原文:http://www.louisvv.com/archives/1130.html
創建私有倉庫
1.下載registry鏡像
[root@uat-app01 ~]# docker pull registry
查看image
[root@uat-app01 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest 177391bcf802 3 weeks ago 33.26 MB
下載完後,執行如下命令,啓動registry容器
docker run -d -p 5000:5000 --privileged=true -v /opt/registry:/var/lib/registry -v /opt/registry/config.yml:/etc/docker/registry/config.yml --name registry registry
注意:/opt/registry目錄不存在需要提前創建
參數說明:
-d 守住狀態後臺運行
-p 端口映射,端口號可自定義
-v 掛載本地目錄 /opt/registry:/var/lib/registry
默認情況下,會將倉庫存放於容器內的/var/lib/registry目錄下,指定本地目錄掛載到容器
–privileged=true
CentOS7中的安全模塊selinux把權限禁掉了,參數給容器加特權,不加上傳鏡像會報權限錯誤
(OSError: [Errno 13] Permission denied: ‘/tmp/registry/repositories/liibrary’)或者(Received unexpected HTTP status: 500 Internal Server Error)錯誤
-v 掛載本地配置文件 /opt/registry/config.yml:/etc/docker/registry/config.yml 這個配置文件在刪除私有倉庫時需要使用,文章後面會提到
該配置文件內容如下:
[root@uat-app01 registry]# cat /opt/registry/config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
–name指定容器名
下面要在客戶端向私有倉庫上傳鏡像,VV這裏使用的是hello-world的鏡像
修改/etc/sysconfig/docker配置文件
添加如下內容,如果不添加push的時候會報錯,https證書問題
OPTIONS=’–insecure-registry 192.168.1.40:5000’(IP地址及端口,可根據實際情況填寫)
修改配置文件後,重啓docker
[root@uat-app01 opt]# service docker restart
Redirecting to /bin/systemctl restart docker.service
修改docker tag,將原有的hello-world修改
[root@uat-app01 registry]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/hello-world latest f2a91732366c 5 weeks ago 1.848 kB
[root@uat-app01 registry]# docker tag docker.io/hello-world 192.168.1.40:5000/hello
[root@uat-app01 registry]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest 177391bcf802 3 weeks ago 33.26 MB
192.168.1.40:5000/hello latest f2a91732366c 5 weeks ago 1.848 kB
docker.io/hello-world latest f2a91732366c 5 weeks ago 1.848 kB
上傳鏡像:
[root@uat-app01 registry]# docker push 192.168.1.40:5000/hello
The push refers to a repository [192.168.1.40:5000/hello]
Put http://192.168.1.40:5000/v1/repositories/hello/: dial tcp 192.168.1.40:5000: getsockopt: connection refused
push的時候發生異常,連接被拒絕
原因:docker重啓後registry容器沒有運行
於是,重啓registry容器
[root@uat-app01 opt]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@uat-app01 opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bdd399396473 registry "/entrypoint.sh /etc/" 36 minutes ago Exited (2) 1 minutes ago 0.0.0.0:5000->5000/tcp registry
重啓退出的registry容器
[root@uat-app01 opt]# docker start registry
再次上傳鏡像到私有倉庫
[root@uat-app01 registry]# docker push 192.168.1.40:5000/hello
The push refers to a repository [192.168.1.40:5000/hello]
f999ae22f308: Pushed
latest: digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b size: 524
鏡像上傳成功
查看上傳的鏡像
[root@uat-app01 registry]# curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X
\ HEAD http://192.168.1.40:5000/v2/hello/manifests/latest
HTTP/1.1 200 OK
Content-Length: 524
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b"
X-Content-Type-Options: nosniff
Date: Tue, 26 Dec 2017 07:57:45 GMT
使用其它客戶端進行pull鏡像
注意:
使用其它客戶端下載鏡像時,也需要修改etc/sysconfig/docker配置文件
添加如下內容
OPTIONS=’–insecure-registry 192.168.1.40:5000′(IP地址及端口,可根據實際情況填寫)
修改後,重啓docker服務
pull剛剛上傳的hello鏡像,pull成功,說明私有倉庫配置完成。
[root@uat-ucs02 ~]# docker pull 192.168.1.40:5000/hello
Using default tag: latest
Trying to pull repository 192.168.1.40:5000/hello ...
