First, a brief introduction
It has been introduced, can be used Docker Hub public warehouse, but in most cases companies need to create a local repository for your own use. Here are a few ways to build a private library
There are several benefits of private library
1, save bandwidth
2, can customize the system
3, safer
Second, I know of several methods
1, using the tools docker-registry official to configure the private library
Official mirror image, note that this tool is a mirror image, download and use the registry to start mirroring can be a docker examples
2, using Harbor-Registry, to build a private library
Harbor is a mirror for enterprise-class storage Docker Registry Service
Third, the private library is configured through the official docker-registry
1, environment
docker private library address: 192.168.216.51 web1
docker server address: 192.168.216.52 web2, using the private library server node to pull / push the mirror
2, topology
Note: This docker hub is private library
docker engine: front principle chapter has introduced a docker architecture running engine, but also Docker core module operation. It plays the role Docker container storage warehouse, and by way of the implementation of job management to manipulate these containers.
3, installation docker private warehouse
1) First install
Mode 1
You can also download rpm package
rpm package Address: https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
Here download the docker-ce-cli-19.03.2-3.el7.x86_64.rpm
To resolve dependencies, configure a local source
[root@web2 yum.repos.d]# mv Centos-7.repo ./backup/ [root@web2 yum.repos.d]# ll total 16 drwxr-xr-x. 2 root root 27 Sep 23 14:56 backup drwxr-xr-x. 2 root root 6 Sep 23 14:32 bakcup -rw-r--r--. 1 root root 65 Sep 23 14:53 docker-rpm.repo -rw-r--r--. 1 root root 664 Sep 23 12:54 epel-7.repo -rw-r--r--. 1 root root 951 Sep 23 12:54 epel.repo -rw-r--r--. 1 root root 1050 Sep 23 12:54 epel-testing.repo [root@web2 yum.repos.d]# cd /root/docker-rpm/
[root@web2 docker-rpm]# createrepo ./
yum install docker-ce -y
Mode 2
Ali configuration source, epel source which I do not have docker, so the configuration docker source Ali sources
Ali Source Address: https://mirrors.aliyun.com/docker-ce/linux/centos/
[root@web2 yum.repos.d]# cat docker-ce.repo [docker-ce-stable] name=Docker CE Stable - $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-stable-debuginfo] name=Docker CE Stable - Debuginfo $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/stable enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-stable-source] name=Docker CE Stable - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/stable enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-edge] name=Docker CE Edge - $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/edge enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-edge-debuginfo] name=Docker CE Edge - Debuginfo $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/edge enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-edge-source] name=Docker CE Edge - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/edge enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-test] name=Docker CE Test - $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/test enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-test-debuginfo] name=Docker CE Test - Debuginfo $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/test enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-test-source] name=Docker CE Test - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/test enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-nightly] name=Docker CE Nightly - $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/nightly enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-nightly-debuginfo] name=Docker CE Nightly - Debuginfo $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/nightly enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-nightly-source] name=Docker CE Nightly - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/nightly enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [root@web2 yum.repos.d]#
yum install dockre-ce -y
2) open the firewall
systemctl start firewalld.service
3) open private warehouse server
systemctl start docker
systemctl enable docker
Ensure that both points are installed docker, and start
4, pull or private warehouse server load registry
1, the direct pull
[root@web1 yum.repos.d]# docker pull registry Using default tag: latest Trying to pull repository docker.io/library/registry ... latest: Pulling from docker.io/library/registry Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146 Status: Image is up to date for docker.io/registry:latest [root@web1 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE zxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MB zxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MB docker.io/atlassian/jira-software latest c4b90dede4f3 5 weeks ago 624 MB zxg/my_nginx v1 b164f4c07c64 8 weeks ago 126 MB zxg/my_nginx latest f07837869dfc 8 weeks ago 126 MB docker.io/nginx latest e445ab08b2be 2 months ago 126 MB docker.io/alpine latest b7b28af77ffe 2 months ago 5.58 MB docker.io/centos latest 9f38484d220f 6 months ago 202 MB docker.io/registry latest f32a97de94e1 6 months ago 25.8 MB [root@web1 yum.repos.d]#
