docker在centos7.x系统配置私有库
一、私有库配置
有时候使用Docker Hub这样的公共仓库可能不方便(有时候无法访问),用户可以创建一个本地仓库供私人使用,这里介绍如何配置使用本地仓库。网络上配置docker私有仓库的方法不少,有借助Docker Hub的,也有直接使用别人创建好的私有仓库的,这里简单介绍使用官方提供的工具docker-registry来配置私有库
服务器:centos7.x x86_64 IP:10.0.90.25 docker版本:Docker version 1.12.0, build 8eab29e
1、使用官方提供的工具来配置
docker-registry 是官方提供的工具,可以用于构建私有的镜像仓库。
首先查看原有的镜像 #docker p_w_picpaths REPOSITORY TAG IMAGE ID CREATED SIZE web new dcca36f7ba99 7 days ago 269.2 MB testweb new 890b0964f807 7 days ago 194.6 MB centos centos6 a3c09d36ab4a 3 weeks ago 194.6 MB centos latest 970633036444 3 weeks ago 196.7 MB
2、然后获取官方 registry 镜像
#docker pull registry Using default tag: latest latest: Pulling from library/registry e110a4a17941: Pull complete 2ee5ed28ffa7: Pull complete d1562c23a8aa: Pull complete 06ba8e23299f: Pull complete 802d2a9c64e8: Pull complete Digest: sha256:1b68f0d54837c356e353efb04472bc0c9a60ae1c8178c9ce076b01d2930bcc5d Status: Downloaded newer p_w_picpath for registry:latest 查看是否pull成功 # docker p_w_picpaths REPOSITORY TAG IMAGE ID CREATED SIZE web new dcca36f7ba99 7 days ago 269.2 MB testweb new 890b0964f807 7 days ago 194.6 MB centos centos6 a3c09d36ab4a 3 weeks ago 194.6 MB centos latest 970633036444 3 weeks ago 196.7 MB registry latest c6c14b3960bd 3 weeks ago 33.28 MB #表示已经成功了
3、基于私有仓库镜像运行容器
#docker run -d -p 5000:5000 -v /opt/data/registry:/tmp/registry registry a08a501701eba97c8f56fbc9b63e6f356dec1283b6c07f0f931639b4514b3838 查看运行的容器 #docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0d79735868cd centos "/bin/bash" Less than a second ago Exited (137) Less than a second ago centos7 43b66a52f166 centos:centos6 "/bin/bash" Less than a second ago Exited (137) Less than a second ago server1 a08a501701eb registry "/entrypoint.sh /etc/" 3 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp high_bardeen #已经运行了
PS:这里说明一下,默认情况下,仓库会被创建在容器的/tmp/registry目录下,但是可以通过-v参数来将镜像文件存放在本地的指定路径。
例如上面的例子是将上传的镜像放到/opt/data/registry 目录
#docker run -d -p 5000:5000 -v /opt/data/registry:/tmp/registry registry
访问私有仓库:
#curl 127.0.0.1:5000/v1/search #不知道什么原因,我测试的时候使用curl提示404 404 page not found #curl 127.0.0.1:5000/v1/search #网上有一个例子,提示如下信息; {"num_results": 0, "query": "", "results": []} //私有仓库为空,没有提交新镜像到仓库中
4、创建镜像链接或为基础镜像打个标签
#docker tag registry 127.0.0.1:5000/ssh #这里选择为registry镜像打标签 [root@docker ~]# docker p_w_picpaths REPOSITORY TAG IMAGE ID CREATED SIZE web new dcca36f7ba99 7 days ago 269.2 MB testweb new 890b0964f807 7 days ago 194.6 MB centos centos6 a3c09d36ab4a 3 weeks ago 194.6 MB centos latest 970633036444 3 weeks ago 196.7 MB 127.0.0.1:5000/ssh latest c6c14b3960bd 3 weeks ago 33.28 MB registry latest c6c14b3960bd 3 weeks ago 33.28 MB
5、提交镜像到本地私有仓库中
#docker push 127.0.0.1:5000/ssh The push refers to a repository [127.0.0.1:5000/ssh] 3bb5bc5ad373: Pushed 35039a507f7a: Pushed d00444e19d65: Pushed aa3a31ee27f3: Pushed 4fe15f8d0ae6: Pushed latest: digest: sha256:51d8869caea35f58dd6a2309423ec5382f19c4e649b5d2c0e3898493f42289d6 size: 1363 注意:没报错,应该push成功了!查看私有仓库是否存在对应的镜像,依然提示404 #curl 127.0.0.1:5000/v1/search 404 page not found
二、测试私有库是否可用
说明:centos6.x x86_64 IP:10.0.90.26 docker 版本:Docker version 1.7.1, build 786b29d/1.7.1
1、在另外一台centos6.x系统测试pull功能,如下:
