CoreOS环境下通过register镜像搭建私有仓库,coreosregister
CoreOS环境下通过register镜像搭建私有仓库,coreosregister
Docker支持采用仓库(本处指的是registry)来支持镜像的分发和更新管理。这极大的便利了用户。
官方提供了dockerhub网站来作为一个公开的集中仓库。然而,本地访问dockerhub速度往往很慢,并且很多时候我们需要一个本地的私有仓库只供网内使用。
关于如何创建和使用本地仓库,其实已经有很多文章介绍了。但是这些文章要么内容已经过时,要么给出了错误的配置,导致无法正常创建仓库。 本文以CoreOS系统为基础,讲解如何通过register镜像创建一个本地Repo
1 使用registry启动私有仓库的容器
docker run -d -p 5000:5000 -v /root/my_registry:/tmp/registry registry
说明:若之前没有安装registry容器则会自动下载并启动一个registry容器,创建本地的私有仓库服务。默认情况下,会将仓库创建在容器的/tmp/registry目录下,可以通过 -v 参数来将镜像文件存放在本地的指定路径上(例如,放在本地目录/root/my_registry下)。
2 向私有仓库push镜像
启动完register的镜像后,将register镜像上传到本地仓库上作为测试
说明:根据第一步启动的registry容器所在宿主主机的IP和Port,push某环境的本地容器。
localhost images # docker push 10.0.0.142:5000/register
The push refers to a repository [10.0.0.142:5000/register] (len: 1)
Sending image list
Pushing repository 10.0.0.142:5000/register (1 tags)
e9e06b06e14c: Image successfully pushed
a82efea989f9: Image successfully pushed
37bea4ee0c81: Image successfully pushed
07f8e8c5e660: Image successfully pushed
1f4ab7282e19: Image successfully pushed
0e4483abe66b: Image successfully pushed
c6153b5d8f1f: Image successfully pushed
2bc4611f2ed7: Image successfully pushed
30887473610f: Image successfully pushed
3f8e22c413b1: Image successfully pushed
22b1c756fa19: Image successfully pushed
90607d8d09d1: Image successfully pushed
4f4a5acb19eb: Image successfully pushed
204704ce3137: Image successfully pushed
Pushing tag for rev [204704ce3137] on {http://10.0.0.142:5000/v1/repositories/register/tags/latest}
宿主主机my_registry的目录结构
localhost my_registry # ls -R .: images repositories ./images: 07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95 2bc4611f2ed7611f46c4aaee05e34b7a490671c79c41b827dc168377da95b041 90607d8d09d11e65ed8f4e4f5b20d99ecc1db1539b7c96ef28884dcebb1cbee6 0e4483abe66bcc57ffe504a9baf65432f4931e5f91da3d5257e9990580d4beb0 30887473610f3f9354a34931cc43b8dd744d93375d6d95704d45313f843008dd a82efea989f94b1d9fac76e26e37b0bbde11047a3afcaa47064949dfa3b3209b 1f4ab7282e19ba4c80106bb4f6adf631c7d7ac7f48dd05bcb10b42768eb57913 37bea4ee0c816e3a3fa025f36127ef8ef0817b3f8fcd7b49eb7b26064f647bb0 c6153b5d8f1ff7de06410275d26bed8163e39cee970d052d457aef2d1658c383 204704ce31375bcf4afecf672563b4881bbef0d59135c68d273235bb7254fb4b 3f8e22c413b1783145e785a4729c4d5f98f9baca025b74d73774ed438ac82ba2 e9e06b06e14c2f7d8df0251e3bb852c3a10a70639498163d4f180a823c18fdfc 22b1c756fa19552df56cee7d7dc685ba2411878dbfda0950e849941af91a7f43 4f4a5acb19eb919eac7b507368e36b9a1d55b79974c20704de9b3ed32d258429 ./images/07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95: _checksum ancestry json layer ./images/0e4483abe66bcc57ffe504a9baf65432f4931e5f91da3d5257e9990580d4beb0: _checksum ancestry json layer ./images/1f4ab7282e19ba4c80106bb4f6adf631c7d7ac7f48dd05bcb10b42768eb57913: _checksum ancestry json layer ./images/204704ce31375bcf4afecf672563b4881bbef0d59135c68d273235bb7254fb4b: _checksum ancestry json layer ./images/22b1c756fa19552df56cee7d7dc685ba2411878dbfda0950e849941af91a7f43: _checksum ancestry json layer ./images/2bc4611f2ed7611f46c4aaee05e34b7a490671c79c41b827dc168377da95b041: _checksum ancestry json layer ./images/30887473610f3f9354a34931cc43b8dd744d93375d6d95704d45313f843008dd: _checksum ancestry json layer ./images/37bea4ee0c816e3a3fa025f36127ef8ef0817b3f8fcd7b49eb7b26064f647bb0: _checksum ancestry json layer ./images/3f8e22c413b1783145e785a4729c4d5f98f9baca025b74d73774ed438ac82ba2: _checksum ancestry json layer ./images/4f4a5acb19eb919eac7b507368e36b9a1d55b79974c20704de9b3ed32d258429: _checksum ancestry json layer ./images/90607d8d09d11e65ed8f4e4f5b20d99ecc1db1539b7c96ef28884dcebb1cbee6: _checksum ancestry json layer ./images/a82efea989f94b1d9fac76e26e37b0bbde11047a3afcaa47064949dfa3b3209b: _checksum ancestry json layer ./images/c6153b5d8f1ff7de06410275d26bed8163e39cee970d052d457aef2d1658c383: _checksum ancestry json layer ./images/e9e06b06e14c2f7d8df0251e3bb852c3a10a70639498163d4f180a823c18fdfc: _checksum ancestry json layer ./repositories: library ./repositories/library: register ./repositories/library/register: _index_images json tag_latest taglatest_json
关于https的问题
- root@gerryyang:~# docker push 104.131.173.242:5000/ubuntu_sshd_gcc_gerry:14.04
- FATA[0002] Error: Invalid registry endpoint https://104.131.173.242:5000/v1/: Get https://104.131.173.242:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 104.131.173.242:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/104.131.173.242:5000/ca.crt
解决方案:
- vi /usr/lib/systemd/system/docker.service
内容修改如下:
[Unit] Description=Docker Application Container Engine Documentation=http://docs.docker.com After=network.target docker.socket Requires=docker.socket [Service] Type=notify EnvironmentFile=-/etc/sysconfig/docker EnvironmentFile=-/etc/sysconfig/docker-storage ExecStart=/usr/bin/docker -d --insecure-registry 10.0.0.142:5000 -H fd:// $OPTIONS $DOCKER_STORAGE_OPTIONS LimitNOFILE=1048576 LimitNPROC=1048576 [Install] WantedBy=multi-user.target
- 在CoreOS系统中,执行方法一,可能会遇到/usr/lib/systemd/system/docker.service 文件ReadOnly 无法修改的情况,这时可以手工启动并添加 --insecure-registry参数
localhost ~ # /usr/lib/coreos/dockerd --daemon --insecure-registry 10.0.0.142:5000
相关讨论可参见:http://dockone.io/question/21
3 私有仓库查询方法
curl http://10.0.0.142:5000/v1/search
说明:使用curl查看仓库104.131.173.242:5000中的镜像。在结果中可以查看到ubuntu_sshd_gcc_gerry,说明已经上传成功了。
4 在其他的机器上访问和下载私有仓库的镜像
- 在客户机上手工启动docker:localhost ~ # /usr/lib/coreos/dockerd --daemon --insecure-registry 10.0.0.142:5000
- 执行pull命令
- localhost ~ # docker pull 10.0.0.142:5000/jdk7
- Pulling repository 10.0.0.142:5000/jdk7
- 134625e9d4d7: Download complete
- 134625e9d4d7: Pulling image (latest) from 10.0.0.142:5000/jdk7
- 6941bfcbbfca: Download complete
- 41459f052977: Download complete
- fd44297e2ddb: Download complete
- 40eba1bcf993: Download complete
- e60bdcf6f45f: Download complete
- 367c013cf9ca: Download complete
- 81812b96beec: Download complete
- 776f6d47bdf7: Download complete
- 2c96f979a63a: Download complete
- f33b1fffe108: Download complete
- 71f589de03a8: Download complete
- 2115aa302043: Download complete
- 6a498e83fe1b: Download complete
- 591be66f0e03: Download complete
- c468a9de6202: Download complete
- a510d6919954: Download complete
- 14b73f7c3942: Download complete
- b591b7e6f5da: Download complete
- f1a90a0630e1: Download complete
- 131a069bbe25: Download complete
- Status: Downloaded newer image for 10.0.0.142:5000/jdk7:latest
评论暂时关闭