Docker镜像私有仓库
阅读 (5713)在Docker中,当我们执行 docker pull xxx 的时候 ,它实际上是从 hub.docker.com 这个地址去查找,这就是 Docker 公司为我们提供的公共仓库。在工作中,我们不可能把企业项目 push 到公有仓库进行管理。所以为了更好的管理镜像,Docker 不仅提供了一个中央仓库,同时也允许我们搭建本地私有仓库。
docker容器镜像仓库分类:
- 公网仓库:docker hub
- 私网仓库: registry、harbor
一、registry镜像仓库
1.1、 registry 仓库搭建
搭建步骤
- 拉取 registry 容器镜像
- 创建 registry 仓库容器
- 测试容器应用
搭建过程
a、拉取registry容器镜像
docker pull registry
b、创建registry仓库容器
1、创建持久化存储,将容器镜像存储目录/var/lib/registry挂载到本地/opt/myregistry下:
mkdir /opt/myregistry
2、创建 registry 容器:
docker run -d -p 5000:5000 -v /opt/myregistry:/var/lib/registry --restart=always registry:latest
3、查看容器是否运行
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6b20b55fe6f8 registry:latest "/entrypoint.sh /etc…" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp busy_mclean
c、测试容器应用
[root@zutuanxue_manage01 ~]# curl http://192.168.1.150:5000/v2/_catalog
{"repositories":[]}
显示仓库中没有任何镜像
1.2、registry仓库应用-上传镜像
上传镜像步骤
- 设置docker仓库为registry本地仓库
- 给需要存储的镜像打tag
- 上传镜像到registry仓库
演示案例
将baishuming2020/centos_nginx:latest上传到仓库
查看当前本地镜像
[root@zutuanxue_manage01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
baishuming2020/centos_nginx latest bcd9f28f6126 33 minutes ago 447MB
baishuming2020/centos_8_base latest 3e9f682f8459 47 minutes ago 200MB
centos latest 0f3e07c0138f 6 weeks ago 220MB
registry latest f32a97de94e1 8 months ago 25.8MB
a、设置docker仓库为registry本地仓库
#1、修改docker进程启动文件,修改其启动方式,目的是为了让通过docker配置文件启动
[root@zutuanxue_manage01 ~]# sed -i.bak '/^ExecStart=/c\ExecStart=\/usr\/bin\/dockerd' /usr/lib/systemd/system/docker.service
#2、设置docker 守护进程的配置文件 /etc/docker/daemon.json,默认没有该文件
[root@zutuanxue_manage01 ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["http://192.168.1.150:5000"]
}
insecure-registries 指定非安全的仓库地址,多个用逗号隔开
#3、重启docker生效配置文件
[root@zutuanxue_manage01 ~]# systemctl daemon-reload
[root@zutuanxue_manage01 ~]# systemctl restart docker
b、给需要存储的镜像打tag
[root@zutuanxue_manage01 ~]# docker tag baishuming2020/centos_nginx:latest 192.168.1.150:5000/centos_nginx:v1
[root@zutuanxue_manage01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.98.240:5000/centos_nginx v1 bcd9f28f6126 45 minutes ago 447MB
baishuming2020/centos_nginx latest bcd9f28f6126 45 minutes ago 447MB
baishuming2020/centos_8_base latest 3e9f682f8459 59 minutes ago 200MB
centos latest 0f3e07c0138f 6 weeks ago 220MB
registry latest f32a97de94e1 8 months ago 25.8MB
c、上传镜像到registry仓库
#1、上传镜像
[root@zutuanxue_manage01 ~]# docker push 192.168.98.240:5000/centos_nginx:v1
The push refers to repository [192.168.98.240:5000/centos_nginx]
1da799aaf1ec: Pushed
f598357997c6: Pushed
630012d2d35b: Pushed
4dcde7ab808a: Pushed
64dc1b92ebb6: Pushed
7db2133dafb9: Pushed
fd05189e6e81: Pushed
ee645629aa71: Pushed
v1: digest: sha256:507a5ad9dd5771cdf461a6fa24c3fff6ea9eabd6945abf03e9264d3130fe816b size: 1996
#2、查看上传
[root@zutuanxue_manage01 ~]# curl http://192.168.98.240:5000/v2/_catalog
{"repositories":["centos_nginx"]}
#查看存储文件夹
[root@zutuanxue_manage01 ~]# ls /opt/docker_repos/docker/registry/v2/repositories/centos_nginx/
_layers _manifests _uploads
1.3、 registry仓库应用-客户端下载镜像
- 设置客户端docker仓库为registry仓库
- 拉取镜像到本地
演示案例