#docker pull 10.0.90.25:5000/ssh Error response from daemon: invalid registry endpoint https://10.0.90.25:5000/v0/: unable to ping registry endpoint https://10.0.90.25:5000/v0/ v2 ping attempt failed with error: Get https://10.0.90.25:5000/v2/: tls: oversized record received with length 20527 v1 ping attempt failed with error: Get https://10.0.90.25:5000/v1/_ping: tls: oversized record received with length 20527. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 10.0.90.25:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/10.0.90.25:5000/ca.crt 报错了,根据提示需要创建证书或者添加--insecure-registry 10.0.90.25:5000作为docker启动参数,先测试更换启动参数,看是否可以解决问题,先kill掉docker进程,再添加参数启动,如下 #/usr/bin/docker -d --insecure-registry 10.0.90.25:5000 & # ps aux | grep docker root 1980 0.1 1.5 583928 16184 pts/0 Sl 17:16 0:02 /usr/bin/docker -d --insecure-registry 10.0.90.25:5000 已经启动了,继续pull私有仓库的镜像到本地 #docker pull 10.0.90.25:5000/ssh INFO[0006] POST /v1.19/p_w_picpaths/create?fromImage=10.0.90.25%3A5000%2Fssh%3Alatest latest: Pulling from 10.0.90.25:5000/ssh 9b7301678506: Pull complete d912f6ed534e: Pull complete 664daba008e5: Pull complete 33e9a84661e7: Pull complete 5366f93a80af: Pull complete 8d1f9ff6843f: Pull complete 79a50c6b6f41: Pull complete 94c689ffd50b: Pull complete ad8da6d14f6d: Pull complete Digest: sha256:a80c28adf17579da93b681893f663bf7625e0012c53c304294f1c328a0d27d9b Status: Downloaded newer p_w_picpath for 10.0.90.25:5000/ssh:latest 查看 #docker p_w_picpaths INFO[2107] GET /v1.19/p_w_picpaths/json REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos centos6 429d551fa7ee Less than a second ago 194.6 MB centos latest b62568c09fa0 Less than a second ago 196.7 MB 10.0.90.25:5000/ssh latest ad8da6d14f6d Less than a second ago 33.28 MB 可以看到pull成功了。
2、测试push一个centos镜像并在centos6.x测试pull
先在centos7.x操作,上传一个centos6镜像到私有库中:
#docker p_w_picpaths REPOSITORY TAG IMAGE ID CREATED SIZE web new dcca36f7ba99 7 days ago 269.2 MB testweb new 890b0964f807 7 days ago 194.6 MB centos centos6 a3c09d36ab4a 3 weeks ago 194.6 MB centos latest 970633036444 3 weeks ago 196.7 MB 127.0.0.1:5000/ssh latest c6c14b3960bd 3 weeks ago 33.28 MB registry latest c6c14b3960bd 3 weeks ago 33.28 MB [root@docker ~]# docker tag centos:centos6 127.0.0.1:5000/centos6 #标记centos6镜像为127.0.0.1:5000/centos6 [root@docker ~]# docker p_w_picpaths REPOSITORY TAG IMAGE ID CREATED SIZE web new dcca36f7ba99 7 days ago 269.2 MB testweb new 890b0964f807 7 days ago 194.6 MB 127.0.0.1:5000/centos6 latest a3c09d36ab4a 3 weeks ago 194.6 MB centos centos6 a3c09d36ab4a 3 weeks ago 194.6 MB centos latest 970633036444 3 weeks ago 196.7 MB 127.0.0.1:5000/ssh latest c6c14b3960bd 3 weeks ago 33.28 MB registry latest c6c14b3960bd 3 weeks ago 33.28 MB 上传到私有库 [root@docker ~]# docker push 127.0.0.1:5000/centos6 #会看到push的进度 The push refers to a repository [127.0.0.1:5000/centos6] 6b5c6954e3d5: Pushing [==========================> ] 102.6 MB/194.6 MB push完成之后,显示如下信息 [root@docker ~]# docker push 127.0.0.1:5000/centos6 The push refers to a repository [127.0.0.1:5000/centos6] 6b5c6954e3d5: Pushed latest: digest: sha256:f7378a219c2a1d189e2e6a9bedc1b05ed3bb60de32ad24a9ad8e8ef8152c52c4 size: 529
然后到centos6.x去pull这个centos6镜像:
