CNDBA社区
Docker 中有三个重要的概念:仓库、镜像、容器。 仓库分公共仓库和私有仓库。 公共仓库就如Docker Hub。 但如果是公司内部使用的环境,使用公共仓库就不太方便,此时就可以搭建私有仓库。 私有仓库的搭建也很简单,因为官方提供了docker-registry组件,直接安装即可。
相关的基础操作操作可以参考如下博客:
Linux 7.7 安装 Docker
https://www.cndba.cn/dave/article/4100
Redhat 7.7 系统上 Docker 安装 MySQL
https://www.cndba.cn/dave/article/4102
Docker 配置国内源
https://www.cndba.cn/dave/article/4101
我们这里有2台机器:
1.192.168.74.203: docker 私有仓库服务器
2.192.168.74.202: 普通docker 服务器
1 docker仓库服务器上安装registry
初始化并启动镜像:
[root@www.cndba.cn ~]# docker run -d -v /opt:/var/lib/registry -p 5000:5000 --restart=always --privileged=true --name registry registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
486039affc0a: Pull complete
ba51a3b098e6: Pull complete
8bb4c43d6c8e: Pull complete
6f5f453e5f2d: Pull complete
42bc10b72f42: Pull complete
Digest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7
Status: Downloaded newer image for registry:latest
6ae59667de8a96374d1db0d0740e91d5a910db00db6d0902a98cf565989b484b
[root@www.cndba.cn ~]#
我们这里没有提前pull 下载镜像,docker run 在没有镜像的情况下会自动下载。
[root@www.cndba.cn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 708bc6af7e5e 2 months ago 25.8MB
[root@www.cndba.cn ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6ae59667de8a registry "/entrypoint.sh /etc…" About a minute ago Up About a minute 0.0.0.0:5000->5000/tcp registry
[root@www.cndba.cn ~]#
容器启动正常,对外提供服务通过5000端口映射到docker-registry的5000端口。 这里我们配置了数据卷,将私有仓库的镜像保存到了本地的/opt/docker/registry目录。 注意这里只需要指定最上级目录,docker/registry 会自动生成。
[root@www.cndba.cn ~]# curl -X GET http://127.0.0.1:5000/v2/_catalog
{"repositories":[]}
[root@www.cndba.cn ~]#
这里curl的命令收到的响应是个对象,其中repositories对应的值是空的json数组,表示目前仓库里还没有镜像。
2 配置支持http 协议推送
正常情况下,应用服务器推送镜像到仓库用的是https,如果不修改,push推送镜像时会报错。
The push refers to repository [192.168.74.203:5000/tomcat]
Get https://192.168.74.203:5000/v2/: http: server gave HTTP response to HTTPS client
这里可以直接需要修改docker的启动参数,支持http协议工作。在2台服务器上都配置。
直接在/etc/docker/daemon.json文件中添加:”insecure-registries”:[“192.168.74.203:5000”]。
[root@www.cndba.cn ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],
"insecure-registries":["192.168.74.203:5000"]
}
[root@www.cndba.cn ~]#
然后重启docker:
[root@www.cndba.cn ~]# systemctl daemon-reload
[root@www.cndba.cn ~]# systemctl restart docker
[root@www.cndba.cn ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6ae59667de8a registry "/entrypoint.sh /etc…" 9 minutes ago Up 4 seconds 0.0.0.0:5000->5000/tcp registry
[root@www.cndba.cn ~]#
3 推送镜像到私有仓库
我们在普通的docker 机器上先下载一个镜像:
[root@www.cndba.cn ~]# docker pull tomcat
Using default tag: latest
latest: Pulling from library/tomcat
50e431f79093: Pull complete
dd8c6d374ea5: Pull complete
c85513200d84: Pull complete
55769680e827: Pull complete
e27ce2095ec2: Pull complete
5943eea6cb7c: Pull complete
3ed8ceae72a6: Pull complete
91d1e510d72b: Pull complete
415cc4506e71: Pull complete
a79d88064227: Pull complete
Digest: sha256:b707d3b8b4f40951ca2f387c24ab9f78800c69c90740f0cca937a1b95204b3a4
