docker 仓库管理
1. 下载私有仓库镜像
# docker pull registry
下载registry镜像,registy为docker官方提供的一个镜像,我们可以用它来创建本地的docker私有仓库。
2. 依托registry镜像来创建容器
# docker run -d -p 5000:5000 registry
-d 放到后台运行
-p 做一个端口映射,宿主机端口:容器端口 访问宿主机5000端口,就相当于访问该容器
当 docker ps的时候,会在 PORTS 列显示 0.0.0.0:5000->5000/tcp
用 curl 127.0.0.1:5000 测试 会显示"\"docker-registry server\""
[root@localhost ~]# docker run -d -p 5000:5000 registry d39b5bcf9e88cf6dd4827435c5abee87ed1db788fc1d4b51843212d8173c3b2b You have new mail in /var/spool/mail/root [root@localhost ~]# docker start d39b5bcf d39b5bcf [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d39b5bcf9e88 registry "docker-registry" About a minute ago Up About a minute 0.0.0.0:5000->5000/tcp stupefied_hodgkin [root@localhost ~]# docker exec -it d39b5bcf9e88 /bin/bash root@d39b5bcf9e88:/# netstat -lnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 1/python Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path root@d39b5bcf9e88:/# exit exit [root@localhost ~]# telnet 127.0.0.1 5000 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Connection closed by foreign host. [root@localhost ~]# curl 127.0.0.1:5000 "\"docker-registry server\""
3. 上传一个镜像到私有仓库
首先要给这个镜像做tag
必须带有私有仓库的 ip:port,带有宿主机的IP, 要不然会上传到共有仓库里面去
# docker tag 镜像名 私有库ip:port/镜像名
例:docker tag busybox 112.65.140.132:5000/busybox
其次更改https为http
在 /etc/init.d/docker 中加入 --insecure-registry 本机ip地址:5000
$exec -d $other_args &>> $logfile &
修改为:
$exec -d --insecure-registry 112.65.140.132:5000 $other_args &>> $logfile &
重启 docker 并启动 registry 容器
上传 # docker push 私有库ip:port/镜像名
例:docker push 112.65.140.132:5000/busybox
[root@localhost ~]# docker pull busybox //下载一个只有1.1M的busybox做实验 latest: Pulling from busybox 56ed16bd6310: Pull complete bc744c4ab376: Pull complete Digest: sha256:4a887a2326ec9e0fa90cce7b4764b0e627b5d6afcb81a3f73c85dc29cea00048 Status: Downloaded newer p_w_picpath for busybox:latest [root@localhost ~]# docker p_w_picpaths REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE busybox latest bc744c4ab376 0 hours ago 1.113 MB [root@localhost ~]# docker tag busybox 112.65.140.132:5000/busybox [root@localhost ~]# docker p_w_picpaths REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE busybox latest bc744c4ab376 30 hours ago 1.113 MB 112.65.140.132:5000/busybox latest bc744c4ab376 30 hours ago 1.113 MB [root@localhost ~]# docker push 112.65.140.132:5000/busybox //push镜像保存到私有仓库 Error response from daemon: invalid registry endpoint https://112.65.140.132:5000/v0/: unable to ping registry endpoint https://112.65.140.132:5000/v0/ v2 ping attempt failed with error: Get https://112.65.140.132:5000/v2/: EOF v1 ping attempt failed with error: Get https://112.65.140.132:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 112.65.140.132:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/112.65.140.132:5000/ca.crt
这里上传报错,这是因为Docker从1.3.X之后,与docker registry交互默认使用的是https,然而此处搭建的私有仓库只提供http服务,所以当与私有仓库交互时就会报上面的错误。为了解决这个问题需要在启动docker server时增加启动参数为默认使用http访问。解决该问题的方法为:
[root@localhost ~]# vi /etc/init.d/docker
$exec -d $other_args &>> $logfile &
修改为:
$exec -d --insecure-registry 112.65.140.132:5000 $other_args &>> $logfile &
[root@localhost ~]# /etc/init.d/docker restart
Stopping docker: [ OK ]
Starting docker: [ OK ]
[root@localhost ~]# ps aux | grep docker
root 18565 1.4 2.5 222260 12724 pts/0 Sl 09:42 0:00 /usr/bin/docker -d --insecure-registry 112.65.140.132:5000
root 18613 0.0 0.1 103304 868 pts/0 S+ 09:42 0:00 grep docker
[root@localhost ~]# docker push 112.65.140.132:5000/busybox//报错,因为没有启动registry容器
Error response from daemon: invalid registry endpoint "http://112.65.140.132:500 0/v0/". HTTPS attempt: unable to ping registry endpoint https://112.65.140.132:5 000/v0/
v2 ping attempt failed with error: Get https://112.65.140.132:5000/v2/: dial tcp 112.65.140.132:5000: connection refused v1 ping attempt failed with error: Get https://112.65.140.132:5000/v1/_ping: di al tcp 112.65.140.132:5000: connection refused. HTTP attempt: unable to ping reg istry endpoint http://112.65.140.132:5000/v0/
v2 ping attempt failed with error: Get http://112.65.140.132:5000/v2/: dial tcp 112.65.140.132:5000: connection refused v1 ping attempt failed with error: Get http://112.65.140.132:5000/v1/_ping: dia l tcp 112.65.140.132:5000: connection refused
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED
[root@localhost ~]# docker run -d -p 5000:5000 registry //registry镜像启动容器
df9421df3c4202aaa6e35bf4431743dfa70a991b1ec7a3d88e7fdcbaa528a8d8
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
df9421df3c42 registry "docker-registry" 6 seconds ago Up 4 seconds 0.0.0.0:5000->5000/tcp loving_turing
[root@localhost ~]# docker push 112.65.140.132:5000/busybox //push镜像到私有仓库
The push refers to a repository [112.65.140.132:5000/busybox] (len: 1)
Sending p_w_picpath list
Pushing repository 112.65.140.132:5000/busybox (1 tags)
56ed16bd6310: Image successfully pushed
bc744c4ab376: Image successfully pushed
Pushing tag for rev [bc744c4ab376] on {http://112.65.140.132:5000/v1/repositories/busybox/tags/latest}
4. 使用 Docker 的 RESTful API 可以查看仓库服务器中的镜像:
# curl http://ip:port/v1/search
例:curl http://112.65.140.132:5000/v1/search
结果示例:
[root@localhost ~]# curl http://112.65.140.132:5000/v1/search
{"num_results": 1, "query": "", "results": [{"description": "", "name":"library/busybox"}]}
也可以用 docker search 命令,例:
[root@localhost ~]# docker search 112.65.140.132:5000/busybox NAME DESCRIPTION STARS OFFICIAL AUTOMATED library/busybox 0
5. 拉取私有库的镜像
需要指定私有库的地址端口
例:
[root@localhost ~]# docker pull 112.65.140.132:5000/busybox Pulling repository 112.65.140.132:5000/busybox bc744c4ab376: Download complete 56ed16bd6310: Download complete Status: Image is up to date for 112.65.140.132:5000/busybox:latest