说明: 本文中私有仓库的 ip 地址为 10.10.172.203:5000, 操作系统为 CentOS7.2; 服务端: 10.10.172.203/24
1, 从 Docker 官方仓库里下载 registry 镜像
# docker pull registry
2,docker images 命令查看本地镜像;
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest d1fd7d86a825 2 weeks ago 33.3MB
默认情况下, 会将私有仓库存放于容器内的 / tmp/registry 目录下, 这样如果容器被删除, 则存放于容器中的镜像也会丢失.
所以一般情况下会指定本地一个目录挂载到容器内的 / tmp/registry 下, 命令如下:
docker run -d -it --restart always --name docker-hub -p 5000:5000 -v /docker-hub/registry:/var/lib/registry registry
查看容器运行
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
048805afbcf1 registry "/entrypoint.sh /etc..." 11 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp docker-hub
由上可以看到, 已经启动了一个容器, 地址为: 10.10.172.203:5000.
3, 由于仓库与客户端的 https 问题, 需要修改 / usr/lib/systemd/system/docker.service 文件, 添加 ExecStart=/usr/bin/dockerd --registry-mirror=http://019a7061.m.daocloud.io --insecure-registry 10.10.172.203:5000
[root@docker ~]# cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --storage-driver=devicemapper --storage-opt=dm.thinpooldev=/dev/mapper/docker-thinpool --storage-opt dm.use_deferred_removal=true --registry-mirror=http://019a7061.m.daocloud.io --insecure-registry 10.10.172.203:5000
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
[root@docker ~]#
或者
[root@docker ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["http://df98fb04.m.daocloud.io"],
"insecure-registries":["10.10.172.203:5000"]
}
[root@docker ~]#
重新加载 docker 服务
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker
注: 因为 Docker 从 1.3.X 之后, 与 docker registry 交互默认使用的是 https, 然而此处搭建的私有仓库只提供 http 服务, 所以当与私有仓库交互时就会报上面的错误.
为了解决这个问题需要在启动 docker server 时增加启动参数为默认使用 http 访问.
需要在 docker 的配置文件 / etc/sysconfig/docker (ubuntu 系统中的 docker 配置文件时 / etc/default/docker ) 添加参数 "--insecure-registry=10.10.172.203:5000".
温馨提示:
这个是在客户机的 docker 配置文件里添加的 (即上传镜像到私有仓库里或从私有仓库下载镜像的客户机).
4, 重新启动 docker.(如果是在虚拟机中运行, 重启一下虚拟机, 要不然还是使用其他机器访问此仓库还是会有 https 的问题)
# systemctl restart docker
5,docker tag 将镜像打 tag, 语法格式如下
docker tag <image_name> <registry_ip>:5000/<image_name>:<version>
# docker tag centos:latest 10.10.172.203:5000/centos7 // 修改了 tag 后的镜像若要删除, docker rmi 后面不能用镜像 ID 了, 需要用 docker rmi 10.10.172.203:5000/centos7:latest
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest d1fd7d86a825 3 weeks ago 33.3MB
10.10.172.203:5000/centos7 latest ff426288ea90 3 weeks ago 207MB
centos latest ff426288ea90 3 weeks ago 207MB
6, 镜像的上传与下载, 语法格式如下
docker push <registry_ip>:5000/<image_name>:<version>; 上传镜像至私有仓库
docker pull <registry_ip>:5000/<image_name>:<version>; 从私有仓库 pull 镜像
# docker push 10.10.172.203:5000/centos7
[root@docker ~]# docker push 10.10.172.203:5000/centos7
The push refers to repository [10.10.172.203:5000/centos7]
e15afa4858b6: Pushed
latest: digest: sha256:7e94d6055269edb455bcfb637292573117e4a8341e9b9abbc09b17d8aafe8fbe size: 529
[root@docker ~]#
7, 使用 curl 10.10.172.203:5000/v2/_catalog 查看仓库中的镜像情况
[root@docker ~]# curl 10.10.172.203 : 5000 / v2 / _catalog {
"repositories": ["centos7"]
} [root@docker ~]#
注意查看镜像方法 (docker pull registry:2.1.1):
# curl -XGET http://registry_ip:5000/v2/_catalog
# curl -XGET http://registry_ip:5000/v2/image_name/tags/list
客户端下载私有仓库镜像:
配置 docker 信任私有仓库地址 (http)
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["http://df98fb04.m.daocloud.io"],
"insecure-registries":["10.10.172.203:5000"]
}
2. 查看客户端本机镜像列表
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest ff426288ea90 3 weeks ago 207MB
3. 从私有仓库下载 centos 镜像
[root@localhost ~]# docker pull 10.10.172.203:5000/centos7
Using default tag: latest
latest: Pulling from centos7
Digest: sha256:7e94d6055269edb455bcfb637292573117e4a8341e9b9abbc09b17d8aafe8fbe
Status: Downloaded newer image for 10.10.172.203:5000/centos7:latest
4. 再次查看客户端本机镜像列表
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.10.172.203:5000/centos7 latest ff426288ea90 3 weeks ago 207MB
centos latest ff426288ea90 3 weeks ago 207MB
[root@localhost ~]#
总结: 使用企业内部私有镜像仓库中的镜像, 大大节省了镜像下载的时间.
来源: http://www.bubuko.com/infodetail-2481745.html