创建文件系统用于registry
[root@ovm ~]# mkfs.btrfs -L var-lib-registry /dev/sdb2
btrfs-progs v4.2.2
See http://btrfs.wiki.kernel.org for more information.
WARNING: The skinny-metadata mkfs default feature will work with the current kernel, but it is not compatible with older kernels supported on this OS. You can disable it with -O ^skinny-metadata option in mkfs.btrfs
WARNING: The extref mkfs default feature will work with the current kernel, but it is not compatible with older kernels supported on this OS. You can disable it with -O ^extref option in mkfs.btrfs
Label: var-lib-registry
UUID: 9d9af263-9471-4be5-a069-82cda3af706c
Node size: 16384
Sector size: 4096
Filesystem size: 30.00GiB
Block group profiles:
Data: single 8.00MiB
Metadata: DUP 1.01GiB
System: DUP 12.00MiB
SSD detected: no
Incompat features: extref, skinny-metadata
Number of devices: 1
Devices:
ID SIZE PATH
1 30.00GiB /dev/sdb2
挂载文件系统
[root@ovm ~]# blkid /dev/sdb2
/dev/sdb2: LABEL="var-lib-registry" UUID="9d9af263-9471-4be5-a069-82cda3af706c" UUID_SUB="28a8292a-024f-470a-9971-00581c3a069d" TYPE="btrfs"
[root@ovm ~]# echo "LABEL=var-lib-registry /var/lib/registry btrfs defaults 1 2" >> /etc/fstab
[root@ovm ~]# mkdir /var/lib/registry
[root@ovm ~]# mount -a
[root@ovm ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_ohs2-lv_root
36G 9.3G 25G 28% /
tmpfs 3.9G 72K 3.9G 1% /dev/shm
/dev/sda1 477M 81M 367M 19% /boot
/dev/sdb1 31G 17M 28G 1% /var/lib/docker
/dev/sdb2 31G 17M 28G 1% /var/lib/registry
[root@ovm ~]#
创建self-signed SSL certificate
[root@ovm ~]# mkdir -p /var/lib/registry/conf.d [root@ovm ~]# cd /var/lib/registry/conf.d [root@ovm conf.d]# ls -l total 0 [root@ovm conf.d]# openssl req -newkey rsa:4096 -nodes -sha256 -x509 -days 365 -keyout domain.key -out domain.crt Generating a 4096 bit RSA private key ...................................................................................++ ..................................................++ writing new private key to 'domain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:Massachusetts Locality Name (eg, city) [Default City]:Boston Organization Name (eg, company) [Default Company Ltd]:Oracle Com Organizational Unit Name (eg, section) []:DevOps Common Name (eg, your name or your server's hostname) []:ovm.ohsdba.cn Email Address []:ohsdba@qq.com [root@ovm conf.d]# ls -ltr total 8 -rw-r--r--. 1 root root 3272 Oct 7 09:20 domain.key -rw-r--r--. 1 root root 2130 Oct 7 09:20 domain.crt [root@ovm conf.d]# chmod 600 /var/lib/registry/conf.d/domain.key [root@ovm conf.d]# ls -ltr total 8 -rw-------. 1 root root 3272 Oct 7 09:20 domain.key -rw-r--r--. 1 root root 2130 Oct 7 09:20 domain.crt [root@ovm conf.d]#
创建Docker registry container
如果之前没有安装registry容器则会自动下载并启动一个registry容器,创建本地的私有仓库服务
docker run -d -p 5000:5000 --name registry --restart=always \
-v /var/lib/registry:/registry_data \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry_data \
-e REGISTRY_HTTP_TLS_KEY=/registry_data/conf.d/domain.key \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/registry_data/conf.d/domain.crt \
registry:latest
[root@ovm ~]# docker run -d -p 5000:5000 --name registry --restart=always \
> -v /var/lib/registry:/registry_data \
> -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry_data \
> -e REGISTRY_HTTP_TLS_KEY=/registry_data/conf.d/domain.key \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/registry_data/conf.d/domain.crt \
> registry:latest
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
c0cb142e4345: Pull complete
