docker pull拉取本地私有仓库镜像

• author：@c1awn
• env如下:

如无特殊说明，docker版本为：

[root@c1awn01 ~]# docker version
Client:
 Version:         1.13.1
 API version:     1.26
 Package version: 
 Go version:      go1.8.3
 Git commit:      774336d/1.13.1
 Built:           Wed Mar  7 17:06:16 2018
 OS/Arch:         linux/amd64

linux版本：

[root@c1awn01 ~]# uname -a
Linux c1awn01 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@c1awn01 ~]# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core) 

1.环境

局域网，不需要docker外网加速服务

• 搭建方法1. 如果/etc/docker/下有 配置daemon.json，把里面的加速地址"http://9**.m.daocloud.io" 换成内网
• 搭建方法2. 没有daemon.json，或者干脆删掉此文件

2. 搭建方法1

如果/etc/docker/下有 配置daemon.json，把里面的加速地址 "http://96**.m.daocloud.io" 换成内网

[root@c1awn01 docker]# vi /etc/docker/daemon.json        
{
    "registry-mirrors":
    [
        "http://192.168.80.129:5000"
    ],
    "insecure-registries": ["192.168.80.129:5000"]
}

重启docker，这会导致私有仓库清空，所以需要再次push镜像上去
因为是在本地部署机器上执行重启docker操作，所以导致私有仓库清空。正常情况下已经部署好了私有仓库A，客户机B重启本机docker，并不会导致部署端仓库镜像重启
pull测试

[root@c1awn01 docker]# docker push 192.168.80.129:5000/local-re
The push refers to a repository [192.168.80.129:5000/local-re]
9113493eaae1: Pushed 
621c2399d41a: Pushed 
59e80739ed3f: Pushed 
febf19f93653: Pushed 
e53f74215d12: Pushed 
latest: digest: sha256:feb40d14cd33e646b9985e2d6754ed66616fedb840226c4d917ef53d616dcd6c size: 1364
[root@c1awn01 docker]# curl 192.168.80.129:5000/v2/_catalog
{"repositories":["local-re"]}
[root@c1awn01 docker]# curl 127.0.0.1:5000/v2/_catalog
{"repositories":["local-re"]}

现在pull刚推上去的local-re测试

[root@c1awn01 docker]# docker pull local-re
Using default tag: latest
Trying to pull repository docker.io/library/local-re ... 
repository docker.io/local-re not found: does not exist or no pull access
[root@c1awn01 docker]# docker pull 192.168.80.129:5000/local-re
Using default tag: latest
Trying to pull repository 192.168.80.129:5000/local-re ... 
latest: Pulling from 192.168.80.129:5000/local-re
Digest: sha256:feb40d14cd33e646b9985e2d6754ed66616fedb840226c4d917ef53d616dcd6c
Status: Image is up to date for 192.168.80.129:5000/local-re:latest

上面说此方法直接pull镜像名会导致定向到官网，需要手动输入私有仓库ip：port

docker pull 192.168.80.129:5000/local-re

而且可以看下此时的docker info最后一行

[root@c1awn01 docker]# docker info
---------------------------------
Insecure Registries:
 192.168.80.129:5000
 127.0.0.0/8
Registry Mirrors:
 http://192.168.80.129:5000
Live Restore Enabled: false
Registries: docker.io (secure)

Registries: docker.io (secure)只有官方地址

3. 搭建方法2

1. 查看docker服务文件

[root@c1awn01 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since 日 2018-05-13 10:02:21 CST; 14min ago
     Docs: http://docs.docker.com
 Main PID: 2579 (dockerd-current)
    Tasks: 38
   Memory: 29.6M
   CGroup: /system.slice/docker.service
           ├─2579 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-...
           ├─2585 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-t...
           ├─2694 /usr/libexec/docker/docker-proxy-current -proto tcp -host-ip 0.0.0.0 -host-port 5000 -container-ip 172.17.0.2 -container-port 50...
           └─2700 /usr/bin/docker-containerd-shim-current 63c148557f3e8517a1da4cedae18f52f8b644cf1b583ae083c1e8d9fd15e5f54 /var/run/docker/libcont...

