Preparing the Environment
system:
Two host, are docker private library server (IP 192.168.121.121) and user-developed machine (IP 192.168.121.122), image development machine pulling from a private database server.
--------------------------------------------------------------------------------
1, the configuration and installation software source docker
Two hosts install docker
yum install docker-ce
2, build private image warehouse
Landing a private library server
Create a docker management account and password
useradd dkuser
passwd dkuser
The account is enrolled docker group, this step is to use an ordinary account management docker, instead of using the sudo command
usermod -G docker dkuser
Configuring sudo permissions for the account
visudo
Add the following line
dkuser ALL=(ALL) NOPASSWD:ALL
Switching Accounts
are dkuser
Start docker Service
sudo systemctl start docker
You can set up a local private warehouse by mirroring the official registry, so pulling official image
docker pull registry
Create a directory mirroring and docker profile
sudo mkdir /data/docker
Create a profile, storage configuration delete = true configuration items, in order to allow to remove the mirror. The default image is not of this parameter
south you /data/docker/config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
Run registry container
docker run -d -p 5000:5000 -v /data/docker/registry:/var/lib/registry -v /data/docker/config.yml:/etc/docker/registry/config.yml --restart always --name registry registry
Description:
-d -p 5000: 5000 port mapping
-v / data / docker / registry: / var / lib / registry By default, the lower will be stored in the container warehouse / var / lib / registry directory, specify the directory mounted to container
--restart always quit when the container is always reboot container, mainly used in the production environment,
specify the name of the vessel --name registry
View container
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
071105c54db3 registry "/entrypoint.sh /etc…" 3 minutes ago Up About a minute 0.0.0.0:5000->5000/tcp registry
3, the local mirror uploaded to a private warehouse
on a private database server
Here to busybox mirror, for example, because the relatively small
First, the image is downloaded to the local
docker pull busybox
Mirrored tagging
docker tag busybox 192.168.121.121:5000/busybox
View Mirror
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.121.121:5000/busybox latest db8ee88ad75f 7 hours ago 1.22MB
busybox latest db8ee88ad75f 7 hours ago 1.22MB
Edit the configuration file, add configuration in order to be able to upload the image locally.
south you /usr/lib/systemd/system/docker.service
Add ExecStart = / usr / bin / dockerd behind
--insecure-registry 192.168.121.121:5000
Restart docker Service
sudo systemctl daemon-reload
sudo systemctl restart docker
Push mirrored to a private library
docker push 192.168.121.121:5000/busybox
The push refers to repository [192.168.121.121:5000/busybox]
0d315111b484: Pushed
latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527
Error to solve:
docker push 192.168.121.121:5000/busybox
The push refers to repository [192.168.121.121:5000/busybox]
Get https://192.168.121.121:5000/v2/: http: server gave HTTP response to HTTPS client
Because after the Docker from 1.3.X, interact with docker registry is used by default https, however, to build a private warehouse here provide only http services, so when interacting with the private warehouse will report the above error. To solve this problem need to increase the startup parameters when starting docker server using http as the default access
south you /usr/lib/systemd/system/docker.service
ExecStart = / usr / bin / dockerd behind Add
--insecure-registry 192.168.121.121:5000
4, the development machine image loaded from a private library
The same also need to add configuration
we /usr/lib/systemd/system/docker.service
ExecStart = / usr / bin / dockerd behind Add
--insecure-registry 192.168.121.121:5000
Start docker Service
systemctl start docker
Loading image from a private library
docker pull 192.168.121.121:5000/busybox
Using default tag: latest
latest: Pulling from busybox
ee153a04d683: Pull complete
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Downloaded newer image for 192.168.121.121:5000/busybox:latest
View Mirror
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.121.121:5000/busybox latest db8ee88ad75f 7 hours ago 1.22MB
5, remove the mirror
on the private library server
Corresponding reference command:
# query image
curl <warehouse address> / v2 / _catalog
# Query image tag (version)
curl <warehouse address> / v2 / <image name> / tags / list
# Query image digest_hash
curl --header "the Accept: the Application / vnd.docker.distribution.manifest.v2 + json" the -I -XGET <warehouse address> / v2 / <image name> / manifests / <tag>
# Remove the mirror API
curl -X DELETE the -I "<warehouse address> / v2 / <image name> / manifests / <Mirror digest_hash>"
Execute the following command at the server
query image
curl -XGET http://192.168.121.121:5000/v2/_catalog
{"repositories":["busybox"]}
Query mirror tag
curl http://192.168.121.121:5000/v2/busybox/tags/list
{"name":"busybox","tags":["latest"]}
Query mirror digest_hash, delete command to fill the inside mirror digest_hash is to query inside Docker-Content-Digest Result: The content behind
curl --header "Accept:application/vnd.docker.distribution.manifest.v2+json" -I -XGET http://192.168.121.121:5000/v2/busybox/manifests/latest
HTTP/1.1 200 OK
Content-Length: 527
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649"
X-Content-Type-Options: nosniff
Date: Fri, 19 Jul 2019 06:09:44 GMT
To delete a private library Mirror
curl -I -XDELETE http://192.168.121.121:5000/v2/busybox/manifests/sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
HTTP/1.1 202 Accepted
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Fri, 19 Jul 2019 06:10:56 GMT
Content-Length: 0
View mirror to see the mirror image of the label information may be displayed as empty null
curl http://192.168.121.121:5000/v2/busybox/tags/list
{"name":"busybox","tags":null}
Here though deleted, but in fact address the hard drive has not been released, because docker delete p_w_picpath just deleted p_w_picpath metadata information. Layer data is not deleted. Now enter the registry in garbage collection.
Container into the registry
docker exec -it 071105c54db3 /bin/sh
/ # cd /var/lib/registry/
Check image size
/ var / lib / Registry # you -SCH
756.0K.
756.0K total
Implementation of a recovery command
/var/lib/registry # registry garbage-collect /etc/docker/registry/config.yml
busybox
0 blobs marked, 3 blobs and 0 manifests eligible for deletion
blob eligible for deletion: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/89/895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 go.version=go1.11.2 instance.id=7c37e39d-6ad1-4139-b9d1-592a900b0902 service=registry
blob eligible for deletion: sha256:db8ee88ad75f6bdc74663f4992a185e2722fa29573abcc1a19186cc5ec09dceb
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/db/db8ee88ad75f6bdc74663f4992a185e2722fa29573abcc1a19186cc5ec09dceb go.version=go1.11.2 instance.id=7c37e39d-6ad1-4139-b9d1-592a900b0902 service=registry
blob eligible for deletion: sha256:ee153a04d6837058642958836062f20badf39f558be3e6c7c7773ef7d8301d90
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/ee/ee153a04d6837058642958836062f20badf39f558be3e6c7c7773ef7d8301d90 go.version=go1.11.2 instance.id=7c37e39d-6ad1-4139-b9d1-592a900b0902 service=registry
Query again, find resources to implement successful recycling
/ var / lib / Registry # you -SCH
0th
0 total