一、简单介绍

  前面已经介绍,可以使用Docker Hub公共仓库,但是大多数情况企业都需要创建一个本地仓库供自己使用。这里介绍几种搭建私库的方法
  私库的好处有几点
    1、节约带宽
    2、可以自己定制系统
    3、更加安全

二、我知道的几种方法

  1、利用官方提供的工具docker-registry来配置私库

    官方提供的镜像,注意这个工具是个镜像,直接下载并使用registry镜像启动docker实例就可以了

  2、利用Harbor-Registry,来搭建私库

    Harbor是一个用于存储Docker镜像的企业级Registry服务

三、通过官方docker-registry来配置私库

  1、环境

    docker私库地址:192.168.216.51 web1
    docker服务器地址:192.168.216.52 web2,此节点使用私库服务器来pull/push镜像

  2、拓扑

Docker4-docker私库的搭建及常用方法-docker-registry方式 - 图1
    备注:这里docker hub 就是私库
       docker engine :前面原理篇有介绍 ,是docker架构中的运行引擎,同时也Docker运行的核心模块。它扮演Docker container存储仓库的角色,并且通过执行job的方式来操纵管理这些容器。

  3、安装docker私有仓库

    1)首先安装
      方式1
        也可以下载rpm包安装
          rpm包地址:https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
            这里下载的是docker-ce-cli-19.03.2-3.el7.x86_64.rpm
        为了解决依赖,配置本地源

[root@web2 yum.repos.d]# mv Centos-7.repo ./backup/
[root@web2 yum.repos.d]# ll
total 16
drwxr-xr-x. 2 root root 27 Sep 23 14:56 backup
drwxr-xr-x. 2 root root 6 Sep 23 14:32 bakcup
-rw-r—r—. 1 root root 65 Sep 23 14:53 docker-rpm.repo
-rw-r—r—. 1 root root 664 Sep 23 12:54 epel-7.repo
-rw-r—r—. 1 root root 951 Sep 23 12:54 epel.repo
-rw-r—r—. 1 root root 1050 Sep 23 12:54 epel-testing.repo
[root@web2 yum.repos.d]# cd /root/docker-rpm/
[root@web2 docker-rpm]# createrepo ./
       yum install docker-ce -y

      方式2
        配置阿里源,epel源里面我这里没有docker,所以配置阿里源的docker源
        阿里源地址:https://mirrors.aliyun.com/docker-ce/linux/centos/
Docker4-docker私库的搭建及常用方法-docker-registry方式 - 图2

View Code
        yum install dockre-ce -y

    2)开启防火墙
      systemctl start firewalld.service

    3)开启私有仓库服务端
      systemctl start docker
      systemctl enable docker
    确保两台几点都安装了docker,并启动

  4、私有仓库服务器拉取或load registry

    方法1、直接拉取

[root@web1 yum.repos.d]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry …
latest: Pulling from docker.io/library/registry
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Image is up to date for docker.io/registry:latest
[root@web1 yum.repos.d]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MB
zxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MB
docker.io/atlassian/jira-software latest c4b90dede4f3 5 weeks ago 624 MB
zxg/my_nginx v1 b164f4c07c64 8 weeks ago 126 MB
zxg/my_nginx latest f07837869dfc 8 weeks ago 126 MB
docker.io/nginx latest e445ab08b2be 2 months ago 126 MB
docker.io/alpine latest b7b28af77ffe 2 months ago 5.58 MB
docker.io/centos latest 9f38484d220f 6 months ago 202 MB
docker.io/registry latest f32a97de94e1 6 months ago 25.8 MB
[root@web1 yum.repos.d]#
    方法2、下载registry.tar包,然后导入即可、
      docker load -i registry.tar

  5、私库服务器随便拉取一个镜像,并且打好标签

docker pull busybox
docker tag docker.io/busybox:latest 192.168.216.51:5000/busybox:latest
     打好标签就是下面标红的行
[root@web1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zxg/nginx1 latest 3babdf3c6c6d 2 weeks ago 546 MB
192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB
busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
docker.io/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB
zxg/centos_nginx v1 7c6604cacec1 4 weeks ago 698 MB

