创建文件系统用于registry
[root@ovm ~]# mkfs.btrfs -L var-lib-registry /dev/sdb2 btrfs-progs v4.2.2 See http://btrfs.wiki.kernel.org for more information. WARNING: The skinny-metadata mkfs default feature will work with the current kernel, but it is not compatible with older kernels supported on this OS. You can disable it with -O ^skinny-metadata option in mkfs.btrfs WARNING: The extref mkfs default feature will work with the current kernel, but it is not compatible with older kernels supported on this OS. You can disable it with -O ^extref option in mkfs.btrfs Label: var-lib-registry UUID: 9d9af263-9471-4be5-a069-82cda3af706c Node size: 16384 Sector size: 4096 Filesystem size: 30.00GiB Block group profiles: Data: single 8.00MiB Metadata: DUP 1.01GiB System: DUP 12.00MiB SSD detected: no Incompat features: extref, skinny-metadata Number of devices: 1 Devices: ID SIZE PATH 1 30.00GiB /dev/sdb2
挂载文件系统
[root@ovm ~]# blkid /dev/sdb2 /dev/sdb2: LABEL="var-lib-registry" UUID="9d9af263-9471-4be5-a069-82cda3af706c" UUID_SUB="28a8292a-024f-470a-9971-00581c3a069d" TYPE="btrfs" [root@ovm ~]# echo "LABEL=var-lib-registry /var/lib/registry btrfs defaults 1 2" >> /etc/fstab [root@ovm ~]# mkdir /var/lib/registry [root@ovm ~]# mount -a [root@ovm ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg_ohs2-lv_root 36G 9.3G 25G 28% / tmpfs 3.9G 72K 3.9G 1% /dev/shm /dev/sda1 477M 81M 367M 19% /boot /dev/sdb1 31G 17M 28G 1% /var/lib/docker /dev/sdb2 31G 17M 28G 1% /var/lib/registry [root@ovm ~]#
创建self-signed SSL certificate
[root@ovm ~]# mkdir -p /var/lib/registry/conf.d [root@ovm ~]# cd /var/lib/registry/conf.d [root@ovm conf.d]# ls -l total 0 [root@ovm conf.d]# openssl req -newkey rsa:4096 -nodes -sha256 -x509 -days 365 -keyout domain.key -out domain.crt Generating a 4096 bit RSA private key ...................................................................................++ ..................................................++ writing new private key to 'domain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:Massachusetts Locality Name (eg, city) [Default City]:Boston Organization Name (eg, company) [Default Company Ltd]:Oracle Com Organizational Unit Name (eg, section) []:DevOps Common Name (eg, your name or your server's hostname) []:ovm.ohsdba.cn Email Address []:ohsdba@qq.com [root@ovm conf.d]# ls -ltr total 8 -rw-r--r--. 1 root root 3272 Oct 7 09:20 domain.key -rw-r--r--. 1 root root 2130 Oct 7 09:20 domain.crt [root@ovm conf.d]# chmod 600 /var/lib/registry/conf.d/domain.key [root@ovm conf.d]# ls -ltr total 8 -rw-------. 1 root root 3272 Oct 7 09:20 domain.key -rw-r--r--. 1 root root 2130 Oct 7 09:20 domain.crt [root@ovm conf.d]#
创建Docker registry container
如果之前没有安装registry容器则会自动下载并启动一个registry容器,创建本地的私有仓库服务
docker run -d -p 5000:5000 --name registry --restart=always \ -v /var/lib/registry:/registry_data \ -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry_data \ -e REGISTRY_HTTP_TLS_KEY=/registry_data/conf.d/domain.key \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/registry_data/conf.d/domain.crt \ registry:latest [root@ovm ~]# docker run -d -p 5000:5000 --name registry --restart=always \ > -v /var/lib/registry:/registry_data \ > -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry_data \ > -e REGISTRY_HTTP_TLS_KEY=/registry_data/conf.d/domain.key \ > -e REGISTRY_HTTP_TLS_CERTIFICATE=/registry_data/conf.d/domain.crt \ > registry:latest Unable to find image 'registry:latest' locally latest: Pulling from library/registry c0cb142e4345: Pull complete a5002dfce871: Pull complete df53ce740974: Pull complete 9ce080a7bfae: Pull complete 517dc3530502: Pull complete Digest: sha256:1cfcd718fd8a49fec9ef16496940b962e30e3927012e851f99905db55f1f4199 Status: Downloaded newer image for registry:latest 3e1fa551684cbf2fe9d129566212ff339fe4772196d2861ca7338d1bf0318335 [root@ovm ~]# [root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3e1fa551684c registry:latest "/entrypoint.sh /etc/" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp registry [root@ovm ~]#
把Hub Docker上的image然后导入到本地的registry
先从Docker Hub上下载oraclelinux
[root@ovm ~]# docker pull oraclelinux:latest latest: Pulling from library/oraclelinux 41a53649c86f: Pull complete Digest: sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de Status: Downloaded newer image for oraclelinux:latest [root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE oraclelinux latest 3d62999fc909 8 days ago 219.5 MB registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]# [root@ovm ~]# docker tag oraclelinux:latest localhost:5000/ol7image:v1 [root@ovm ~]# [root@ovm ~]# docker push localhost:5000/ol7image:v1 The push refers to a repository [localhost:5000/ol7image] 9dec0800bdd4: Pushed v1: digest: sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de size: 529 [root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE localhost:5000/ol7image v1 3d62999fc909 8 days ago 219.5 MB oraclelinux latest 3d62999fc909 8 days ago 219.5 MB registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]#
使用curl查看registry中image信息
[root@ovm conf.d]# cat domain.crt >>/etc/pki/tls/certs/ca-bundle.crt 因为使用了https,使用curl,要先导入之前的认证信息到文件ca-bundle.crt [root@ovm ~]# curl https://ovm.ohsdba.cn:5000/v2/ {}[root@ovm ~]# [root@ovm ~]# curl https://ovm.ohsdba.cn:5000/v2/_catalog {"repositories":["ol7image"]} [root@ovm ~]# 也可以用浏览器登录查看 https://127.0.0.1:5000/v2/_catalog可以看到本地registry中有了push上去的镜像
删除当前的image(为了测试)
[root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE localhost:5000/ol7image v1 3d62999fc909 8 days ago 219.5 MB oraclelinux latest 3d62999fc909 8 days ago 219.5 MB registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]# docker rmi oraclelinux Untagged: oraclelinux:latest Untagged: oraclelinux@sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de [root@ovm ~]# docker rmi localhost:5000/ol7image:v1 Untagged: localhost:5000/ol7image:v1 Untagged: localhost:5000/ol7image@sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de Deleted: sha256:3d62999fc9091b809eb977d6636699f904f4d67a9b50b5b5640d42d07476f288 Deleted: sha256:9dec0800bdd491be3d1abb614617f4d45ff91a7e8a23f03e5fd44ee74f02720b [root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]#
从本地registry下载
[root@ovm ~]# docker pull 127.0.0.1:5000/ol7image:v1 v1: Pulling from ol7image 41a53649c86f: Pull complete Digest: sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de Status: Downloaded newer image for 127.0.0.1:5000/ol7image:v1 [root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 127.0.0.1:5000/ol7image v1 3d62999fc909 8 days ago 219.5 MB registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]#
可以参考下面的链接,通过web访问本地registry
https://github.com/mkuchin/docker-registry-web
http://docs.oracle.com/cd/E52668_01/E75728/html/prepare-registry-server.html
https://hub.docker.com/_/registry/
http://qinghua.github.io/docker-registry/
https://github.com/mkuchin/docker-registry-web