docker creating a private mirror repository setup tutorial
- 2020-06-03 08:56:32
- OfStack
My environment-related Settings are as follows
Environment: centos7
IP address: 10.211.55.30
dockere version: 1.10.3
Mirror warehouse: v2
First download the registry image on machine 10.211.55.30
$ docker pull registry
Image import can also be used for offline installation. Can be downloaded to my network location: https: / / pan baidu. jHZlz2u com s / 1
Then go to Docker to import
$ docker load -i registry.tar
After downloading, we start a container with this image
$ docker run -d -p 5000:5000 registry
By default, the warehouse will be stored in containers/tmp/registry directory, so that if the container is removed, the image is stored in containers will be lost, so we like 1 case will specify a local directory mounted to the container/tmp/registry, I will/opt data/registry directory mounted to/tmp/registry directory, if you don't have the local directory to the newly created, also need to give/opt/data/registry directory permissions
chmod +777 /opt/data/registry
Here's the pit: By default it's in the /tmp/registry directory in the container, but my container image is in the /var/lib/registry location in the container.
I used find / -ES61en *** to find the location after uploading one image after setup
[root@server01 ~]# docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry registry
55c60589cb0e2d094d5371c4dd650127cfeae1b361477d50cfe48552e6308830
You can see that we have started a container at the address 10.211.55.30:5000.
test
The next step is to put a local image, push, into the private repository. First test pull1 with a smaller image under machine 10.211.55.30 (busybox is used here)
$ sudo docker pull busybox
Next, change the tag of the image under 1. The format of the image is mirror warehouse IP: port/mirror name
$ sudo docker tag busybox 10.211.55.30:5000/busybox
Next, upload the image with tag to the private warehouse.
$ sudo docker push 10.211.55.30:5000/busybox
You can see that push failed with the following errors:
2015/01/05 11:01:17 Error: Invalid registry endpoint https://192.168.112.136:5000/v1/: Get https://192.168.112.136:5000/v1/_ping: dial tcp 192.168.112.136:5000: connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.112.136:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/192.168.112.136:5000/ca.crt
Since Docker interacts with docker registry since 1.3.X, the default is https. However, the private warehouse built here only provides http services, so the error will be reported when interacting with the private warehouse. To solve this problem, you need to add the boot parameter when starting docker server to use http access by default. Modified docker startup configuration file (this is a modified 10.211.55.30 machine configuration) centos7 configuration file under the address is: / usr lib systemd/system/docker service, in which increased � insecure - registry 10.211.55.30:5000 as shown below:
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target rhel-push-plugin.socket
Wants=docker-storage-setup.service
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/docker-current daemon \
--exec-opt native.cgroupdriver=systemd \
--insecure-registry=10.211.55.30:5000 \
$OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$ADD_REGISTRY \
$BLOCK_REGISTRY \
$INSECURE_REGISTRY
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
MountFlags=slave
Restart=on-abnormal
[Install]
WantedBy=multi-user.target
After the modifications, restart the Docker service.
$ restart docker
After the restart we run the push command again and push the local image to the private server.
$ docker load -i registry.tar
0
You can see that the image has moved push to the private repository.
At this step, it is not certain that I can succeed. Using journalctl-ES127en, I can check the log information. The following information can be seen through the log information
$ docker load -i registry.tar
1
The closing method is as follows
View SELinux status:
$ docker load -i registry.tar
2
Close the SELinux:
1. Temporary shutdown (no need to restart the machine)
setenforce 0 ## Set up the SELinux Become a permissive model setenforce 1 Set up the SELinux Become a enforcing model
2. To modify the configuration file, restart the machine:
Modify the /etc/selinux/config file
Change SELINUX=enforcing to SELINUX=disabled
Restart the machine
Next we delete the local image and remove it from the private repository pull.
$ docker load -i registry.tar
4
This completes the Docker private warehouse. The warehouses built above do not require certification.
Manage the images in the warehouse
The query
Viewing or retrieving Repository or images in Private Registry2 will not work with docker search and will report an error below
$ docker load -i registry.tar
5
But through the API v2 version, we can achieve the same purpose, must according to IP: port v2 / _catalog formats:
$ docker load -i registry.tar
6
Pull the mirror image as follows
$ docker load -i registry.tar
7