  6、修改配置文件,指定私库url

    需要安装docker-common,检查一下有没有安装
[root@web1 yum.repos.d]# rpm -qf /etc/sysconfig/docker
docker-common-1.13.1-96.gitb2f74b2.el7.centos.x86_64
[root@web1 yum.repos.d]#
    配置文件添加—insecure-registry 192.168.216.51:5000
[root@web1 yum.repos.d]# cat /etc/sysconfig/docker
# /etc/sysconfig/docker
#
# Modify these options if you want to change the way the docker daemon runs
OPTIONS=’—selinux-enabled —log-driver=journald —signature-verification=false —insecure-registry 192.168.216.51:5000**’
if [ -z “${DOCKER_CERT_PATH}” ]; then
DOCKER_CERT_PATH=/etc/dockerd
fi

  7、重启docker

[root@web1 yum.repos.d]# systemctl restart docker

  8、启动私有仓库,使用registry镜像运行一个docker就可以了

[root@web1 yum.repos.d]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry
###-v 指定本地持久路径
27d56aa54e167c26c76e25136b247072883aa29dde247f20c45f97fafedb650b
[root@web1 yum.repos.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27d56aa54e16 registry “/entrypoint.sh /e…” About a minute ago Up 58 seconds 0.0.0.0:5000->5000/tcp frosty_ptolemy
[root@web1 yum.repos.d]# netstat -antlop |grep 5000
tcp6 0 0 :::5000 ::: LISTEN 27767/docker-proxy- off (0.00/0/0)
[root@web1 yum.repos.d]# netstat -antup |grep 5000
tcp6 0 0 :::5000 ::: LISTEN 27767/docker-proxy-
[root@web1 yum.repos.d]#
[root@web1 yum.repos.d]# ls /opt/registry
###目录已经自动创建

  9、本机上传镜像,成功后使用tree查看

docker push 192.168.216.51:5000/busybox
[root@web1 ~]# tree /opt/registry/docker/registry/
/opt/registry/docker/registry/
└── v2
├── blobs
│ └── sha256
│ ├── 19
│ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
│ │ └── data
│ ├── 7c
│ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│ │ └── data
│ └── dd
│ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ └── data
└── repositories
└── busybox
├── _layers
│ └── sha256
│ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
│ │ └── link
│ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│ └── link
├── _manifests
│ ├── revisions
│ │ └── sha256
│ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ │ └── link
│ └── tags
│ └── latest
│ ├── current
│ │ └── link
│ └── index
│ └── sha256
│ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ └── link
└── _uploads

26 directories, 8 files
[root@web1 ~]#

  10、使用52节点下载busybox镜像

    我这里已经装好docker,就不演示怎么安装docker,这里都是按照之前原理篇的安装方式,请见如下链接:
      安装docker请参考:Docker1 架构原理及简单使用

###修改配置文件添加”—insecure-registry不安全的注册”
[root@web2 ~]# cat /etc/sysconfig/docker |grep 5000
OPTIONS=’—selinux-enabled —log-driver=journald —signature-verification=false —insecure-registry 192.168.216.51:5000**
###拉取镜像
[root@web2 ~]# docker pull 192.168.216.51:5000/busybox
Using default tag: latest
Trying to pull repository 192.168.216.51:5000/busybox …
latest: Pulling from 192.168.216.51:5000/busybox
7c9d20b9b6cd: Pull complete
Digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
Status: Downloaded newer image for 192.168.216.51:5000/busybox:latest
###查看镜像
[root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.216.51:5000/busybox latest 19485c79a9bb 3 weeks ago 1.22 MB
###运行实例-成功
[root@web2 ~]# docker run 192.168.216.51:5000/busybox echo “1111”
1111
[root@web2 ~]#
###创建镜像链接并命名
[root@web2 ~]# docker tag 192.168.216.51:5000/busybox busybox:v1
###删除镜像
[root@web2 ~]# docker rmi 192.168.216.51:5000/busybox
[root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
###运行新的实例**

[root@web2 ~]# docker run busybox:v1 echo 222
222

  到这里已经完成了私库搭建方方法,不过应该在上传一个新版本测试:

[root@web2 ~]# docker tag busybox:v1 192.168.216.51:5000/busybox:v1
[root@web2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
[root@web2 ~]# docker push 192.168.216.51:5000/busybox
The push refers to a repository [192.168.216.51:5000/busybox]
6c0ea40aef9d: Layer already exists
v1: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527
[root@web2 ~]#

  11、回到51节点测试查看有没有新的版本上传上来

    在51节点,上用tree命令查看,可以看到v1版本
[root@web1 ~]# tree /opt/registry/docker/registry/
/opt/registry/docker/registry/
└── v2
├── blobs
│ └── sha256
│ ├── 19
│ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
│ │ └── data
│ ├── 7c
│ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│ │ └── data
│ └── dd
│ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ └── data
└── repositories
└── busybox
├── _layers
│ └── sha256
│ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
│ │ └── link
│ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│ └── link
├── _manifests
│ ├── revisions
│ │ └── sha256
│ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ │ └── link
│ └── tags
│ ├── latest
│ │ ├── current
│ │ │ └── link
│ │ └── index
│ │ └── sha256
│ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ │ └── link
│ └── v1
│ ├── current
│ │ └── link
│ └── index
│ └── sha256
│ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ └── link
└── _uploads

四、总结大家私有仓库的步骤

  配置前可以先把防火墙及selinux全部关闭

  1、安装docker

  2、修改配置文件两台节点一样,有两种方式:(注意!!!)