5月 13 10:03:26 c1awn01 dockerd-current[2579]: 192.168.80.129 - - [13/May/2018:02:03:26 +0000] "PUT /v2/local_registry/manifests/latest H...nux\\))"
5月 13 10:03:34 c1awn01 dockerd-current[2579]: time="2018-05-13T02:03:34Z" level=info msg="response completed" go.version=go1.7.6 http.re...eragent=
5月 13 10:03:34 c1awn01 dockerd-current[2579]: 172.17.0.1 - - [13/May/2018:02:03:34 +0000] "GET /v2/_catalog HTTP/1.1" 200 36 "" "curl/7.29.0"
5月 13 10:07:54 c1awn01 dockerd-current[2579]: 192.168.80.129 - - [13/May/2018:02:07:54 +0000] "GET /v1/_ping HTTP/1.1" 404 19 "" "docker...nux\\))"
5月 13 10:07:54 c1awn01 dockerd-current[2579]: time="2018-05-13T10:07:54.236412423+08:00" level=error msg="Handler for GET /v1.26/images/...ode 404"
5月 13 10:07:54 c1awn01 dockerd-current[2579]: 192.168.80.129 - - [13/May/2018:02:07:54 +0000] "GET /v1/search?q=local_registry&n=25 HTTP...nux\\))"
5月 13 10:15:46 c1awn01 dockerd-current[2579]: time="2018-05-13T10:15:46.584080058+08:00" level=warning msg="failed to retrieve docker-ru...2-dev\n"
5月 13 10:15:46 c1awn01 dockerd-current[2579]: time="2018-05-13T10:15:46.584165298+08:00" level=warning msg="failed to retrieve docker-init version"
5月 13 10:16:14 c1awn01 dockerd-current[2579]: time="2018-05-13T10:16:14.260111545+08:00" level=warning msg="failed to retrieve docker-ru...2-dev\n"
5月 13 10:16:14 c1awn01 dockerd-current[2579]: time="2018-05-13T10:16:14.260235357+08:00" level=warning msg="failed to retrieve docker-init version"
Hint: Some lines were ellipsized, use -l to show in full.

上面可知服务文件是/usr/lib/systemd/system/docker.service

2. 给服务文件添加启动执行项

--add-registry=192.168.80.129:5000\
--insecure-registry=192.168.80.129:5000\

[root@c1awn01 ~]# vi /usr/lib/systemd/system/docker.service

[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target rhel-push-plugin.socket registries.service
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer

[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
          --add-registry=192.168.80.129:5000\
          --insecure-registry=192.168.80.129:5000\
          --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
          --default-runtime=docker-runc \
          --exec-opt native.cgroupdriver=systemd \
          --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
          --seccomp-profile=/etc/docker/seccomp.json \
          $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY \
          $REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
MountFlags=slave
KillMode=process

[Install]
WantedBy=multi-user.target
~
~
"/usr/lib/systemd/system/docker.service" 43L, 1400C written

3. 重启docker，重新push，pull测试，可以直接pull 镜像名，不需要加私有仓库ip：port

[root@c1awn01 docker]# docker pull local_re
Using default tag: latest
Trying to pull repository 192.168.80.129:5000/local_re ... 
Pulling repository 192.168.80.129:5000/local_re
Trying to pull repository docker.io/library/local_re ... 
repository docker.io/local_re not found: does not exist or no pull access

看下此时的dockerinfo

Registry: https://192.168.80.129:5000/v1/
Experimental: false
Insecure Registries:
 192.168.80.129:5000
 127.0.0.0/8
Live Restore Enabled: false
Registries: 192.168.80.129:5000 (insecure), docker.io (secure)

Registries: 192.168.80.129:5000 (insecure), docker.io (secure) 包含了私有仓库地址

转载于:https://my.oschina.net/u/3746745/blog/1811571