# 部署 docker-registry +ui , 使用 ansible 部署 docker 实例
docker registry 配置域名证书, 用户密码认证, 轻量 UI
shell 部署 docker-registry+ui https://www.cnblogs.com/elvi/p/13394449.html
- # 运行
- ansible-playbook docker-registry.YAML
- # 删除
- ansible-playbook docker-registry.YAML -t remove
- # 浏览器登录查看
registry 非本机, 设置 hosts 解析 ip hub.elvin.vip
实例使用域名证书 hub.elvin.vip
ansible-docker 模块参考官网
- #playbook 如下
- # docker-registry.YAML
- - name: registry
- hosts: localhost
- #变量
- vars:
- username: admin
- password: docker
- net_name: "registry-net"
- data_dir: "/data/docker/docker-registry"
- domain_name: "hub.elvin.vip"
- download_url: "http://files.elvin.vip/docker"
- tasks:
- ##########ansible 运行 docker 需安装 docker-py
- - name: "install python-pip"
- package:
- name:
- - "python-pip"
- state: present
- tags: py
- - name: pip install docker-py
- pip:
- name:
- - docker-py>=1.10.6
- - PyYAML>=5.3.0
- extra_args: -i https://mirrors.aliyun.com/pypi/simple
- tags: py
- ##########
- - name: Create user file
- shell: |
- mkdir -p {{ data_dir }}
- docker run --rm alivv/htpasswd {{ username }} {{ password }}>{{ data_dir }}/htpasswd
- changed_when: false
- - name: Download https certificate
- get_url:
- url: "{{ download_url }}/{{ item }}"
- dest: "{{ data_dir }}/{{ item }}"
- mode: 0644
- force: yes
- with_items:
- - "{{ domain_name }}_private.key"
- - "{{ domain_name }}_full_chain.pem"
- - name: Create network -> {{ net_name }}
- docker_network:
- name: "{{ net_name }}"
- driver_options:
- com.docker.network.bridge.name: "{{ net_name }}"
- ipam_options:
- subnet: '10.20.20.0/24'
- gateway: 10.20.20.1
- iprange: '10.20.20.0/24'
- ##########container
- - name: Create container registry-srv
- docker_container:
- name: registry-srv
- image: registry
- state: started
- restart: yes
- restart_policy: "unless-stopped"
- memory: 512M
- privileged: yes
- networks:
- - name: "{{ net_name }}"
- ipv4_address: 10.20.20.11
- aliases:
- - registry
- ports:
- - "443:443"
- volumes:
- - "/etc/localtime:/etc/localtime:ro"
- - "{{ data_dir }}:/var/lib/registry"
- env:
- REGISTRY_AUTH: "htpasswd"
- REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm"
- REGISTRY_AUTH_HTPASSWD_PATH: "/var/lib/registry/htpasswd"
- REGISTRY_HTTP_ADDR: "0.0.0.0:443"
- REGISTRY_STORAGE_DELETE_ENABLED: "true"
- REGISTRY_HTTP_TLS_KEY: "/var/lib/registry/{{ domain_name }}_private.key"
- REGISTRY_HTTP_TLS_CERTIFICATE: "/var/lib/registry/{{ domain_name }}_full_chain.pem"
- - name: Create container registry-ui
- docker_container:
- name: registry-ui
- image: joxit/docker-registry-ui:1.3-static
- state: started
- restart: yes
- restart_policy: unless-stopped
- memory: 64M
- networks:
- - name: "{{ net_name }}"
- ipv4_address: 10.20.20.12
- ports:
- - "80:80"
- volumes:
- - "/etc/localtime:/etc/localtime:ro"
- env:
- REGISTRY_URL: "https://registry:443"
- PULL_URL: "{{ domain_name }}"
- DELETE_IMAGES: "true"
- REGISTRY_TITLE: "Docker registry"
- ##########remove
- - name: Delete container
- docker_container:
- name: "{{ item }}"
- state: absent
- force_kill: yes
- with_items:
- - "registry-ui"
- - "registry-srv"
- tags: never,remove
- - name: Delete network -> {{ net_name }}
- docker_network:
- name: "{{ net_name }}"
- state: absent
- force: yes
- tags: never,remove
来源: http://www.bubuko.com/infodetail-3649954.html