Docker及Docker私有仓库安装使用(Centos7)

简述:

Centos7上安装Docker及Docker仓库Docker从1.13版本之后采用时间线的方式作为版本号,分为社区版CE和企业版EE。社区版是免费提供给个人开发者和小型团体使用的,企业版会提供额外的收费服务,比如经过官方测试认证过的基础设施、容器、插件等。社区版按照stable和edge两种方式发布,每个季度更新stable版本,如18.06,18.09;每个月份更新edge版本,如18.09,18.10。

 

准备环境:

装有Centos7系统的机器两台

示例:

192.168.1.198[docker-app,普通Docker服务器]

192.168.1.199[docker-reop,docker仓库]

 

一.安装Docker

注意:普通Docker服务器及Docker仓库都需要执行此操作。

1.版本要求

Docker 要求 CentOS 系统的内核版本高于 3.10 。查看本页面的前提条件来验证你的CentOS 版本是否支持 Docker 。通过 uname -r 命令查看你当前的内核版本

 

2.更新yum包到最新版本

使用 root 权限登录 Centos。确保 yum 包更新到最新。(此步骤耗时较长)

yum update

 

3.卸载旧版本(如果安装过旧版本的话)

sudo yum remove docker docker-common docker-selinux docker-engine

 

4.安装需要的软件包

yum-util 提供yum-config-manager功能,另外两个是devicemapper驱动依赖的

 

sudo yum install -y yum-utils device-mapper-persistent-data lvm2

 

5、设置yum源

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

6、可以查看所有仓库中所有docker版本,并选择特定版本安装

yum list docker-ce --showduplicates | sort -r

Docker及Docker私有仓库安装使用(Centos7)_第1张图片

 

7、安装docker

sudo yum install docker-ce

#由于repo中默认只开启stable仓库,故这里安装的是最新稳定版17.12.0 sudo yum install

# 例如:sudo yum install docker-ce-17.12.0.ce

Docker及Docker私有仓库安装使用(Centos7)_第2张图片

 

8、启动并加入开机启动

 

sudo systemctl start docker sudo systemctl enable docker

 

9、验证安装是否成功(有client和service两部分表示docker安装启动都成功了)

docker version

Docker及Docker私有仓库安装使用(Centos7)_第3张图片

 

 

二.安装Docker仓库[在199服务器上]

1. 拉取registry镜像

docker pull registry

2.通过镜像启动一个容器(启动仓库)

docker run -e REGISTRY_STORAGE_DELETE_ENABLED=true -d -p 5000:5000 -v /opt/data/registry:/tmp/registry registry:latest

---------------------------------------------------------------------------------------------------------------------------

配置解释:

放开了Docker仓库的删除权限:REGISTRY_STORAGE_DELETE_ENABLED=true

---------------------------------------------------------------------------------------------------------------------------

官方文档解释:

In a typical setup where you run your Registry from the official image, you can specify a configuration variable from the environment by passing -e arguments to your docker run stanza or from within a Dockerfile using the ENV instruction.

To override a configuration option, create an environment variable named REGISTRY_variable where variable is the name of the configuration option and the _ (underscore) represents indention levels. For example, you can configure the rootdirectory of the filesystem storage backend:

storage: filesystem: rootdirectory: /var/lib/registry

To override this value, set an environment variable like this:

REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/somewhere

This variable overrides the /var/lib/registry value to the /somewhere directory.

----------------------------------》

大意就是我们可以在启动镜像容器的时候,可以在docker run 命令后边通过-e传递参数,参数设置的形式为大写的REGISTRY_加各级配置项名称=值的形式。

如我要配置下边第一个log:accesslog

docker run -e REGISTRY_LOG_ACCESSLOG_DISABLED=false 等等等等

----------------------------------》

可配置项(默认)