要求192.168.98.241[hostname:zutuanxue_node1]机器的容器可以下载registry仓库中的镜像
a、设置192.168.1.151[hostname:zutuanxue_node1]机器的docker仓库为registry仓库
#1、设置docker启动文件
[root@zutuanxue_node1 ~]# sed -i.bak '/^ExecStart=/c\ExecStart=\/usr\/bin\/dockerd' /usr/lib/systemd/system/docker.service
#2、设置docker配置文件
[root@zutuanxue_node1 ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["http://192.168.1.150:5000"]
}
b、下载镜像
192.168.1.151[hostname:zutuanxue_node1]机器上的docker可以拉取registry仓库中的192.168.1.150:5000/centos_nginx:v1容器镜像
[root@zutuanxue_node1 ~]# docker pull 192.168.1.150:5000/centos_nginx:v1
v1: Pulling from centos_nginx
dcd04d454f16: Pull complete
5cb2e05aa6e1: Pull complete
870634eb98b4: Pull complete
0fae9697ee4b: Pull complete
18ad57cfcecb: Pull complete
64dd6f0d85c1: Pull complete
7178b0b4388e: Pull complete
34de8795cd41: Pull complete
Digest: sha256:507a5ad9dd5771cdf461a6fa24c3fff6ea9eabd6945abf03e9264d3130fe816b
Status: Downloaded newer image for 192.168.98.240:5000/centos_nginx:v1
192.168.98.240:5000/centos_nginx:v1
#验证下载
[root@zutuanxue_node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.150:5000/centos_nginx v1 bcd9f28f6126 4 hours ago 447MB
1.4、registry带basic认证的仓库
实现步骤
- 安装需要认证的包
- 创建存放认证信息的文件
- 创建认证信息
- 创建带认证的registry容器
- 指定仓库地址
- 登录认证
实现过程
a、安装需要认证的包
yum -y install httpd-tools
b、创建存放认证信息的文件
mkdir -p /opt/registry-var/auth
c、创建认证信息
htpasswd -Bbn zutuanxue 123456 >> /opt/registry-var/auth/htpasswd
d、创建带认证的registry容器
docker run -d -p 10000:5000 --restart=always --name registry \
-v /opt/registry-var/auth:/auth \
-v /opt/myregistry:/var/lib/registry \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
registry:latest
e、指定仓库地址
cat /etc/docker/daemon.json
{
"insecure-registries": ["http://192.168.1.150:5000","http://192.168.1.150:10000"]
}
f、登录认证
docker login 192.168.1.150:10000
Username:zutuanxue
Password:123456
二、 harbor镜像仓库
Harbor离线安装包下载地址:https://github.com/goharbor/harbor
docker-compose版本选择:https://github.com/docker/compose/releases
2.1 harbor下载
[root@centos8_manage01 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.2-rc1.tgz
2.2 docker-compose安装
容器编排工具,执行./install.sh时需要。如果不安装,一会重启docker服务,相关的harbor容器会死掉,安装后就会被随着docker重启
curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
2.3 harbor安装
[root@centos8_manage01 ~]# tar xf harbor-offline-installer-v1.9.2-rc1.tgz
[root@centos8_manage01 ~]# mv harbor /opt/
[root@centos8_manage01 ~]# /opt/harbor/prepare
prepare base dir is set to /opt/harbor
Unable to find image 'goharbor/prepare:v1.9.2' locally
v1.9.2: Pulling from goharbor/prepare
b950b5dd94ab: Pull complete
cc7bb94ca291: Pull complete
d6a642502e65: Pull complete
21510274066b: Pull complete
04998692a2c0: Pull complete
ae8f4647fe53: Pull complete
cee24c721c12: Pull complete
Digest: sha256:a647780bcd7f5fdcc9696332c9bca90f290912ecb41bd15c4c1a516450597bc2
Status: Downloaded newer image for goharbor/prepare:v1.9.2
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
修改配置文件中的主机名为本机域名或IP
[root@centos8_manage01 ~]# grep "^hostname" /opt/harbor/harbor.yml
hostname: 192.168.98.240
[root@centos8_manage01 ~]# /opt/harbor/install.sh
[Step 0]: checking installation environment ...
