在RHEL 7上如何搭建本地私有的docker registry

通常我們都是從docker.io的官方registry上獲取docker image，每次都需要下載。爲了快速獲得image，最好的辦法是搭建一個本地的私有registry，把所有需要的image都放在這個私有的registry裏。任何客戶端如何需要docker image，直接從這個本地registry裏獲取即可。

搭建方法如下：

1. 安裝並啓動docker和docker-registry服務：

# yum install docker docker-registry
# systemctl enable docker
# systemctl start docker
# systemctl enable docker-registry
# systemctl start docker-registry

2. docker-registry服務啓動後，會監聽5000端口，用如下命令檢測docker-registry是否接受請求：

# curl localhost:5000
"\"docker-registry server\""

3. 從docker.io下載一個測試用image，推薦cirros，因爲比較小

# docker pull cirros
# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
docker.io/cirros            latest              64a920f75037        5 hours ago         7.731 MB

4. 修改docker的默認啓動配置文件/usr/lib/systemd/system/docker.service，在"ExecStart="的最後增加"--insecure-registry $local_ip:5000"一行，這裏的local_ip就是本機的IP地址，比如192.168.100.9

[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/docker daemon $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY \
          --insecure-registry 192.168.100.9:5000

然後重啓docker服務：

# systemctl daemon-reload
# systemctl restart docker

5. 對cirros image重新tag（標記），然後上傳(push)到本地的registry裏

# docker tag 64a920f75037 192.168.100.9:5000/cirros
# docker push 192.168.100.9:5000/cirros

默認的registry repository路徑是/var/lib/docker-registry/repositories/，可以通過tree命令檢查上傳是否成功：

# tree /var/lib/docker-registry/repositories/
/var/lib/docker-registry/repositories/
└── library
    └── cirros
        ├── _index_images
        ├── json
        ├── tag_latest
        └── taglatest_json

6. 找一個客戶端，安裝docker後，需要修改docker的默認啓動配置文件/usr/lib/systemd/system/docker.service，在"ExecStart="的最後增加"--insecure-registry $registry_ip:5000"一行，這裏的registry_ip就是之前配置的本地registry server的IP地址192.168.100.9

[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/docker daemon $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY \
          --insecure-registry 192.168.100.9:5000

7. 啓動docker服務後，從之前配置的registry server上獲取image

# systemctl daemon-reload
# systemctl restart docker

# docker pull 192.168.100.9:5000/cirros
# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
192.168.100.9:5000/cirros   latest              64a920f75037        5 hours ago         7.731 MB

然後就可以用這個image來創建容器了。如果覺得名字太長，不方便使用，可以重新tag一個image，然後把舊的刪掉，如下：

# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
192.168.100.9:5000/cirros   latest              64a920f75037        5 hours ago         7.731 MB

# docker tag 64a920f75037 cirros

# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
cirros                      latest              64a920f75037        5 hours ago         7.731 MB
192.168.100.9:5000/cirros   latest              64a920f75037        5 hours ago         7.731 MB

# docker rmi 192.168.100.9:5000/cirros
Untagged: 192.168.100.9:5000/cirros:latest

# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
cirros              latest              64a920f75037        5 hours ago         7.731 MB