version: 0.1
log:
  accesslog:
    disabled: true
  level: debug
  formatter: text
  fields:
    service: registry
    environment: staging
  hooks:
    - type: mail
      disabled: true
      levels:
        - panic
      options:
        smtp:
          addr: mail.example.com:25
          username: mailuser
          password: password
          insecure: true
        from: [email protected]
        to:
          - [email protected]
loglevel: debug # deprecated: use "log"
storage:
  filesystem:
    rootdirectory: /var/lib/registry
    maxthreads: 100
  azure:
    accountname: accountname
    accountkey: base64encodedaccountkey
    container: containername
  gcs:
    bucket: bucketname
    keyfile: /path/to/keyfile
    rootdirectory: /gcs/object/name/prefix
    chunksize: 5242880
  s3:
    accesskey: awsaccesskey
    secretkey: awssecretkey
    region: us-west-1
    regionendpoint: http://myobjects.local
    bucket: bucketname
    encrypt: true
    keyid: mykeyid
    secure: true
    v4auth: true
    chunksize: 5242880
    multipartcopychunksize: 33554432
    multipartcopymaxconcurrency: 100
    multipartcopythresholdsize: 33554432
    rootdirectory: /s3/object/name/prefix
  swift:
    username: username
    password: password
    authurl: https://storage.myprovider.com/auth/v1.0 or https://storage.myprovider.com/v2.0 or https://storage.myprovider.com/v3/auth
    tenant: tenantname
    tenantid: tenantid
    domain: domain name for Openstack Identity v3 API
    domainid: domain id for Openstack Identity v3 API
    insecureskipverify: true
    region: fr
    container: containername
    rootdirectory: /swift/object/name/prefix
  oss:
    accesskeyid: accesskeyid
    accesskeysecret: accesskeysecret
    region: OSS region name
    endpoint: optional endpoints
    internal: optional internal endpoint
    bucket: OSS bucket
    encrypt: optional data encryption setting
    secure: optional ssl setting
    chunksize: optional size valye
    rootdirectory: optional root directory
  inmemory:  # This driver takes no parameters
  delete:
    enabled: false
  redirect:
    disable: false
  cache:
    blobdescriptor: redis
  maintenance:
    uploadpurging:
      enabled: true
      age: 168h
      interval: 24h
      dryrun: false
    readonly:
      enabled: false
auth:
  silly:
    realm: silly-realm
    service: silly-service
  token:
    realm: token-realm
    service: token-service
    issuer: registry-token-issuer
    rootcertbundle: /root/certs/bundle
  htpasswd:
    realm: basic-realm
    path: /path/to/htpasswd
middleware:
  registry:
    - name: ARegistryMiddleware
      options:
        foo: bar
  repository:
    - name: ARepositoryMiddleware
      options:
        foo: bar
  storage:
    - name: cloudfront
      options:
        baseurl: https://my.cloudfronted.domain.com/
        privatekey: /path/to/pem
        keypairid: cloudfrontkeypairid
        duration: 3000s
  storage:
    - name: redirect
      options:
        baseurl: https://example.com/
reporting:
  bugsnag:
    apikey: bugsnagapikey
    releasestage: bugsnagreleasestage
    endpoint: bugsnagendpoint
  newrelic:
    licensekey: newreliclicensekey
    name: newrelicname
    verbose: true
http:
  addr: localhost:5000
  prefix: /my/nested/registry/
  host: https://myregistryaddress.org:5000
  secret: asecretforlocaldevelopment
  relativeurls: false
  tls:
    certificate: /path/to/x509/public
    key: /path/to/x509/private
    clientcas:
      - /path/to/ca.pem
      - /path/to/another/ca.pem
    letsencrypt:
      cachefile: /path/to/cache-file
      email: [email protected]
  debug:
    addr: localhost:5001
  headers:
    X-Content-Type-Options: [nosniff]
  http2:
    disabled: false
notifications:
  endpoints:
    - name: alistener
      disabled: false
      url: https://my.listener.com/event
      headers: 
      timeout: 500
      threshold: 5
      backoff: 1000
      ignoredmediatypes:
        - application/octet-stream
redis:
  addr: localhost:6379
  password: asecret
  db: 0
  dialtimeout: 10ms
  readtimeout: 10ms
  writetimeout: 10ms
  pool:
    maxidle: 16
    maxactive: 64
    idletimeout: 300s
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
  file:
    - file: /path/to/checked/file
      interval: 10s
  http:
    - uri: http://server.to.check/must/return/200
      headers:
        Authorization: [Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==]
      statuscode: 200
      timeout: 3s
      interval: 10s
      threshold: 3
  tcp:
    - addr: redis-server.domain.com:6379
      timeout: 3s
      interval: 10s
      threshold: 3
proxy:
  remoteurl: https://registry-1.docker.io
  username: [username]
  password: [password]
compatibility:
  schema1:
    signingkeyfile: /etc/registry/key.json
validation:
  enabled: true
  manifests:
    urls:
      allow:
        - ^https?://([^/]+\.)*example\.com/
      deny:
        - ^https?://www\.example\.com/

---------------------------------------------------------------------------------------------------------------------------

 

三.解决HTTP服务问题

 

因为Docker从1.3.X之后,与docker registry交互默认使用的是https,然而此处搭建的私有仓库只提供http服务,所以当与私有仓库交互时就会报下面的错误。

Docker及Docker私有仓库安装使用(Centos7)_第4张图片

 

解决方案:

1.在/etc/docker下新建daemon.json文件

touch daemon.json

2.然后编辑daemon.json

vim daemon.json

{"insecure-registries":["192.168.1.199:5000"]}

这句指令表示信任此私有仓库,重启docker

 

四.推送镜像到私有仓库

1.先从默认仓库拉取一个测试项目

docker pull hello-world

2.想推到私有仓库,必须打一个指向标签

docker tag hello-world 192.168.1.199:5000/hello-world

此时查看镜像 docker images 可以看到

3.推到私有仓库

docker push 192.168.1.199:5000/hello-world

就OK了

4.从私有仓库拉取镜像

docker pull 192.168.1.199:5000/hello-world

 

五.仓库镜像管理

1.镜像明细查看

http://192.168.1.199:5000/v2/_datalog

2.镜像删除(慎用)

先获取digest值

curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ -I \ -X HEAD http://192.168.1.199:5000/v2/hello-world/manifests/latest

Docker及Docker私有仓库安装使用(Centos7)_第5张图片

curl -X DELETE http://192.168.1.199:5000/v2/hello-world/manifests/sha256:3a07b4e06c73b2e3924008270c7f3c3c6e3f70d4dbb814ad8bff2697123ca33c

执行就ok,完了再拉取就拉取不到了。

详细删除查看https://www.jb51.net/article/124549.htm博客

和官网文档

https://docs.docker.com/registry/configuration/#override-specific-configuration-options

这里未做深入探究。

你可能感兴趣的:(Docker)