Linux学习-Docker学习之私有Registry

Registry

用于保存docker镜像,包括镜像的层次结构和元数据

  • Sponsor Registry:第三方Registry,供客户和Docker社区使用
  • Mirror Registry:第三方Registry,只让客户使用
  • Vendor Registry:由发布Docker镜像的供应商提供的registry
  • Private Registry:通过设有防火墙和额外的安全层的私有实体提供的registry
启动构建私有Registry
#--restart=always参数表示在docker服务重新启动时自动启动此容器
[root@docker ~]# docker run -d -p 5000:5000 --restart=always -v /opt/registry:/var/lib/registry registry
[root@docker ~]# docker image ls
REPOSITORY           TAG       IMAGE ID       CREATED        SIZE
registry             latest    b2cb11db9d3d   7 weeks ago    26.2MB
nginx                1.14      295c7be07902   2 years ago    109MB
ubuntu               15.10     9b9cb95443b5   5 years ago    137MB
修改配置文件
#修改docker的配置文件,添加insecure-registries,标记此registries为非安全使用非https
[root@docker ~]# vim /etc/docker/daemon.json
{
  "registry-mirrors" : [
  "https://registry.docker-cn.com",
  "https://docker.mirrors.ustc.edu.cn",
  "http://hub-mirror.c.163.com",
  "https://cr.console.aliyun.com/"],
  #insecure-registries表示后面的registry地址为非安全的
  "insecure-registries":["192.168.88.101:5000"],
  #docker启动时,自动启动容器
  "live-restore":true
}
#重新启动Docker
[root@docker ~]# systemctl restart docker
上传镜像至本地仓库
#1.镜像上传至仓库需要对上传的镜像名称进行更改[镜像格式:registry仓库地址:端口/项目名称/镜像名称]
[root@docker ~]# docker image tag nginx 192.168.88.101:5000/tye/nginx:v1
[root@docker ~]# docker image ls
REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
192.168.88.101:5000/tye/nginx   v1        87a94228f133   8 days ago     133MB
nginx                           latest    87a94228f133   8 days ago     133MB
registry                        latest    b2cb11db9d3d   7 weeks ago    26.2MB
nginx                           1.14      295c7be07902   2 years ago    109MB
ubuntu                          15.10     9b9cb95443b5   5 years ago    137MB
#2.上传至本地仓库
[root@docker ~]# docker image push 192.168.88.101:5000/tye/nginx:v1
克隆一台docker的虚拟机(docker2)来测试私有Registry
#清空docker2上所有的容器和镜像
[root@docker2 ~]# docker container rm -f `docker container ls -aq`
[root@docker2 ~]# docker image rm -f `docker image ls -aq`
#查看docker2主机的配置文件
[root@docker ~]# vim /etc/docker/daemon.json
{
  "registry-mirrors" : [
  "https://registry.docker-cn.com",
  "https://docker.mirrors.ustc.edu.cn",
  "http://hub-mirror.c.163.com",
  "https://cr.console.aliyun.com/"],
  "insecure-registries":["192.168.88.101:5000"]
}
#测试从docker1配置的本地registry中pull镜像到docker2主机上
[root@docker2 ~]# docker image pull 192.168.88.101:5000/tye/nginx:v1
v1: Pulling from tye/nginx
b380bbd43752: Pull complete 
fca7e12d1754: Pull complete 
745ab57616cb: Pull complete 
a4723e260b6f: Pull complete 
1c84ebdff681: Pull complete 
858292fd2e56: Pull complete 
Digest: sha256:7250923ba3543110040462388756ef099331822c6172a050b12c7a38361ea46f
Status: Downloaded newer image for 192.168.88.101:5000/tye/nginx:v1
192.168.88.101:5000/tye/nginx:v1
[root@docker2 ~]# docker image ls
REPOSITORY                      TAG       IMAGE ID       CREATED      SIZE
192.168.88.101:5000/tye/nginx   v1        87a94228f133   8 days ago   133MB
#pull之后同docker1本地仓库中的Image对比一下Image ID,相同表示pull镜像成功
上传第二个镜像至本地Registry
#1.打标签
[root@docker1 ~]# docker tag tye/centos_lamp:v2 192.168.88.101:5000/tye/centos_lamp:v1
#2.上传
[root@docker1 ~]# docker image push 192.168.88.101:5000/tye/centos_lamp:v1
在docker2上测试pull上传的镜像
[root@docker2 ~]# docker image pull 192.168.88.101:5000/tye/centos_lamp:v1
v1: Pulling from tye/centos_lamp
06a11a3d840d: Pull complete 
d889787eb63d: Pull complete 
ad1e076aaac9: Pull complete 
Digest: sha256:234565aeed6e953444dcc0226a06398b02caf6c962ea2581e9a0a7c808423f94
Status: Downloaded newer image for 192.168.88.101:5000/tye/centos_lamp:v1
192.168.88.101:5000/tye/centos_lamp:v1
[root@docker2 ~]# docker image ls
REPOSITORY                            TAG       IMAGE ID       CREATED        SIZE
192.168.88.101:5000/tye/centos_lamp   v1        cec4d57d1f5a   47 hours ago   440MB
192.168.88.101:5000/tye/nginx         v1        87a94228f133   8 days ago     133MB
本地仓库添加安全认证
生成密码(docker1)
[root@docker1 ~]# yum install -y httpd-tools
[root@docker1 ~]# mkdir -p /opt/registry-auth
[root@docker1 ~]# htpasswd -Bbn tye 123 >/opt/registry-auth/htpasswd
[root@docker1 ~]# cat /opt/registry-auth/htpasswd
tye:$2y$05$6LHld5TIci8Ws39YxXtcfuey6aS84M7nLnyUFZw.1JSDyXJMvdj7W
重新启动带有密钥功能的registry容器
#删除历史容器
[root@docker1 ~]# docker container rm -f `docker container ls -aq`
d48e73e11323
#启动带有密钥的registry容器
[root@docker1 ~]# docker container run -d -p 5000:5000 -v /opt/registry-auth/:/auth/ -v /opt/registry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