Method 2, registry.tar download package and can be introduced,
docker load -i registry.tar
5, the database server private pull a random image, and lay the tab
docker pull busybox
docker tag docker.io/busybox:latest 192.168.216.51:5000/busybox:latest
Lay the label is marked red line below
[root@web1 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE zxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MB 192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB busybox v1 19485c79a9bb 3 weeks ago 1.22 MB docker.io/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB zxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MB
6, modify the configuration file, specify the private library url
You need to install docker-common, there is no installation check
[root@web1 yum.repos.d]# rpm -qf /etc/sysconfig/docker docker-common-1.13.1-96.gitb2f74b2.el7.centos.x86_64 [root@web1 yum.repos.d]#
Profile adds --insecure-registry 192.168.216.51:5000
[root@web1 yum.repos.d]# cat /etc/sysconfig/docker # /etc/sysconfig/docker # # Modify these options if you want to change the way the docker daemon runs OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000' if [ -z "${DOCKER_CERT_PATH}" ]; then DOCKER_CERT_PATH=/etc/dockerd fi
7, restart docker
[root@web1 yum.repos.d]# systemctl restart docker
8, start private warehouse, using the registry to run a mirror can be a docker
[root@web1 yum.repos.d]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry
###-v 指定本地持久路径
27d56aa54e167c26c76e25136b247072883aa29dde247f20c45f97fafedb650b [root@web1 yum.repos.d]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 27d56aa54e16 registry "/entrypoint.sh /e..." About a minute ago Up 58 seconds 0.0.0.0:5000->5000/tcp frosty_ptolemy [root@web1 yum.repos.d]# netstat -antlop |grep 5000 tcp6 0 0 :::5000 :::* LISTEN 27767/docker-proxy- off (0.00/0/0) [root@web1 yum.repos.d]# netstat -antup |grep 5000 tcp6 0 0 :::5000 :::* LISTEN 27767/docker-proxy- [root@web1 yum.repos.d]#
[root @ web1 yum .repos.d] # LS / opt / Registry
### directory has been created automatically
9, the machine uploads the mirror, used after successful tree view
docker push 192.168.216.51:5000/busybox
[root@web1 ~]# tree /opt/registry/docker/registry/ /opt/registry/docker/registry/ └── v2 ├── blobs │ └── sha256 │ ├── 19 │ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── data │ ├── 7c │ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ │ └── data │ └── dd │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── data └── repositories └── busybox ├── _layers │ └── sha256 │ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── link │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── tags │ └── latest │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── link └── _uploads 26 directories, 8 files [root@web1 ~]#
10, a node 52 to download image busybox
I have installed here docker, do not demonstrate how to install docker, here are in accordance with the principle of articles before installation, see the following links:
Please refer to the installation docker: Docker1 architecture principles and simple to use
### modify the configuration file to add "--insecure-registry unsafe registered"
[root @ web2 ~] # CAT / etc / sysconfig / Docker | grep 5000 the OPTIONS = ' --selinux-Enabled --log-Driver = journald = the Verification to false---signature --insecure-192.168.216.51:5000 Registry ' ### pulling mirror
[web2 the root @ ~] # Docker pull 192.168 . 216.51 : 5000 / busybox the Using default Tag: Latest the Trying to pull Repository 192.168 . 216.51 : 5000 / busybox ... Latest: Pulling from 192.168 . 216.51:5000/busybox 7c9d20b9b6cd: Pull complete Digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 Status: Downloaded newer image for 192.168.216.51:5000/busybox:latest ###查看镜像
[root@web2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB
###运行实例-成功
[root@web2 ~]# docker run 192.168.216.51:5000/busybox echo "1111"
1111
[root@web2 ~]#
### create a mirror link and name
[root @ web2 ~] # Docker Tag 192.168.216.51:5000/busybox busybox: v1
### Removing a Mirror
[root @ web2 ~] # docker rmi 192.168.216.51:5000/busybox
[root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
The new instance of ### runs
[root@web2 ~]# docker run busybox:v1 echo 222
222
There, we've completed the private party library building method, but should upload a new version of the test:
