docker 仓库管理

23312

docker 仓库管理
1. 下载私有仓库镜像

# docker pull registry

下载registry镜像，registy为docker官方提供的一个镜像，我们可以用它来创建本地的docker私有仓库。

2. 依托registry镜像来创建容器

# docker run -d -p 5000:5000 registry

-d 放到后台运行
-p 做一个端口映射，宿主机端口:容器端口 访问宿主机5000端口，就相当于访问该容器
当 docker ps的时候，会在 PORTS 列显示 0.0.0.0:5000->5000/tcp
用 curl 127.0.0.1:5000 测试 会显示"\"docker-registry server\""

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

[iyunv@localhost ~]# docker run -d -p 5000:5000 registry d39b5bcf9e88cf6dd4827435c5abee87ed1db788fc1d4b51843212d8173c3b2b You have new mail in /var/spool/mail/root [iyunv@localhost ~]# docker start d39b5bcf d39b5bcf [iyunv@localhost ~]# docker ps CONTAINER ID IMAGE  COMMAND  CREATED   STATUS  PORTS         NAMES d39b5bcf9e88 registry "docker-registry"   About a minute ago   Up About a minute   0.0.0.0:5000->5000/tcp   stupefied_hodgkin [iyunv@localhost ~]# docker exec -it d39b5bcf9e88 /bin/bash root@d39b5bcf9e88:/# netstat -lnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address  Foreign Address         State       PID/Program name tcp        0      0 0.0.0.0:5000   0.0.0.0:*               LISTEN      1/python Active UNIX domain sockets (only servers) Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path root@d39b5bcf9e88:/# exit exit [iyunv@localhost ~]# telnet 127.0.0.1 5000 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Connection closed by foreign host. [iyunv@localhost ~]# curl 127.0.0.1:5000 "\"docker-registry server\""

3. 上传一个镜像到私有仓库

首先要给这个镜像做tag
必须带有私有仓库的 ip:port，带有宿主机的IP， 要不然会上传到共有仓库里面去
# docker tag 镜像名 私有库ip:port/镜像名
例:docker tag busybox 112.65.140.132:5000/busybox
其次更改https为http
在 /etc/init.d/docker 中加入 --insecure-registry 本机ip地址:5000

1	$exec -d $other_args &>> $logfile &

修改为:

1	$exec -d --insecure-registry 112.65.140.132:5000 $other_args &>> $logfile &

重启 docker 并启动 registry 容器
上传 # docker push 私有库ip:port/镜像名

例：docker push 112.65.140.132:5000/busybox

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

[iyunv@localhost ~]# docker pull busybox   //下载一个只有1.1M的busybox做实验 latest: Pulling from busybox 56ed16bd6310: Pull complete bc744c4ab376: Pull complete Digest: sha256:4a887a2326ec9e0fa90cce7b4764b0e627b5d6afcb81a3f73c85dc29cea00048 Status: Downloaded newer image for busybox:latest [iyunv@localhost ~]# docker images REPOSITORY    TAG     IMAGE ID    CREATED    VIRTUAL SIZE busybox      latest   bc744c4ab376  0 hours ago 1.113 MB [iyunv@localhost ~]# docker tag busybox 112.65.140.132:5000/busybox [iyunv@localhost ~]# docker images REPOSITORY   TAG    IMAGE ID      CREATED   VIRTUAL SIZE busybox     latest  bc744c4ab376     30 hours ago 1.113 MB 112.65.140.132:5000/busybox latest bc744c4ab376  30 hours ago 1.113 MB [iyunv@localhost ~]# docker push 112.65.140.132:5000/busybox //push镜像保存到私有仓库 Error response from daemon: invalid registry endpoint https://112.65.140.132:5000/v0/: unable to ping registry endpoint https://112.65.140.132:5000/v0/ v2 ping attempt failed with error: Get https://112.65.140.132:5000/v2/: EOF v1 ping attempt failed with error: Get https://112.65.140.132:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 112.65.140.132:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/112.65.140.132:5000/ca.crt

