利用 Docker Distribution 搭建私有的 Docker Registry
1、拓扑
2、Docker Registry
[root@Tang-1 ~]# ipinfo
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.141.209 netmask 255.255.255.0 broadcast 172.16.141.255
2.1 安装 docker-distribution
[root@Tang-1 ~]# yum -y install docker-distribution
[root@Tang-1 ~]# yum info docker-distribution # 安装 docker-distribution
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.huaweicloud.com
* extras: mirrors.huaweicloud.com
* updates: mirrors.aliyun.com
Installed Packages
Name : docker-distribution
Arch : x86_64
Version : 2.6.2
Release : 2.git48294d9.el7
Size : 12 M
Repo : installed
From repo : extras
Summary : Docker toolset to pack, ship, store, and deliver content
URL : https://github.com/docker/distribution
License : ASL 2.0
Description : Docker toolset to pack, ship, store, and deliver content
[root@Tang-1 ~]# rpm -ql docker-distribution
/etc/docker-distribution/registry/config.yml
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry
2.2 启动 docker-distribution
[root@Tang-1 ~]# systemctl start docker-distribution.service
[root@Tang-1 ~]# ss -tnl # 查看端口是否启动成功
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::5000 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
2.3 查看 docker-distribution 配置文件
[root@Tang-1 ~]# cat /etc/docker-distribution/registry/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
3、Docker-1 上传镜像
[root@Tang ~]# ipinfo
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.141.252 netmask 255.255.255.0 broadcast 172.16.141.255
3.1 修改 Docker Daemon 文件
Docker 上传下载默认只支持 https 协议,搭建的私有仓库是 http 协议,需要对 Docker Daemon 进行修改,添加 insecure-registries ,地址为 Docker Registry IP + 端口号。
[root@Tang ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com","https://pz9**4bz.mirror.aliyuncs.com"],
"insecure-registries": ["172.16.141.209:5000"]
}
3.2 重启 Docker
[root@Tang ~]# systemctl restart docker
3.3 对镜像打 tag ,需要按照指定格式进行打 tag
[root@Tang ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 5e35e350aded 13 days ago 203MB
busybox latest 020584afccce 3 weeks ago 1.22MB
[root@Tang ~]# docker image tag busybox:latest 172.16.141.209:5000/busybox:latest
[root@Tang ~]# docker image tag centos:7 172.16.141.209:5000/centos:7
[root@Tang ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.141.209:5000/centos 7 5e35e350aded 13 days ago 203MB
centos 7 5e35e350aded 13 days ago 203MB
172.16.141.209:5000/busybox latest 020584afccce 3 weeks ago 1.22MB
busybox latest 020584afccce 3 weeks ago 1.22MB
3.4 对打完 tag 的镜像进行上传
[root@Tang ~]# docker image push 172.16.141.209:5000/busybox:latest
The push refers to repository [172.16.141.209:5000/busybox]
1da8e4c8d307: Pushed
latest: digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1 size: 527
[root@Tang ~]# docker image push 172.16.141.209:5000/centos:7
The push refers to repository [172.16.141.209:5000/centos]
77b174a6a187: Layer already exists
7: digest: sha256:285bc3161133ec01d8ca8680cd746eecbfdbc1faa6313bd863151c4b26d7e5a5 size: 529
3.5 在 Docker Registry 上查看
[root@Tang-1 ~]# tree /var/lib/registry #在这里可以看到所上传的镜像
/var/lib/registry
└── docker
└── registry
└── v2
├── blobs
│ ... ...
└── repositories
├── busybox # 镜像名称
... ...
└── centos # 镜像名称
... ...
50 directories, 16 files
4、Docker-2 下载镜像
[root@Tang-2 ~]# ipinfo
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.141.253 netmask 255.255.255.0 broadcast 172.16.141.255
4.1 修改 Docker Daemon 文件
[root@Tang-2 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com","https://pz9et4bz.mirror.aliyuncs.com"],
"insecure-registries": ["172.16.141.209:5000"]
}
4.2 启动 Docker ,并查看 Docker Info
注意 Insecure Registries ,是否已经包含此实验中的 Docker Registry 。
[root@Tang-2 ~]# systemctl start docker
[root@Tang-2 ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.5
... ...
Insecure Registries: # Insecure Registries 名称
172.16.141.209:5000
127.0.0.0/8
Registry Mirrors:
https://registry.docker-cn.com/
https://pz9**4bz.mirror.aliyuncs.com/
Live Restore Enabled: false
4.3 下载 Docker Image ,能够成功下载
[root@Tang-2 ~]# docker image pull 172.16.141.209:5000/centos:7
7: Pulling from centos
ab5ef0e58194: Pull complete
Digest: sha256:285bc3161133ec01d8ca8680cd746eecbfdbc1faa6313bd863151c4b26d7e5a5
Status: Downloaded newer image for 172.16.141.209:5000/centos:7
172.16.141.209:5000/centos:7
[root@Tang-2 ~]# docker image pull 172.16.141.209:5000/busybox:latest
latest: Pulling from busybox
0f8c40e1270f: Pull complete
Digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1
Status: Downloaded newer image for 172.16.141.209:5000/busybox:latest
172.16.141.209:5000/busybox:latest
[root@Tang-2 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.141.209:5000/centos 7 5e35e350aded 13 days ago 203MB
172.16.141.209:5000/busybox latest 020584afccce 3 weeks ago 1.22MB
4.4 为方便使用,可以重新打 tag
[root@Tang-2 ~]# docker image tag 172.16.141.209:5000/centos:7 centos:7
[root@Tang-2 ~]# docker image tag 172.16.141.209:5000/busybox:latest busybox:latest
[root@Tang-2 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.141.209:5000/centos 7 5e35e350aded 13 days ago 203MB
centos 7 5e35e350aded 13 days ago 203MB
172.16.141.209:5000/busybox latest 020584afccce 3 weeks ago 1.22MB
busybox latest 020584afccce 3 weeks ago 1.22MB