Implementation of Docker Private Warehouse Registry Deployment
- 2021-08-17 01:21:42
- OfStack
As docker uses more and more images, there is a need for a place to store the images, which is the repository. At present, there are two commonly used warehouses: public warehouses and private warehouses. The most convenient is to use the public warehouse upload and download, download the image of the public warehouse is not required to register, but upload, is required to register.
The most commonly used private warehouses are Registry and Harbor. Next, we will introduce in detail how to build registry private warehouses, and Harbor will be deployed in the next blog post.
1. Deploy an Registry private repository
Case description
Two CentOS7.4 and one Docker private warehouse; The other one is Docker client, which is tested and used;
Docker service is required for both servers. Please refer to the blog post: Installing Docker. v 19 version
1. Configure registry private repository
[root@centos01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
<!--docker The host machine turns on the routing function -->
[root@centos01 ~]# sysctl -p <!-- Refresh configuration -->
net.ipv4.ip_forward = 1
[root@centos01 ~]# vim /etc/docker/daemon.json <!-- Configuring Mirror Acceleration -->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"]} <!-- Add Alibaba Cloud Acceleration -->
[root@centos01 ~]# systemctl reload docker <!-- Restart docker Services -->
[root@centos01 ~]# docker search registry <!-- Find registry Mirror image -->
<!--registry Mirroring can be done directly first pull Come down, or you can not download it, according to your own situation -->
[root@centos01 ~]# docker run -d -p 5000:5000 --name registry --restart=always -v /opt/registry:/var/lib/registry registry
<!-- Run registry Container, run registry Services store their own images -->
<!--"--restart=always" Parameter means that this container follows the docker Service starts and starts -->
[root@centos01 ~]# docker ps <!-- View docker Running container -->
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a7773d77b8a3 registry "/entrypoint.sh /etc … " 50 seconds ago Up 46 seconds 0.0.0.0:5000->5000/tcp registry
[root@centos01 ~]# docker images <!-- View docker All mirrors -->
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 708bc6af7e5e 3 months ago 25.8MB
tomcat latest 1b6b1fe7261e 5 days ago 647MB
hub.c.163.com/public/centos 6.7-tools b2ab0ed558bb 3 years ago 602MB
[root@centos01 ~]# vim /etc/docker/daemon.json <!-- Configure docker Service support registry Services -->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"],
"insecure-registries":["192.168.100.10:5000"] <!-- Add this row -->
}
[root@centos01 ~]# systemctl reload docker <!-- Restart docker Services -->
2. Upload the image to the registry private repository
[root@centos01 ~]# docker tag hub.c.163.com/public/centos:6.7-tools 192.168.100.10:5000/image/centos:6.7
<!-- Modify Mirror Label -->
[root@centos01 ~]# docker push 192.168.100.10:5000/image/centos:6.7 <!-- Upload an image to registry Private warehouse -->
2. Configure the Docker client to access the private repository
<!-- Client installation docker Service, configure mirroring acceleration -->
[root@centos02 ~]# vim /etc/docker/daemon.json <!-- Configure docker Support registry Services -->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"],
"insecure-registries":["192.168.100.10:5000"] <!-- Add this row -->
}
[root@centos02 ~]# systemctl restart docker <!-- Restart docker Services -->
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/centos:6.7
<!-- Client downloads images from private repositories -->
[root@centos02 ~]# docker images <!-- Check whether the image was downloaded successfully -->
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.10:5000/image/centos 6.7 b2ab0ed558bb 3 years ago 602MBSo far, the private warehouse of registry has been built, but there is a problem now. If this is also deployed, all personnel in the enterprise can access our private warehouse. For the sake of security, add an authentication for registry next. Only after passing the authentication can the image in the private warehouse be uploaded or downloaded.
3. Configure registry Load Authentication
[root@centos01 ~]# yum -y install httpd-tools <!-- Installing encryption tools httpd-tools-->
[root@centos01 ~]# mkdir /opt/registry-auth <!-- Create a directory to store authentication keys -->
[root@centos01 ~]# htpasswd -Bbn bob pwd@123 > /opt/registry-auth/htpasswd
<!-- Configure registry Authentication database -->
<!--"-Bbn "Parameter interpretation: B Enforce password encryption; b Enter the password in the command without prompting for the password; n Do not update the key file -->
<!-- Delete all containers on this server, and then rebuild 1 Private warehouse containers that require authentication -->
[root@centos01 ~]# docker run -d -p 5000:5000 --restart=always \
-v /opt/registry-auth/:/auth/ \
-v /opt/registry:/var/lib/registry --name registry-auth -e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
<!-- Rerun 1 Objects that support authentication registry Private Mirror Warehouse Container -->
[root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:5000/image/tomcat:1.0
<!-- Mirror modification label -->
[root@centos01 ~]# docker push 192.168.100.10:5000/image/tomcat:1.0
<!-- Test whether you can upload images to private repositories without authentication -->
no basic auth credentials
<!-- Prompt has no authentication and cannot be uploaded -->
[root@centos01 ~]# docker login 192.168.100.10:5000
<!-- Log in to the private mirror warehouse and upload it through authentication -->
Username: bob <!-- Input bob-->
Password: <!-- Enter password -->
............ <!-- Some contents are omitted here -->
Login Succeeded <!-- Authenticated, you can upload the image to the private repository at this time -->
[root@centos01 ~]# docker push 192.168.100.10:5000/image/tomcat:1.0 <!-- Upload the image to the private repository again -->
The push refers to repository [192.168.100.10:5000/image/tomcat]
b0ac242ce8d3: Pushed
5e71d8e4cd3d: Pushed
eb4497d7dab7: Pushed
bfbfe00b44fc: Pushed
d39111fb2602: Pushed
155d997ed77c: Pushed
88cfc2fcd059: Pushed
760e8d95cf58: Pushed
7cc1c2d7e744: Pushed
8c02234b8605: Pushed
1.0: digest: sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181c size: 2421
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/tomcat:1.0
<!--docker The client downloading the image in the private repository without authentication is directly rejected -->
Error response from daemon: Get http://192.168.100.10:5000/v2/image/tomcat/manifests/1.0: no basic auth credentials
[root@centos02 ~]# docker login 192.168.100.10:5000
<!-- Log in to the private warehouse and pass the authentication -->
Username: bob <!-- Input bob-->
Password: <!-- Enter password -->
Login Succeeded <!-- Passed authentication -->
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/tomcat:1.0 <!-- Download the image in the private repository -->
1.0: Pulling from image/tomcat
376057ac6fa1: Pull complete
5a63a0a859d8: Pull complete
496548a8c952: Pull complete
2adae3950d4d: Pull complete
0a297eafb9ac: Pull complete
09a4142c5c9d: Pull complete
9e78d9befa39: Pull complete
18f492f90b9c: Pull complete
7834493ec6cd: Pull complete
216b2be21722: Pull complete
Digest: sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181c
Status: Downloaded newer image for 192.168.100.10:5000/image/tomcat:1.0
192.168.100.10:5000/image/tomcat:1.0
[root@centos02 ~]# docker images <!-- View docker Client mirroring -->
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.10:5000/image/tomcat 1.0 1b6b1fe7261e 5 days ago 647MB
192.168.100.10:5000/image/centos 6.7 b2ab0ed558bb 3 years ago 602MB