Status: Downloaded newer image for tomcat:latest
docker.io/library/tomcat:latest
[root@www.cndba.cn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mariadb latest 37f5f0a258bf 8 days ago 356MB
tomcat latest a7fa4ac97be4 11 days ago 528MB
mysql 5.7 84164b03fa2e 3 weeks ago 456MB
mysql 8.0 9b51d9275906 3 weeks ago 547MB
mysql latest 9b51d9275906 3 weeks ago 547MB
[root@www.cndba.cn ~]#
上传镜像到私有仓库:
[root@www.cndba.cn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mariadb latest 37f5f0a258bf 8 days ago 356MB
tomcat latest a7fa4ac97be4 11 days ago 528MB
mysql 5.7 84164b03fa2e 3 weeks ago 456MB
mysql 8.0 9b51d9275906 3 weeks ago 547MB
mysql latest 9b51d9275906 3 weeks ago 547MB
[root@www.cndba.cn ~]# docker push 192.168.74.203:5000/tomcat:latest
The push refers to repository [192.168.74.203:5000/tomcat]
An image does not exist locally with the tag: 192.168.74.203:5000/tomcat
直接上传会报错,修改镜像的标签:
[root@www.cndba.cn ~]# docker tag a7fa4ac97be4 192.168.74.203:5000/tomcat
[root@www.cndba.cn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mariadb latest 37f5f0a258bf 8 days ago 356MB
192.168.74.203:5000/tomcat latest a7fa4ac97be4 11 days ago 528MB
tomcat latest a7fa4ac97be4 11 days ago 528MB
mysql 5.7 84164b03fa2e 3 weeks ago 456MB
mysql 8.0 9b51d9275906 3 weeks ago 547MB
mysql latest 9b51d9275906 3 weeks ago 547MB
重新push:
[root@www.cndba.cn ~]# docker push 192.168.74.203:5000/tomcat:latest
The push refers to repository [192.168.74.203:5000/tomcat]
690fbbe97481: Pushed
d27e164cc159: Pushed
3c1fd77de487: Pushed
ac3e2c206c49: Pushed
3663b7fed4c9: Pushed
832f129ebea4: Pushed
6670e930ed33: Pushed
c7f27a4eb870: Pushed
e70dfb4c3a48: Pushed
1c76bd0dc325: Pushed
latest: digest: sha256:8b7f73feaa30789f48c69440d000af5ba0211055bcd896601644c0149b924692 size: 2421
此时通过curl 就可以获取到私有仓库端的镜像:
[root@www.cndba.cn ~]# curl -X GET http://192.168.74.203:5000/v2/_catalog
{"repositories":["tomcat"]}
[root@www.cndba.cn ~]#
此时可以查到本地目录:
[root@www.cndba.cn tomcat]# pwd
/opt/docker/registry/v2/repositories/tomcat
[root@www.cndba.cn tomcat]# ll
total 0
drwxr-xr-x 3 root root 20 Mar 29 10:25 _layers
drwxr-xr-x 4 root root 35 Mar 29 10:26 _manifests
drwxr-xr-x 2 root root 6 Mar 29 10:26 _uploads
[root@www.cndba.cn tomcat]#
4 使用私有仓库镜像
在普通docker 机器上先删除tomcat 镜像:
[root@www.cndba.cn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mariadb latest 37f5f0a258bf 8 days ago 356MB
192.168.74.203:5000/tomcat latest a7fa4ac97be4 11 days ago 528MB
tomcat latest a7fa4ac97be4 11 days ago 528MB
mysql 5.7 84164b03fa2e 3 weeks ago 456MB
mysql 8.0 9b51d9275906 3 weeks ago 547MB
mysql latest 9b51d9275906 3 weeks ago 547MB
[root@www.cndba.cn ~]# docker rmi 192.168.74.203:5000/tomcat
Untagged: 192.168.74.203:5000/tomcat:latest
Untagged: 192.168.74.203:5000/tomcat@sha256:8b7f73feaa30789f48c69440d000af5ba0211055bcd896601644c0149b924692
[root@www.cndba.cn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mariadb latest 37f5f0a258bf 8 days ago 356MB
