hub.test.io : 192.168.11.10
node1: 192.168.11.20
node2: 192.168.11.30
時間同步(分別執行):
[root@hub ]# yum install -y ntpdate && ntpdate cn.pool.ntp.org [root@node1 ]# yum install -y ntpdate && ntpdate cn.pool.ntp.org [root@hub ]# crontab -l */5 * * * * ntpdate cn.pool.ntp.org
1.倉庫服務端設置 hub.test.io:
[root@hub ]# docker pull registry [root@hub ]# cat /etc/hosts //內網沒有DNS情況下修改hosts,修改主機名 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.11.10 hub.test.io
[root@hub ~]# hostname hub.test.io
說明:如果私有倉庫用的不是域名而是IP,請加上此設置:
# sed -i '/^\[ v3_ca \]$/a subjectAltName = IP:192.168.10.10' /etc/ssl/openssl.cnf
[root@hub ]# mkdir /opt/registry && cd /opt/registry [root@hub registry]# mkdir auth certs [root@hub registry]# docker run --entrypoint htpasswd registry:latest -Bbn username password > auth/htpasswd //自行更換用戶名密碼 [root@hub registry]# cat auth/htpasswd // 下面一行爲空,切記不要修改生成後的文件 admin:$2y$05$LSRMXpIbnvnj8ErzbRvKq.F04Qf3oajP7dFWQIjJBrFAoDXKM1I16 [root@hub registry]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/ca.key -x509 -days 365 -out certs/ca.crt Generating a 4096 bit RSA private key ........ ........ ....++writing new private key to 'certs/ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:hub.test.io //對應你的倉庫域名 Email Address []: [root@hub registry]# mkdir -p /etc/docker/certs.d/hub.test.io && cp auth/ca.crt /etc/docker/certs.d/hub.test.io [root@hub registry]# ls /etc/docker/certs.d/hub.test.io/ ca.crt [root@hub registry]# systemctl daemon-reload && systemctl restart docker [root@hub registry]# cat start.sh #!/bin/bash docker run -d \ -p 443:5000 \ --name registry \ --restart=always \ -v /var/lib/registry:/var/lib/registry \ -v `pwd`/config.yml:/etc/docker/registry/config.yml \ -v `pwd`/auth:/auth \ -e REGISTRY_AUTH=htpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ca.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/ca.key \ registry:latest [root@hub registry]# tree //最終的目錄結構 . ├── auth │ └── htpasswd ├── certs │ ├── ca.crt │ └── ca.key └── start.sh [root@hub registry]# docker login hub.test.io Username: admin Password: Login Succeeded [root@hub registry]# docker tag pause-amd64:3.0 hub.test.io/pause-amd64:3.0 [root@hub registry]# docker push hub.test.io/pause-amd64:3.0 The push refers to a repository [hub.test.io/pause-amd64] 5f70bf18a086: Pushed 41ff149e94f2: Pushed 3.0: digest: sha256:ec6581792f828ab138bc7ed65205dbd4d7df966249179b7afbb9f6cac729771b size: 939
客戶端:
[root@node1 ]# mkdir /etc/docker/certs.d/hub.test.io [root@node1 ]# scp hub.test.io:/etc/docker/certs.d/hub.test.io/ca.crt /etc/docker/certs.d/hub.test.io [root@node1 ]# docker login hub.test.io [root@node1 ]# docker pull hub.test.io/pause-amd64:3.0 3.0: Pulling from pause-amd64 a3ed95caeb02: Pull complete f11233434377: Pull complete Digest: sha256:ec6581792f828ab138bc7ed65205dbd4d7df966249179b7afbb9f6cac729771b Status: Downloaded newer image for hub.test.io/pause-amd64:3.0