Docker 官方已经把仓库封装为镜像,直接通过启动容器就可以部署完成仓库
[root@server1 ~]# docker load -i registry2.tar
[root@server1 ~]# docker images registry
[root@server1 ~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a5ededc0ac0 registry:2 "/entrypoint.sh /etc…" 7 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp registry
[root@server1 ~]# docker tag ubuntu:v1 localhost:5000/ubuntu ##重命名,使上传的时候传到本地仓库而不是默认仓库
[root@server1 ~]# docker images localhost:5000/ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost:5000/ubuntu latest aa00ef2f4ef4 36 hours ago 188MB
[root@server1 ~]# docker push localhost:5000/ubuntu ##上传
The push refers to repository [localhost:5000/ubuntu]
d6eec047ed97: Pushed
5f70bf18a086: Pushed
11083b444c90: Pushed
9468150a390c: Pushed
56abdd66ba31: Pushed
latest: digest: sha256:a5a2cfc712a616319f3e71e716f534c373b8cef1a8ec864cc15c2176ae17d507 size: 1358
查看
[root@server1 ~]# cd /opt/registry/
[root@server1 registry]# ls
docker
[root@server1 v2]# yum install -y tree
[root@server1 registry]# tree docker
从本地仓库下载镜像
[root@server1 ~]# docker rmi -f ubuntu:v1
[root@server1 ~]# docker rmi -f localhost:5000/ubuntu
[root@server1 ~]# docker pull localhost:5000/ubuntu
[root@server1 ~]# docker tag localhost:5000/ubuntu ubuntu:v1
[root@server1 ~]# docker rmi localhost:5000/ubuntu
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 aa00ef2f4ef4 37 hours ago 188MB
registry 2 f32a97de94e1 2 months ago 25.8MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
ubuntu latest 07c86167cdc4 3 years ago 188MB
rhel7 latest 0a3eb3fde7fd 4 years ago 140MB
1.创建服务端key以及证书
[root@server1 ~]# cd /tmp/docker/
[root@server1 docker]# mkdir -p certs
[root@server1 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/dzh.org.key -x509 -days 365 -out certs/dzh.org.crt
[root@server1 docker]# cd certs/
[root@server1 certs]# ls
dzh.org.crt dzh.org.key
[root@server1 certs]# vim /etc/hosts
172.25.68.1 server1 dzh.org
3.创建仓库
[root@server1 docker]# docker rm -f registry
[root@server1 docker]# docker run -d --restart=always --name registry -v /tmp/docker/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dzh.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/dzh.org.key -p 443:443 -v /opt/registry:/var/lib/registry registry:2
[root@server1 dzh.org]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4ae71b182aef registry:2 "/entrypoint.sh /etc…" 11 minutes ago Up 11 minutes 0.0.0.0:443->443/tcp, 5000/tcp registry
4.创建证书存放目录,并复制证书
[root@server1 docker]# cd /etc/docker/
[root@server1 docker]# ls
key.json
[root@server1 docker]# mkdir certs.d
[root@server1 docker]# cd certs.d/
[root@server1 certs.d]# mkdir dzh.org
[root@server1 certs.d]# cd dzh.org/
[root@server1 dzh.org]# cp /tmp/docker/certs/dzh.org.crt ca.crt
5.导入一个镜像并上传到私有仓库
[root@server1 dzh.org]# docker tag game2048:latest dzh.org/game2048
[root@server1 dzh.org]# docker push dzh.org/game2048
6.查看
[root@server1 dzh.org]# cd /opt/registry/
[root@server1 registry]# tree docker/
[root@server2 docker]# systemctl start docker
[root@server2 docker]# cd /etc/docker
[root@server2 docker]# mkdir certs.d
[root@server2 docker]# cd certs.d/
[root@server2 certs.d]# mkdir dzh.org
[root@server2 certs.d]# vim /etc/hosts
172.25.68.1 server1 dzh.org
[root@server2 certs.d]# docker pull dzh.org/game2048
Using default tag: latest
Error response from daemon: Get https://dzh.org/v2/: x509: certificate signed by unknown authority ##没有证书下载不了
server1将证书传给server2
[root@server1 ~]# cd /etc/docker/certs.d/dzh.org/
[root@server1 dzh.org]# ls
ca.crt
[root@server1 dzh.org]# scp ca.crt server2:/etc/docker/certs.d/dzh.org/
The authenticity of host 'server2 (172.25.68.2)' can't be established.
ECDSA key fingerprint is 22:48:a0:a7:b9:8f:b5:0c:31:fe:e9:9d:6c:59:61:d7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2' (ECDSA) to the list of known hosts.
root@server2's password:
ca.crt
server2
[root@server2 certs.d]# docker pull dzh.org/game2048
Using default tag: latest
latest: Pulling from game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for dzh.org/game2048:latest
[root@server2 certs.d]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
dzh.org/game2048 latest 19299002fdbe 2 years ago 55.5MB
控制registry的使用权限,使其只有在登录用户名和密码之后才能使用
1.设置用户密码并查看
[root@server1 dzh.org]# cd /tmp/docker/
[root@server1 docker]# mkdir auth
[root@server1 docker]# docker run --rm --entrypoint htpasswd registry:2 -Bbn dzh redhat > auth/htpasswd
[root@server1 docker]# cat auth/htpasswd
dzh:$2y$05$Ll6rx9QTt355NVo.ZBb7OOMFyLbOSyvUfsm0h6/SYT95sisekSgDm
2.创建仓库
[root@server1 docker]# docker rm -f registry
[root@server1 docker]# docker run -d --restart=always --name registry -v /tmp/docker/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dzh.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/dzh.org.key -p 443:443 -v /opt/registry:/var/lib/registry -v /tmp/docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2
[root@server1 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aea2930811bf registry:2 "/entrypoint.sh /etc…" 5 seconds ago Up 4 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
3.登录库,并输入用户名和密码
[root@server1 docker]# docker login dzh.org
Username: dzh
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#在文件config.json 中可以看到记录的认证(认证一次,永久保存)
[root@server1 docker]# cat /root/.docker/config.json
{
"auths": {
"dzh.org": {
"auth": "ZHpoOnJlZGhhdA=="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.06.1-ce (linux)"
}
}
4.可以上传
[root@server1 docker]# docker tag ubuntu:v1 dzh.org/ubuntu
[root@server1 docker]# docker push dzh.org/ubuntu
The push refers to repository [dzh.org/ubuntu]
d6eec047ed97: Layer already exists
5f70bf18a086: Layer already exists
11083b444c90: Layer already exists
9468150a390c: Layer already exists
56abdd66ba31: Layer already exists
latest: digest: sha256:a5a2cfc712a616319f3e71e716f534c373b8cef1a8ec864cc15c2176ae17d507 size: 1358
5.退出登陆后不能上传(一直显示在准备中)
[root@server1 docker]# docker logout dzh.org
Removing login credentials for dzh.org
[root@server1 docker]# docker push dzh.org/ubuntu
The push refers to repository [dzh.org/ubuntu]
d6eec047ed97: Preparing
5f70bf18a086: Preparing
11083b444c90: Preparing
9468150a390c: Preparing
56abdd66ba31: Preparing
no basic auth credentials