tomcat latest a7fa4ac97be4 11 days ago 528MB
mysql 5.7 84164b03fa2e 3 weeks ago 456MB
mysql 8.0 9b51d9275906 3 weeks ago 547MB
mysql latest 9b51d9275906 3 weeks ago 547MB
[root@www.cndba.cn ~]#
[root@www.cndba.cn ~]#
从私有仓库下载镜像:
[root@www.cndba.cn ~]# docker pull 192.168.74.203:5000/tomcat
Using default tag: latest
latest: Pulling from tomcat
Digest: sha256:8b7f73feaa30789f48c69440d000af5ba0211055bcd896601644c0149b924692
Status: Downloaded newer image for 192.168.74.203:5000/tomcat:latest
192.168.74.203:5000/tomcat:latest
[root@www.cndba.cn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mariadb latest 37f5f0a258bf 8 days ago 356MB
192.168.74.203:5000/tomcat latest a7fa4ac97be4 11 days ago 528MB
tomcat latest a7fa4ac97be4 11 days ago 528MB
mysql 5.7 84164b03fa2e 3 weeks ago 456MB
mysql 8.0 9b51d9275906 3 weeks ago 547MB
mysql latest 9b51d9275906 3 weeks ago 547MB
初始化并启动容器:
[root@www.cndba.cn ~]# docker run --name tomcat -p 8080:8080 -idt 192.168.74.203:5000/tomcat
4e327b82cd18cb661fd2f1d4f684b113d6fcb031c283ac7b3086d35ab3c1f290
[root@www.cndba.cn ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4e327b82cd18 192.168.74.203:5000/tomcat "catalina.sh run" 5 seconds ago Up 3 seconds 0.0.0.0:8080->8080/tcp tomcat
34ad82852c64 mysql:latest "docker-entrypoint.s…" 11 hours ago Exited (0) 10 minutes ago mysqlserver
[root@www.cndba.cn ~]#
5 tomcat 404 的处理
启动容器后通过web访问出现404 错误:
这里我们登陆进tomcat 的docker:发现默认的webapps下面为空,我们将webapps.dist的内容复制到webapps后,访问正常:
[root@www.cndba.cn ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4e327b82cd18 192.168.74.203:5000/tomcat "catalina.sh run" 8 minutes ago Up 8 minutes 0.0.0.0:8080->8080/tcp tomcat
34ad82852c64 mysql:latest "docker-entrypoint.s…" 11 hours ago Exited (0) 18 minutes ago mysqlserver
[root@www.cndba.cn ~]# docker exec -ti 4e327b82cd18 bash
root@4e327b82cd18:/usr/local/tomcat# ls
BUILDING.txt LICENSE README.md RUNNING.txt conf lib native-jni-lib webapps work
CONTRIBUTING.md NOTICE RELEASE-NOTES bin include logs temp webapps.dist
root@4e327b82cd18:/usr/local/tomcat# cd webapps
root@4e327b82cd18:/usr/local/tomcat/webapps# ls
root@4e327b82cd18:/usr/local/tomcat/webapps# cd ..
root@4e327b82cd18:/usr/local/tomcat# ls
BUILDING.txt LICENSE README.md RUNNING.txt conf lib native-jni-lib webapps work
CONTRIBUTING.md NOTICE RELEASE-NOTES bin include logs temp webapps.dist
root@4e327b82cd18:/usr/local/tomcat# cd webapps.dist/
root@4e327b82cd18:/usr/local/tomcat/webapps.dist# ls
ROOT docs examples host-manager manager
root@4e327b82cd18:/usr/local/tomcat/webapps.dist# cd ..
root@4e327b82cd18:/usr/local/tomcat# mv webapps.dist/* webapps/
root@4e327b82cd18:/usr/local/tomcat# ls webapps
ROOT docs examples host-manager manager
root@4e327b82cd18:/usr/local/tomcat#
刷新页面正常:
6 关于私有仓库的安全问题说明
上面我们通过docker-registry 搭建了一个私有的仓库,但是这种仓库的安全性较低,知道仓库URL的都可以上传和下载镜像。 如果要提升安全箱,可以通过Nginx 配置一个带认证功能的私有仓库,这里不再说明。
版权声明:本文为博主原创文章,未经博主允许不得转载。