Note: docker version: 19.03.1
/usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version!
RequestsDependencyWarning)
Note: docker-compose version: 1.24.1
[Step 1]: loading Harbor images ...
6ef530defbe4: Loading layer 63.49MB/63.49MB
55872518448e: Loading layer 54.42MB/54.42MB
070787ce276e: Loading layer 5.632kB/5.632kB
1ddc8ebef7e9: Loading layer 2.048kB/2.048kB
94ec70036213: Loading layer 2.56kB/2.56kB
87f88832870d: Loading layer 2.56kB/2.56kB
208968317bf9: Loading layer 2.56kB/2.56kB
ab6259c81a01: Loading layer 10.24kB/10.24kB
Loaded image: goharbor/harbor-db:v1.9.2
92e51ca4c459: Loading layer 9.005MB/9.005MB
9e12eb4a5a82: Loading layer 3.072kB/3.072kB
913c064dae30: Loading layer 21.76MB/21.76MB
b28cae8255d8: Loading layer 3.072kB/3.072kB
890572f32fd2: Loading layer 8.661MB/8.661MB
6f00be7ade9a: Loading layer 30.42MB/30.42MB
Loaded image: goharbor/harbor-registryctl:v1.9.2
51bada9a03ba: Loading layer 78.25MB/78.25MB
bdd423614a28: Loading layer 3.072kB/3.072kB
e44c809a7328: Loading layer 59.9kB/59.9kB
07d91c85aa68: Loading layer 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v1.9.2
e0a372c4d5d3: Loading layer 10.84MB/10.84MB
Loaded image: goharbor/nginx-photon:v1.9.2
99f324455426: Loading layer 115.7MB/115.7MB
dbde533bd1f2: Loading layer 12.29MB/12.29MB
32adabde1b24: Loading layer 2.048kB/2.048kB
cdedbb7b738d: Loading layer 48.13kB/48.13kB
60eb6ca8f5f9: Loading layer 3.072kB/3.072kB
05fadada21a7: Loading layer 12.34MB/12.34MB
Loaded image: goharbor/clair-photon:v2.0.9-v1.9.2
fbe05936a49e: Loading layer 12.77MB/12.77MB
8dc691e9365f: Loading layer 55.38MB/55.38MB
c83233ecc176: Loading layer 5.632kB/5.632kB
de775c6f50f5: Loading layer 36.35kB/36.35kB
525709237f01: Loading layer 55.38MB/55.38MB
Loaded image: goharbor/harbor-core:v1.9.2
734abd864add: Loading layer 12.77MB/12.77MB
74033d37bf08: Loading layer 48.13MB/48.13MB
Loaded image: goharbor/harbor-jobservice:v1.9.2
6677f529d41e: Loading layer 9.005MB/9.005MB
019a95ff5e80: Loading layer 3.072kB/3.072kB
4b3792cedc69: Loading layer 2.56kB/2.56kB
274f5851694b: Loading layer 21.76MB/21.76MB
68e937b2af9e: Loading layer 21.76MB/21.76MB
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.9.2
Loaded image: goharbor/prepare:v1.9.2
0566b1894f2e: Loading layer 9.009MB/9.009MB
b99c86e48679: Loading layer 44.41MB/44.41MB
283ba1db5c52: Loading layer 2.048kB/2.048kB
701de676a8f6: Loading layer 3.072kB/3.072kB
c923d0b0255c: Loading layer 44.41MB/44.41MB
Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.9.2
ef4a961407c7: Loading layer 9.004MB/9.004MB
7cf94e5011b7: Loading layer 6.239MB/6.239MB
5c984b34ecb2: Loading layer 16.4MB/16.4MB
f06fb877e324: Loading layer 29.21MB/29.21MB
ae07ec384ebd: Loading layer 22.02kB/22.02kB
864698f2b94d: Loading layer 51.85MB/51.85MB
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.9.2
c953b6400a8b: Loading layer 50.3MB/50.3MB
2ee784d17d84: Loading layer 3.584kB/3.584kB
c71f6b26fd01: Loading layer 3.072kB/3.072kB
bb6389098841: Loading layer 2.56kB/2.56kB
