本次用来做 docker 仓库的环境说明如下:
系统:CentOS 7.6
docker版本: 1.13.1
ip地址:
仓库: 192.168.56.99 hostname为centos7
本地:192.168.56.100 hostname为dockerrepository
docker pull docker.io/registry
启动前我们用 docker inspect
命令,看一下需要images需要挂载的盘:看到 Volumes 参参数
"Volumes": {
"/var/lib/registry": {}
},
下面运行该镜像
docker run -d -p 5000:5000 --restart=always --name=registry -v /soft/docker/repository:/var/lib/registry --privileged=true registry
docker pull library/hello-world
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest f32a97de94e1 2 weeks ago 25.8 MB
docker.io/hello-world latest fce289e99eb9 2 months ago 1.84 kB
镜像的名字由两部分组成:repository 和 tag。
[image name] = [repository]:[tag]
接下来我们对上面的 hello-world 进行重命名:docker tag IMAGEID(镜像id) REPOSITORY:TAG(仓库:标签)
docker tag fce289e99eb9 192.168.56.99:5000/hello:v1.0
** 注意:这里不能用大写字母,不然会报错:xxx is not a valid repository/tag **
再次用 docker images
发现是拷贝了一个 images 出来
[root@centos7 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test-docker latest 4348eee9a514 23 hours ago 121 MB
docker.io/openjdk 8-jdk-alpine e9ea51023687 2 weeks ago 105 MB
192.168.56.99:5000/hello v1.0 fce289e99eb9 2 months ago 1.84 kB
docker.io/hello-world latest fce289e99eb9 2 months ago 1.84 kB
[root@centos7 docker]# docker push 192.168.56.99:5000/hello:v1.0
The push refers to a repository [192.168.56.99:5000/hello]
af0b15c8625b: Pushed
v1.0: digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a size: 524
查看仓库
[root@dockerrepository soft]# curl 192.168.56.99:5000/v2/_catalog
{"repositories":["hello"]}
推送成功~
先删除本地的私有镜像
[root@centos7 docker]# docker rmi 192.168.56.99:5000/hello:v1.0
Untagged: 192.168.56.99:5000/hello:v1.0
Untagged: 192.168.56.99:5000/hello@sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
再拉取该镜像:
Trying to pull repository 192.168.56.99:5000/hello ...
v1.0: Pulling from 192.168.56.99:5000/hello
Digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
Status: Downloaded newer image for 192.168.56.99:5000/hello:v1.0
再运行一次的话,会获得最新版本的镜像
[root@centos7 docker]# docker pull 192.168.56.99:5000/hello:v1.0
Trying to pull repository 192.168.56.99:5000/hello ...
v1.0: Pulling from 192.168.56.99:5000/hello
Digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
Status: Image is up to date for 192.168.56.99:5000/hello:v1.0
具体的api得查看官方文档:
https://docs.docker.com/registry/spec/api/
为了方便管理,我们需给其搭建一个 web 后台界面来访问
The push refers to a repository [192.168.56.99:5000/hello]
An image does not exist locally with the tag: 192.168.56.99:5000/hello
原因:
重名名的时候要指定好其对应的仓库,不然就是默认的docker仓库(DockerHub)
正确格式应该为:
docker tag imageId 仓库地址/新的名称:tag
The push refers to a repository [192.168.56.99:5000/hello]
Get https://192.168.56.99:5000/v1/_ping: http: server gave HTTP response to HTTPS client
解决办法: 修改 /etc/docker/deamon.json 文件配置私有仓库。
vi /etc/docker/daemon.json
加入insecure-registries配置:
{
"registry-mirrors": ["https://registry.dockercn.com","https://docker.mirrors.ustc.edu.cn","https://docker.mirrors.ustc.edu.cn"],
"insecure-registries": ["192.168.56.99:5000"]
}
重启docker
systemctl restart docker
The push refers to a repository [192.168.56.99:5000/hello]
af0b15c8625b: Retrying in 1 second
到192.168.56.99上看一下docker日志。-f 代表持续输出文件内容。registry是我们仓库容器的命名
docker logs -f registry
看到下面的内容,
time="2019-03-22T08:25:42.217991747Z" level=error msg="response completed with error" err.code=unknown err.detail="filesystem: mkdir /var/lib/registry/docker: permission denied" err.message="unknown error" go.version=go1.11.2 http.request.host="192.168.56.99:5000" http.request.id=750b0e5a-c508-4e9c-89b9-8b4dbbecdca4 http.request.method=POST http.request.remoteaddr="192.168.56.100:47320" http.request.uri="/v2/hello/blobs/uploads/" http.request.useragent="docker/1.13.1 go/go1.10.3 kernel/3.10.0-957.10.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.13.1 \(linux\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=1.348042ms http.response.status=500 http.response.written=164 vars.name=hello
注意这一句:filesystem: mkdir /var/lib/registry/docker: permission denied
是因为CentOS7中的安全模块selinux把权限禁掉了。我们在启动 registry 的时候要给 registry 添加 --privileged=true 参数
启动仓库的时候用下面命令:
docker run -d -p 5000:5000 --restart=always -v /soft/docker/repository:/var/lib/registry --privileged=true registry
注意这个时候就不要加上 --name 属性了,因为名为registry 的容器已经存在了