhost:5000/myubuntu
docker push myubuntu

illustrate

Use localhost:5000/ as the prefix. Other strings cannot be used to upload. Port 5000 is specified in -p 5000:5000 (5000 before the colon) in step (1). The name of the image you created is localhost:5000/myubuntu, not myubuntu.

To check whether the image upload is successful, you can use the OSS console to check whether there is this directory: oss://your-bucket/dockers/docker/registry/v2/repositories/myubuntu/,

When using Docker, fill in the corresponding parameters as follows: BATCH_COMPUTE_DOCKER_REGISTRY_OSS_PATH: oss://your-bucket/dockers BATCH_COMPUTE_DOCKER_IMAGE: localhost:5000/myubuntu:xxxx (xxxx is the version number of myubuntu).

error message

When pushing the image to ACR, the error message received unexpected HTTP status: 500 Internal Server Error

You can check according to the following information

1 Docker client does not set a proxy. docker info Check proxy related configuration
2 The enterprise version is stored in oss by default. You can check whether the corresponding bucket has been deleted.
3 ram problem, you can check the authorization information of AliyunContainerRegistryDefaultRole. If it is empty, it means it is abnormal, and it also has the permission to manage the Object Storage Service (OSS);

docker push localhost:5000/myubuntu
The push refers to a repository [localhost:5000/myubuntu]
53ca46d8cc11: Pushing [==================================================>] 23.62 MB/23.62 MB
89dc10ae098b: Pushing 1.536 kB
9a6f576cf0d3: Pushing [==================================================>] 15.85 MB/15.85 MB
83109fa660b2: Pushing [==================================================>] 3.584 kB
30d3c4334a23: Pushing [==================================================>] 209.9 kB
f2fa9f4cf8fd: Retrying in 5 seconds
Received unexpected HTTP status: 500 Internal Server Error

问题找到了，是oss子账户的秘钥的权限不足；导致push报错，但是提示的不够明显；

（1）yml配置，OSS镜像路径
       oss://genekangshenzhen/dockers_test/docker/registry/v2/repositories/nginx-image
       oss://genekangshenzhen/dockers/docker/registry/v2/repositories/multipseq2
（2）目录挂载，OSS镜像路径在：oss://genekangshenzhen/v2/repositories/nginx-image-01/

通过yml挂载成功的情况：
docker push localhost:5000/nginx-image:v1
The push refers to repository [localhost:5000/nginx-image]
36c17e634752: Pushed
a8540037937b: Pushed
9b3a4aefa712: Pushed
d47e4d19ddec: Pushed
8e58314e4a4f: Pushed
ed94af62a494: Pushed
875b5b50454b: Pushed
63b5f2c0d071: Pushed
d000633a5681: Pushed
v1: digest: sha256:e242f22dd1661c68238b5d084357ac1f74841d839801c98a26528a3181f98448 size: 2191