这里上传报错，这是因为Docker从1.3.X之后，与docker registry交互默认使用的是https，然而此处搭建的私有仓库只提供http服务，所以当与私有仓库交互时就会报上面的错误。为了解决这个问题需要在启动docker server时增加启动参数为默认使用http访问。解决该问题的方法为：

1	[iyunv@localhost ~]# vi /etc/init.d/docker

1	$exec -d $other_args &>> $logfile &

修改为:

1	$exec -d --insecure-registry 112.65.140.132:5000 $other_args &>> $logfile &

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

[iyunv@localhost ~]# /etc/init.d/docker restart Stopping docker:                                           [  OK  ] Starting docker:                                           [  OK  ] [iyunv@localhost ~]# ps aux | grep docker root 18565 1.4 2.5 222260 12724 pts/0 Sl 09:42 0:00 /usr/bin/docker -d --insecure-registry 112.65.140.132:5000 root 18613 0.0 0.1 103304   868 pts/0    S+   09:42   0:00 grep docker [iyunv@localhost ~]# docker push 112.65.140.132:5000/busybox//报错，因为没有启动registry容器 Error response from daemon: invalid registry endpoint "http://112.65.140.132:500 0/v0/". HTTPS attempt: unable to ping registry endpoint https://112.65.140.132:5 000/v0/ v2 ping attempt failed with error: Get https://112.65.140.132:5000/v2/: dial tcp 112.65.140.132:5000: connection refused v1 ping attempt failed with error: Get https://112.65.140.132:5000/v1/_ping: di al tcp 112.65.140.132:5000: connection refused. HTTP attempt: unable to ping reg istry endpoint http://112.65.140.132:5000/v0/ v2 ping attempt failed with error: Get http://112.65.140.132:5000/v2/: dial tcp     112.65.140.132:5000: connection refused v1 ping attempt failed with error: Get http://112.65.140.132:5000/v1/_ping: dia   l tcp 112.65.140.132:5000: connection refused [iyunv@localhost ~]# docker ps CONTAINER ID        IMAGE               COMMAND             CREATED [iyunv@localhost ~]# docker run -d -p 5000:5000 registry //registry镜像启动容器 df9421df3c4202aaa6e35bf4431743dfa70a991b1ec7a3d88e7fdcbaa528a8d8 [iyunv@localhost ~]# docker ps CONTAINER ID   IMAGE    COMMAND      CREATED    STATUS    PORTS   NAMES df9421df3c42   registry "docker-registry" 6 seconds ago Up 4 seconds  0.0.0.0:5000->5000/tcp   loving_turing [iyunv@localhost ~]# docker push 112.65.140.132:5000/busybox //push镜像到私有仓库 The push refers to a repository [112.65.140.132:5000/busybox] (len: 1) Sending image list Pushing repository 112.65.140.132:5000/busybox (1 tags) 56ed16bd6310: Image successfully pushed bc744c4ab376: Image successfully pushed Pushing tag for rev [bc744c4ab376] on {http://112.65.140.132:5000/v1/repositories/busybox/tags/latest}

4. 使用 Docker 的 RESTful API 可以查看仓库服务器中的镜像：

# curl http://ip:port/v1/search
例：curl http://112.65.140.132:5000/v1/search

结果示例:

1 2	[iyunv@localhost ~]# curl http://112.65.140.132:5000/v1/search {"num_results": 1, "query": "", "results": [{"description": "", "name":"library/busybox"}]}

也可以用 docker search 命令，例：

1 2 3

[iyunv@localhost ~]# docker search 112.65.140.132:5000/busybox NAME         DESCRIPTION   STARS     OFFICIAL   AUTOMATED library/busybox            0

5. 拉取私有库的镜像

需要指定私有库的地址端口

例：

1 2 3 4 5

[iyunv@localhost ~]# docker pull 112.65.140.132:5000/busybox Pulling repository 112.65.140.132:5000/busybox bc744c4ab376: Download complete 56ed16bd6310: Download complete Status: Image is up to date for 112.65.140.132:5000/busybox:latest