    1)、添加参数到/etc/sysconfig/docker文件
    OPTIONS=’—selinux-enabled —log-driver=journald —signature-verification=false —insecure-registry 192.168.216.51:5000’
    2)、还可以把这行添加到启动参数里,/usr/lib/systemd/system/docker.service
    ExecStart=/usr/bin/dockerd-current —insecure-registry 192.168.216.51:5000
   注意:新版本已经没有/etc/sysconfig/docker配置文件了,所以可以统一放到启动参数/usr/lib/systemd/system/docker.service

  3、拉取registry镜像

  4、运行registry镜像并映射5000端口

  5、打标签上传下载镜像完成

五、带授权的registry

    注意:这里是创建密码认证,而不是证书的认证

  1、创建授权目录

     mkdir /auth

  2、使用registry镜像生成 htpasswd加密文件其中加密了密码

    创建用户名:zxg,密码123456,并加密
docker run —entrypoint htpasswd registry -Bbn zxg 123456 >/auth/htpasswd
    可以看到密码123456已经加密了
[root@web1 auth]# cat htpasswd
zxg:$2y$05$qCY7iWVJIoOrnIp17WQOf.fcXUTo5xm4DwP3a/8ggzZlEZ3bsnonm
    注释:
        —entrypoint :是docker的一种指令,用于给出容器启动后默认入口

  3、启动带参数的镜像

[root@web1 /]# docker run -d -p 5000:5000 —restart=always —name registry1 \
> -v /opt/registry:/var/lib/registry
> -v /auth:/auth
> -e “REGISTRY_AUTH=htpasswd”
> -e REGISTRY_AUTH_HTPASSWD_REALM=”Registry Realm”
> -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
> registry
37f0ce01ea327e6cd62798e0df683d5d2a4317c3fd865c0f1e19b654f052fe66

  4、52节点创建busybox便签v2上传,先登陆,然后上传

[root@web2 ~]# docker login 192.168.216.51:5000
Username: zxg
Password:
Login Succeeded
[root@web2 ~]# docker tag busybox:v2 192.168.216.51:5000/busybox:v2
busybox v2 19485c79a9bb 3 weeks ago 1.22 MB

[root@web2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.216.51:5000/busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
192.168.216.51:5000/busybox v2 19485c79a9bb 3 weeks ago 1.22 MB
busybox v1 19485c79a9bb 3 weeks ago 1.22 MB
busybox v2 19485c79a9bb 3 weeks ago 1.22 MB

[root@web2 ~]# docker push 192.168.216.51:5000/busybox:v2
The push refers to a repository [192.168.216.51:5000/busybox]
6c0ea40aef9d: Pushed
v2: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527
[root@web2 ~]#

  5、回到51上确认是否上传成功

[root@web1 auth]# tree /opt/registry/docker/registry/v2/
/opt/registry/docker/registry/v2/
├── blobs
│ └── sha256
│ ├── 19
│ │ └── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
│ │ └── data
│ ├── 7c
│ │ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│ │ └── data
│ └── dd
│ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ └── data
└── repositories
└── busybox
├── _layers
│ └── sha256
│ ├── 19485c79a9bbdca205fce4f791efeaa2a103e23431434696cc54fdd939e9198d
│ │ └── link
│ └── 7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b
│ └── link
├── _manifests
│ ├── revisions
│ │ └── sha256
│ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ │ └── link
│ └── tags
│ ├── latest
│ │ ├── current
│ │ │ └── link
│ │ └── index
│ │ └── sha256
│ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ │ └── link
│ ├── v1
│ │ ├── current
│ │ │ └── link
│ │ └── index
│ │ └── sha256
│ │ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ │ └── link
└── v2
│ ├── current
│ │ └── link
│ └── index
│ └── sha256
│ └── dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
│ └── link
└── _uploads

35 directories, 12 files
    可以看到已经有v2版本,成功,下一篇将介绍Harbor-Registry的方式。