Of Stack

docker creating a private mirror repository setup tutorial

  • 2020-06-03 08:56:32
  • OfStack

My environment-related Settings are as follows

Environment: centos7

IP address: 10.211.55.30

dockere version: 1.10.3

Mirror warehouse: v2

First download the registry image on machine 10.211.55.30 


$ docker pull registry

Image import can also be used for offline installation. Can be downloaded to my network location: https: / / pan baidu. jHZlz2u com s / 1

Then go to Docker to import 


$ docker load -i registry.tar

After downloading, we start a container with this image 


$ docker run -d -p 5000:5000 registry

By default, the warehouse will be stored in containers/tmp/registry directory, so that if the container is removed, the image is stored in containers will be lost, so we like 1 case will specify a local directory mounted to the container/tmp/registry, I will/opt data/registry directory mounted to/tmp/registry directory, if you don't have the local directory to the newly created, also need to give/opt/data/registry directory permissions 


chmod +777 /opt/data/registry

Here's the pit: By default it's in the /tmp/registry directory in the container, but my container image is in the /var/lib/registry location in the container.
I used find / -ES61en *** to find the location after uploading one image after setup 


[root@server01 ~]# docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry registry 
55c60589cb0e2d094d5371c4dd650127cfeae1b361477d50cfe48552e6308830

You can see that we have started a container at the address 10.211.55.30:5000.

test

The next step is to put a local image, push, into the private repository. First test pull1 with a smaller image under machine 10.211.55.30 (busybox is used here) 


$ sudo docker pull busybox

Next, change the tag of the image under 1. The format of the image is mirror warehouse IP: port/mirror name 


$ sudo docker tag busybox 10.211.55.30:5000/busybox

Next, upload the image with tag to the private warehouse. 


$ sudo docker push 10.211.55.30:5000/busybox

You can see that push failed with the following errors: 



2015/01/05 11:01:17 Error: Invalid registry endpoint https://192.168.112.136:5000/v1/: Get https://192.168.112.136:5000/v1/_ping: dial tcp 192.168.112.136:5000: connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.112.136:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/192.168.112.136:5000/ca.crt 

Since Docker interacts with docker registry since 1.3.X, the default is https. However, the private warehouse built here only provides http services, so the error will be reported when interacting with the private warehouse. To solve this problem, you need to add the boot parameter when starting docker server to use http access by default. Modified docker startup configuration file (this is a modified 10.211.55.30 machine configuration) centos7 configuration file under the address is: / usr lib systemd/system/docker service, in which increased � insecure - registry 10.211.55.30:5000 as shown below: 


[Unit] 
Description=Docker Application Container Engine 
Documentation=http://docs.docker.com 
After=network.target rhel-push-plugin.socket 
Wants=docker-storage-setup.service 
  
[Service] 
Type=notify 
NotifyAccess=all 
EnvironmentFile=-/etc/sysconfig/docker 
EnvironmentFile=-/etc/sysconfig/docker-storage 
EnvironmentFile=-/etc/sysconfig/docker-network 
Environment=GOTRACEBACK=crash 
ExecStart=/usr/bin/docker-current daemon \ 
     --exec-opt native.cgroupdriver=systemd \ 
     --insecure-registry=10.211.55.30:5000 \ 
     $OPTIONS \ 
     $DOCKER_STORAGE_OPTIONS \ 
     $DOCKER_NETWORK_OPTIONS \ 
     $ADD_REGISTRY \ 
     $BLOCK_REGISTRY \ 
     $INSECURE_REGISTRY 
LimitNOFILE=1048576 
LimitNPROC=1048576 
LimitCORE=infinity 
TimeoutStartSec=0 
MountFlags=slave 
Restart=on-abnormal 
  
[Install] 
WantedBy=multi-user.target

After the modifications, restart the Docker service. 


$ restart docker

After the restart we run the push command again and push the local image to the private server. 


$ docker load -i registry.tar
0

You can see that the image has moved push to the private repository.

At this step, it is not certain that I can succeed. Using journalctl-ES127en, I can check the log information. The following information can be seen through the log information 


$ docker load -i registry.tar
1

The closing method is as follows

View SELinux status: 


$ docker load -i registry.tar
2

Close the SELinux:

1. Temporary shutdown (no need to restart the machine) 


setenforce 0  ## Set up the SELinux  Become a permissive model  setenforce 1  Set up the SELinux  Become a enforcing model

2. To modify the configuration file, restart the machine:

Modify the /etc/selinux/config file

Change SELINUX=enforcing to SELINUX=disabled

Restart the machine

Next we delete the local image and remove it from the private repository pull. 


$ docker load -i registry.tar
4

This completes the Docker private warehouse. The warehouses built above do not require certification.

Manage the images in the warehouse

The query

Viewing or retrieving Repository or images in Private Registry2 will not work with docker search and will report an error below 


$ docker load -i registry.tar
5

But through the API v2 version, we can achieve the same purpose, must according to IP: port v2 / _catalog formats: 


$ docker load -i registry.tar
6

Pull the mirror image as follows 


$ docker load -i registry.tar
7
Related articles: