2. 科技
    3. Docker笔记 -- 本地Registry服务器

    Docker笔记 -- 本地Registry服务器

    科技2024-03-13  79
    主机清单 主机IPHOSTDocker Registry13.13.2.2registryDocker Client-113.13.3.3docker01Docker Client-213.13.4.4docker02 安装软件(all) [root@docker ~]# yum install yum-utils [root@docker ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo [root@docker ~]# dnf install docker-ce [root@docker ~]# 编写/etc/hosts(all) [root@registry ~]# vi /etc/hosts [root@registry ~]# tail -3 /etc/hosts 13.13.2.2 registry 13.13.3.3 docker01 13.13.4.4 docker02 [root@registry ~]# 搭建registry容器服务 编写registry服务启动文件(registry) [root@registry ~]# mkdir /etc/docker/registry/ [root@registry ~]# vi /etc/docker/registry/docker-compose.yml [root@registry ~]# cat /etc/docker/registry/docker-compose.yml registry: restart: always # 随Docker启动而启动 image: registry container_name: registry-daemon ports: - 5000:5000 environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_PATH: /etc/docker/registry/auth/htpasswd # 密码文件位置 REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm volumes: - /var/lib/registry:/var/lib/registry # 将容器registry目录同步至本地,防止容器损坏images丢失 - /etc/docker/registry/auth/:/etc/docker/registry/auth/ # !!!将密码文件拷贝至容器供其认证

    /etc/docker/registry/auth/:确认registry认证时的密码文件路径,否则会认证失败,如下:

    [root@registry ~]# cat /etc/docker/registry/docker-compose.yml .... - /etc/docker/registry/auth/:/auth/ [root@registry registry]# docker login registry:5000 Username: duser Password: Error response from daemon: login attempt to http://registry:5000/v2/ failed with status: 401 Unauthorized [root@registry registry]# docker container logs registry_registry_1 time="2020-10-07T03:41:34.891374071Z" level=warning msg="htpasswd is missing, provisioning with default user" go.version=go1.11.2 password="tKpELoAn_Pgll5pdqxLFKMPObiaARVTh5xIMKxqRbgQ" user=docker [root@registry registry]# docker container exec -it registry_registry_1 /bin/sh / # cat /etc/docker/registry/auth/htpasswd docker:tKpELoAn_Pgll5pdqxLFKMPObiaARVTh5xIMKxqRbgQ / # 生成密码文件(registry) [root@registry ~]# mkdir /etc/docker/registry/auth [root@registry ~]# dnf install httpd-tools [root@registry ~]# htpasswd -Bbn duser 123456 > /etc/docker/registry/auth/htpasswd [root@registry ~]# 启动registry服务(registry) [root@registry ~]# docker pull registry [root@registry ~]# curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose [root@registry ~]# chmod +x /usr/local/bin/docker-compose [root@registry ~]# cd /etc/docker/registry/ [root@registry registry]# docker-compose up -d Creating registry_registry_1 ... done [root@registry registry]# 开放防火墙端口(registry) [root@registry ~]# firewall-cmd --permanent --add-port=5000/tcp success [root@registry ~]# firewall-cmd --reload success [root@registry ~]# 暴露registry服务(all) [root@registry ~]# vi /etc/docker/daemon.json [root@registry ~]# cat /etc/docker/daemon.json { "insecure-registries":["registry:5000"] } [root@registry ~]# systemctl restart docker.service [root@registry ~]# 客户端Docker01模拟上传镜像 [root@docker01 ~]# docker pull busybox [root@docker01 ~]# docker tag busybox:latest registry:5000/busybox:latest [root@docker01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry:5000/busybox latest 6858809bf669 4 weeks ago 1.23MB busybox latest 6858809bf669 4 weeks ago 1.23MB [root@docker01 ~]# docker login registry:5000 Username: duser Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker01 ~]# docker push registry:5000/busybox:latest The push refers to repository [registry:5000/busybox] be8b8b42328a: Pushed latest: digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002 size: 527 [root@docker01 ~]# 客户端Docker02模拟下载镜像 [root@docker02 ~]# docker login registry:5000 [root@docker02 ~]# docker pull registry:5000/busybox:latest latest: Pulling from busybox df8698476c65: Pull complete Digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002 Status: Downloaded newer image for registry:5000/busybox:latest registry:5000/busybox:latest [root@docker02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry:5000/busybox latest 6858809bf669 4 weeks ago 1.23MB [root@docker02 ~]#
    Processed: 0.018, SQL: 8