b63da553de9f: Loading layer 3.072kB/3.072kB
62a479d14974: Loading layer 3.584kB/3.584kB
aa3fee5917b8: Loading layer 12.29kB/12.29kB
Loaded image: goharbor/harbor-log:v1.9.2
691af8d2c981: Loading layer 14.9MB/14.9MB
7878347ee491: Loading layer 29.21MB/29.21MB
433f16e7c539: Loading layer 22.02kB/22.02kB
ad0202306aed: Loading layer 50.34MB/50.34MB
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.9.2
62247cb7cb19: Loading layer 337.8MB/337.8MB
d8b748aaf7dd: Loading layer 119.8kB/119.8kB
Loaded image: goharbor/harbor-migrator:v1.9.2
d9705202f79f: Loading layer 7.036MB/7.036MB
3fdb77b47894: Loading layer 196.6kB/196.6kB
8901bb1db41e: Loading layer 172kB/172kB
baf9307d1844: Loading layer 15.36kB/15.36kB
1dcfba9b1bd1: Loading layer 3.584kB/3.584kB
90a90fef2f80: Loading layer 10.84MB/10.84MB
Loaded image: goharbor/harbor-portal:v1.9.2
[Step 2]: preparing environment ...
prepare base dir is set to /opt/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
/usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version!
RequestsDependencyWarning)
[Step 3]: starting Harbor ...
/usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version!
RequestsDependencyWarning)
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating redis ... done
Creating registryctl ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.98.240.
For more details, please visit https://github.com/goharbor/harbor .
2.4 docker设置仓库为harbor
1、docker服务启动文件
#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock 注释或者将[-H fd:// --containerd=/run/containerd/containerd.sock]删除
ExecStart=/usr/bin/dockerd
这样做的目的是让daemon.json管理docker进程
2、创建docker守护进程配置文件
[root@centos8_manage01 harbor]# cat /etc/docker/daemon.json
{
"insecure-registries": ["http://192.168.98.240"]
}
2.5 镜像上传到harbor
#登陆harbor
[root@centos8_manage01 harbor]# docker login http://192.168.98.240 -u admin -p Harbor12345
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#修改镜像name:tag为harbor仓库名
[root@centos8_manage01 harbor]# docker tag baishuming2020:latest 192.168.98.240/library/centos_web:v1
#上传镜像
[root@centos8_manage01 harbor]# docker push 192.168.98.240/library/centos_web:v1
The push refers to repository [192.168.98.240/library/centos_web]
968786242e9d: Pushed
v1: digest: sha256:d204253a33c6c2c74273fbd003cf3e14a48bcdd5c7bc10f51ccbad9e4dd39699 size: 528
常见问题
docker-compose命令无法使用
[root@centos8_manage01 ~]# docker-compose ps
ERROR:
Can’t find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
原因: 当前目录没有配置文件
正确执行路径 harbor安装目录
[root@centos8_manage01 harbor]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------------
harbor-core /harbor/harbor_core Up
harbor-db /docker-entrypoint.sh Up 5432/tcp
harbor-jobservice /harbor/harbor_jobservice ... Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up 8080/tcp
nginx nginx -g daemon off; Up 0.0.0.0:80->8080/tcp
redis redis-server /etc/redis.conf Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up 5000/tcp
registryctl /harbor/start.sh Exit 137