latest: Pulling from 192.168.1.40:5000/hello
Digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b
下面就要說一下私有倉庫鏡像刪除的問題
起初,安裝私有倉庫的時候,並沒有思考到刪除鏡像的問題,當想要刪除上傳的鏡像時,鏡像刪不掉,很麻煩,就得重新弄私有倉庫
Docker倉庫在2.1版本中支持了刪除鏡像的API,但這個刪除操作只會刪除鏡像元數據,不會刪除層數據。在2.4版本中對這一問題進行了解決,增加了一個垃圾回收命令,刪除未被引用的層數據
先來查看剛纔成功上傳的hello鏡像信息,可以查得到
[root@uat-app01 registry]# curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X
\ HEAD http://192.168.1.40:5000/v2/hello/manifests/latest
HTTP/1.1 200 OK
Content-Length: 524
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b"
X-Content-Type-Options: nosniff
Date: Tue, 26 Dec 2017 07:57:45 GMT
[root@uat-ucs02 ~]# docker pull 192.168.1.40:5000/hello
Using default tag: latest
Trying to pull repository 192.168.1.40:5000/hello ...
latest: Pulling from 192.168.1.40:5000/hello
Digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b
下面我們要刪除該鏡像:
刪除鏡像的API如下:
DELETE /v2/<name>/manifests/<reference>
name:鏡像名稱
reference: 鏡像對應sha256值
示例:運行後,發現Accepted接收請求,說明刪除成功
[root@uat-app01 registry]# curl -v -X DELETE http://192.168.1.40:5000/v2/hello/manifests/sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b
* About to connect() to 192.168.1.40 port 5000 (#0)
* Trying 192.168.1.40...
* Connected to 192.168.1.40 (192.168.1.40) port 5000 (#0)
> DELETE /v2/hello/manifests/sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.1.40:5000
> Accept: */*
>
< HTTP/1.1 202 Accepted
< Docker-Distribution-Api-Version: registry/2.0
< X-Content-Type-Options: nosniff
< Date: Tue, 26 Dec 2017 07:58:56 GMT
< Content-Length: 0
< Content-Type: text/plain; charset=utf-8
<
* Connection #0 to host 192.168.1.40 left intact
再去查該鏡像時,提示not found
[root@uat-app01 registry]# docker pull 192.168.1.40:5000/hello
Using default tag: latest
Trying to pull repository 192.168.1.40:5000/hello ...
Pulling repository 192.168.1.40:5000/hello
Error: image hello:latest not found
但這只是刪除了元數據,鏡像數據並沒有刪除
如果鏡像過大,佔用磁盤空間過多,遺留的鏡像數據,會繼續佔用系統資源,於是要將垃圾數據刪除
進入到registry容器中
[root@uat-app01 registry]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bdd399396473 registry "/entrypoint.sh /etc/" 8 minutes ago Up 8 minutes 0.0.0.0:5000->5000/tcp registr
進入容器後,查看/var/lib/registry目錄大小
默認情況下,會將倉庫存放於容器內的/var/lib/registry目錄下
[root@uat-app01 registry]# docker exec -it registry sh
/var/lib # du -sh registry/
24.0K registry/
執行容器垃圾回收命令,這裏使用的配置文件爲開啓容器時掛載到容器中/etc/docker/registry目錄下的config.yml文件
/var/lib # registry garbage-collect /etc/docker/registry/config.yml
hello
0 blobs marked, 3 blobs eligible for deletion
blob eligible for deletion: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/80/8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b go.version=go1.7.6 instance.id=50ad6bf8-36ea-4eba-adf6-b78fc369c560
blob eligible for deletion: sha256:ca4f61b1923c10e9eb81228bd46bee1dfba02b9c7dac1844527a734752688ede
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/ca/ca4f61b1923c10e9eb81228bd46bee1dfba02b9c7dac1844527a734752688ede go.version=go1.7.6 instance.id=50ad6bf8-36ea-4eba-adf6-b78fc369c560
blob eligible for deletion: sha256:f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/f2/f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7 go.version=go1.7.6 instance.id=50ad6bf8-36ea-4eba-adf6-b78fc369c560
再次查看該目錄,發現文件夾變小,說明鏡像數據已刪除
/var/lib # du -sh registry/
12.0K registry/
鏡像數據刪除成功