6195b439bb80f7aac9dc7ce819991cb1709cec33420a67d3105bffe50e20dd4d
测试push镜像
#测试上传镜像,提示需要认证
[root@docker1 ~]# docker image tag centos:7 192.168.88.101:5000/tye/centos:v1
[root@docker1 ~]# docker image push 192.168.88.101:5000/tye/centos:v1
The push refers to repository [192.168.88.101:5000/tye/centos]
174f56854903: Preparing 
no basic auth credentials
#进行登录认证
[root@docker1 ~]# docker login 192.168.88.101:5000
Username: tye
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
#重新上传镜像
[root@docker1 ~]# docker image push 192.168.88.101:5000/tye/centos:v1
The push refers to repository [192.168.88.101:5000/tye/centos]
174f56854903: Pushed 
v1: digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f size: 529
在docker2上测试pull镜像
#没有认证前,pull提示需要认证
[root@docker2 ~]# docker image pull 192.168.88.101:5000/tye/centos:v1
Error response from daemon: Head "http://192.168.88.101:5000/v2/tye/centos/manifests/v1": no basic auth credentials
#登录认证
[root@docker2 ~]# docker login 192.168.88.101:5000
Username: tye
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@docker2 ~]# docker image pull 192.168.88.101:5000/tye/centos:v1
v1: Pulling from tye/centos
2d473b07cdd5: Pull complete 
Digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f
Status: Downloaded newer image for 192.168.88.101:5000/tye/centos:v1
192.168.88.101:5000/tye/centos:v1
图形化的本地Registry(Habor)
#安装habor依赖--docker-compose
[root@docker1 ~]# yum install -y docker-compose
#下载Harbor安装包
[github下载链接-Habor](https://github.com/goharbor/harbor/releases)
[Habor下载链接](https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz)
#上传habor文件至/opt目录
[root@docker1 opt]# ll -h
total 628M
drwx--x--x 4 root root   28 Oct 15 21:07 containerd
drwxr-xr-x 5 root root   54 Oct 20 11:18 dockerfile
-rw-r--r-- 1 root root 628M Oct 20 20:56 harbor-offline-installer-v1.6.1.tgz
#解压文件
[root@docker1 opt]# tar xf harbor-offline-installer-v1.6.1.tgz 
#修改habor目录下的habor.cfg配置文件
[root@docker1 opt]# cd harbor
[root@docker1 harbor]# vim harbor.cfg
hostname = 192.168.88.101
habor_admin_password = 123456
#执行install.sh
[root@docker1 harbor]# ./install.sh
#Habor安装完成后,会启动以下容器
[root@docker1 harbor]# docker container ls
CONTAINER ID   IMAGE                                    COMMAND                  CREATED          STATUS                    PORTS                                                                                                                 NAMES
9fe1def580b2   goharbor/harbor-jobservice:v1.6.1        "/harbor/start.sh"       42 seconds ago   Up 42 seconds                                                                                                                                   harbor-jobservice
4e9896a8ae49   goharbor/nginx-photon:v1.6.1             "nginx -g 'daemon of…"   42 seconds ago   Up 42 seconds (healthy)   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:4443->4443/tcp, :::4443->4443/tcp   nginx
2bb58580368e   goharbor/harbor-ui:v1.6.1                "/harbor/start.sh"       43 seconds ago   Up 42 seconds (healthy)                                                                                                                         harbor-ui
a0de841f970e   goharbor/harbor-db:v1.6.1                "/entrypoint.sh post…"   43 seconds ago   Up 42 seconds (healthy)   5432/tcp                                                                                                              harbor-db
54068fa00170   goharbor/registry-photon:v2.6.2-v1.6.1   "/entrypoint.sh /etc…"   43 seconds ago   Up 42 seconds (healthy)   5000/tcp                                                                                                              registry
d2fb28f1a0a9   goharbor/harbor-adminserver:v1.6.1       "/harbor/start.sh"       43 seconds ago   Up 38 seconds (healthy)                                                                                                                         harbor-adminserver
a21f64d69629   goharbor/redis-photon:v1.6.1             "docker-entrypoint.s…"   43 seconds ago   Up 43 seconds             6379/tcp                                                                                                              redis
14c81ab376e9   goharbor/harbor-log:v1.6.1               "/bin/sh -c /usr/loc…"   44 seconds ago   Up 43 seconds (healthy)   127.0.0.1:1514->10514/tcp                                                                                             harbor-log
通过Opera浏览器打开网页访问Habor(使用admin用户和habor.cf中配置的密码(habor_admin_password = 123456)登录即可)

Linux学习-Docker学习之私有Registry_第1张图片

登录成功后出现以下页面

Linux学习-Docker学习之私有Registry_第2张图片

你可能感兴趣的:(Linux,docker,linux,运维)