[root@web2 ~]# docker tag busybox:v1 192.168.216.51:5000/busybox:v1 [root@web2 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@web2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MB busybox v1 19485c79a9bb 3 weeks ago 1.22 MB [root@web2 ~]# docker push 192.168.216.51:5000/busybox The push refers to a repository [192.168.216.51:5000/busybox] 6c0ea40aef9d: Layer already exists v1: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527 [root@web2 ~]#
11, back to 51 node test to see if any new version uploaded onto
In the 51 nodes on a tree view command, you can see v1 version
[root@web1 ~]# tree /opt/registry/docker/registry/ /opt/registry/docker/registry/ └── v2 ├── blobs │ └── sha256 │ ├── 19 │ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── data │ ├── 7c │ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ │ └── data │ └── dd │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── data └── repositories └── busybox ├── _layers │ └── sha256 │ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── link │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── tags │ ├── latest │ │ ├── current │ │ │ └── link │ │ └── index │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── v1 │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── link └── _uploads
Fourth, we summarize the steps of a private warehouse
Before configuring firewall and selinux can put all closed
1, the installation docker
2, modify the configuration file two nodes, there are two ways :( note !!! )
1), add parameters to the / etc / sysconfig / docker file
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.216.51:5000'
2), you can also add this line to the startup parameters in, / usr / lib / systemd / system / docker.service
ExecStart=/usr/bin/dockerd-current --insecure-registry 192.168.216.51:5000
Note: The new version has no / etc / sysconfig / docker configuration files, so can be integrated into the startup parameters /usr/lib/systemd/system/docker.service
3, pulling registry mirror
4, Run registry mirror port 5000 and maps
5, playing tag image upload and download complete
Fifth, with the authorization of the registry
Note: This is to create a password authentication instead of certificate authentication
1. Create a directory authorization
mkdir /auth
2, the image creation htpasswd registry using an encrypted file encrypted password wherein
Create a user name: zxg, 123456, and encryption
docker run --entrypoint htpasswd registry -Bbn zxg 123456 >/auth/htpasswd
You can see the encrypted password 123456
[root@web1 auth]# cat htpasswd zxg:$2y$05$qCY7iWVJIoOrnIp17WQOf.fcXUTo5xm4DwP3a/8ggzZlEZ3bsnonm
Comment:
--entrypoint: a docker instruction for the default entry is given container after start
3, the mirror starting with parameters
[root@web1 /]# docker run -d -p 5000:5000 --restart=always --name registry1 \
> -v /opt/registry:/var/lib/registry
> -v /auth:/auth
> -e "REGISTRY_AUTH=htpasswd"
> -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm"
> -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
> registry 37f0ce01ea327e6cd62798e0df683d5d2a4317c3fd865c0f1e19b654f052fe66
4,52 node creates busybox v2 upload notes, the first landing, and then upload
[root@web2 ~]# docker login 192.168.216.51:5000 Username: zxg Password: Login Succeeded [root@web2 ~]# docker tag busybox:v2 192.168.216.51:5000/busybox:v2 busybox v2 19485c79a9bb 3 weeks ago 1.22 MB [root@web2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MB 192.168.216.51:5000/busybox v2 19485c79a9bb 3 weeks ago 1.22 MB busybox v1 19485c79a9bb 3 weeks ago 1.22 MB busybox v2 19485c79a9bb 3 weeks ago 1.22 MB [root@web2 ~]# docker push 192.168.216.51:5000/busybox:v2 The push refers to a repository [192.168.216.51:5000/busybox] 6c0ea40aef9d: Pushed v2: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527 [root@web2 ~]#
5, back to 51 to confirm whether a successful upload
[root@web1 auth]# tree /opt/registry/docker/registry/v2/ /opt/registry/docker/registry/v2/ ├── blobs │ └── sha256 │ ├── 19 │ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── data │ ├── 7c │ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ │ └── data │ └── dd │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── data └── repositories └── busybox ├── _layers │ └── sha256 │ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d │ │ └── link │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── tags │ ├── latest │ │ ├── current │ │ │ └── link │ │ └── index │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ ├── v1 │ │ ├── current │ │ │ └── link │ │ └── index │ │ └── sha256 │ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ │ └── link │ └── v2 │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 │ └── link └── _uploads 35 directories, 12 files
We can see already v2 version is successful, the next will introduce Harbor-Registry manner.
Please indicate the source: https://www.cnblogs.com/zhangxingeng/p/11558782.html