a5002dfce871: Pull complete
df53ce740974: Pull complete
9ce080a7bfae: Pull complete
517dc3530502: Pull complete
Digest: sha256:1cfcd718fd8a49fec9ef16496940b962e30e3927012e851f99905db55f1f4199
Status: Downloaded newer image for registry:latest
3e1fa551684cbf2fe9d129566212ff339fe4772196d2861ca7338d1bf0318335
[root@ovm ~]#
[root@ovm ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 541a6732eadb 13 days ago 33.27 MB
[root@ovm ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e1fa551684c registry:latest "/entrypoint.sh /etc/" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp registry
[root@ovm ~]#
把Hub Docker上的image然后导入到本地的registry
先从Docker Hub上下载oraclelinux
[root@ovm ~]# docker pull oraclelinux:latest latest: Pulling from library/oraclelinux 41a53649c86f: Pull complete Digest: sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de Status: Downloaded newer image for oraclelinux:latest [root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE oraclelinux latest 3d62999fc909 8 days ago 219.5 MB registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]# [root@ovm ~]# docker tag oraclelinux:latest localhost:5000/ol7image:v1 [root@ovm ~]# [root@ovm ~]# docker push localhost:5000/ol7image:v1 The push refers to a repository [localhost:5000/ol7image] 9dec0800bdd4: Pushed v1: digest: sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de size: 529 [root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE localhost:5000/ol7image v1 3d62999fc909 8 days ago 219.5 MB oraclelinux latest 3d62999fc909 8 days ago 219.5 MB registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]#
使用curl查看registry中image信息
[root@ovm conf.d]# cat domain.crt >>/etc/pki/tls/certs/ca-bundle.crt
因为使用了https,使用curl,要先导入之前的认证信息到文件ca-bundle.crt
[root@ovm ~]# curl https://ovm.ohsdba.cn:5000/v2/
{}[root@ovm ~]#
[root@ovm ~]# curl https://ovm.ohsdba.cn:5000/v2/_catalog
{"repositories":["ol7image"]}
[root@ovm ~]#
也可以用浏览器登录查看
https://127.0.0.1:5000/v2/_catalog
可以看到本地registry中有了push上去的镜像删除当前的image(为了测试)
[root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE localhost:5000/ol7image v1 3d62999fc909 8 days ago 219.5 MB oraclelinux latest 3d62999fc909 8 days ago 219.5 MB registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]# docker rmi oraclelinux Untagged: oraclelinux:latest Untagged: oraclelinux@sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de [root@ovm ~]# docker rmi localhost:5000/ol7image:v1 Untagged: localhost:5000/ol7image:v1 Untagged: localhost:5000/ol7image@sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de Deleted: sha256:3d62999fc9091b809eb977d6636699f904f4d67a9b50b5b5640d42d07476f288 Deleted: sha256:9dec0800bdd491be3d1abb614617f4d45ff91a7e8a23f03e5fd44ee74f02720b [root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]#
从本地registry下载
[root@ovm ~]# docker pull 127.0.0.1:5000/ol7image:v1 v1: Pulling from ol7image 41a53649c86f: Pull complete Digest: sha256:aa335655d0e3fbae6cac54ab19052e02fbad75230b3c2403522e8a23fcdd64de Status: Downloaded newer image for 127.0.0.1:5000/ol7image:v1 [root@ovm ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 127.0.0.1:5000/ol7image v1 3d62999fc909 8 days ago 219.5 MB registry latest 541a6732eadb 13 days ago 33.27 MB [root@ovm ~]#
可以参考下面的链接,通过web访问本地registry
https://github.com/mkuchin/docker-registry-web
http://docs.oracle.com/cd/E52668_01/E75728/html/prepare-registry-server.html
https://hub.docker.com/_/registry/
http://qinghua.github.io/docker-registry/
https://github.com/mkuchin/docker-registry-web