#docker pull 10.0.90.25:5000/centos6 #pull进度可以看到 INFO[2640] POST /v1.19/p_w_picpaths/create?fromImage=10.0.90.25%3A5000%2Fcentos6%3Alatest latest: Pulling from 10.0.90.25:5000/centos6 3690474eb5b4: Pull complete c12ea02d7eb2: Extracting [===================================> ] 48.46 MB/68.76 MB 334af8693ca8: Download complete 273a1eca2d3a: Download complete 成功之后,显示如下: #docker pull 10.0.90.25:5000/centos6 INFO[2640] POST /v1.19/p_w_picpaths/create?fromImage=10.0.90.25%3A5000%2Fcentos6%3Alatest latest: Pulling from 10.0.90.25:5000/centos6 3690474eb5b4: Pull complete c12ea02d7eb2: Pull complete 334af8693ca8: Pull complete 273a1eca2d3a: Pull complete Digest: sha256:3e4b73f8e13d8527f06cfd34d6c2cfdd16cce76ee7215a29379ae82015b312c9 Status: Downloaded newer p_w_picpath for 10.0.90.25:5000/centos6:latest 查看新pull的centos6镜像 # docker p_w_picpaths INFO[2650] GET /v1.19/p_w_picpaths/json REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 10.0.90.25:5000/centos6 latest 273a1eca2d3a Less than a second ago 194.6 MB centos centos6 429d551fa7ee Less than a second ago 194.6 MB centos latest b62568c09fa0 Less than a second ago 196.7 MB 10.0.90.25:5000/ssh latest ad8da6d14f6d Less than a second ago 33.28 MB 如上信息,可以看到centos6已经在镜像列表中了! 使用该镜像创建一个容器,进行测试 #docker run -d -it --privileged=false -p 80:80 --name webserver 10.0.90.25:5000/centos6 /bin/bash INFO[2804] POST /v1.19/containers/create?name=webserver 63e4642a253a592bcf0eb3a9dd12a6363eb7c018b00eced66b9d20c1f4ca0898 INFO[2804] POST /v1.19/containers/63e4642a253a592bcf0eb3a9dd12a6363eb7c018b00eced66b9d20c1f4ca0898/start [root@test ~]# docker ps -a INFO[2810] GET /v1.19/containers/json?all=1 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 63e4642a253a 10.0.90.25:5000/centos6 "/bin/bash" 6 seconds ago Up 5 seconds 0.0.0.0:80->80/tcp webserver 进入该容器 # docker attach 63e4642a253a INFO[2838] GET /v1.19/containers/63e4642a253a/json INFO[2838] POST /v1.19/containers/63e4642a253a/resize?h=68&w=207 INFO[2838] POST /v1.19/containers/63e4642a253a/attach?stderr=1&stdin=1&stdout=1&stream=1 [root@63e4642a253a /]# 安装httpd并启动 [root@63e4642a253a /]# yum install httpd -y [root@63e4642a253a ~]# service httpd start Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.1 for ServerName [ OK ] [root@63e4642a253a ~]# netstat -tunlp #端口已经启动 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 :::80 :::* LISTEN 119/httpd
三、关于tls证书在centos6.x和centos7.x报错的一些解决方法
PS:配置docker私有仓库,在pull私有仓库时会遇到tls相关的问题,报错信息类似:
Error response from daemon: invalid registry endpoint https://10.0.90.25:5000/v0/: unable to ping registry endpoint https://10.0.90.25:5000/v0/ v2 ping attempt failed with error: Get https://10.0.90.25:5000/v2/: tls: oversized record received with length 20527 v1 ping attempt failed with error: Get https://10.0.90.25:5000/v1/_ping: tls: oversized record received with length 20527. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 10.0.90.25:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/10.0.90.25:5000/ca.crt
根据提示信息可以大致了解到是和证书有关系,解决方式也给到了,要么添加额外参数直接信任,要么直接通过其他反方(比如openssl)生成证书,这里介绍添加参数来解决这个报错。
1、在centos6.x系统
第一种方式:
在centos6.x系统上安装的docker-io是会在/etc/init.d/下生成启动脚本文件docker的,修改这个文件,如下:
#vi /etc/init.d/docker #找到如下行; prog="docker" exec="/usr/bin/$prog" 将其修改为如下 prog="docker" exec="/usr/bin/$prog --insecure-registry 10.0.90.25:5000" #相当于在-d参数后面添加--insecure-registry参数 保存退出,重新启动docker,如下: # service docker restart Stopping docker: [ OK ] /etc/init.d/docker: line 43: [: too many arguments #会提示这个,忽略 Starting docker: [ OK ] [root@test ~]# ps aux | grep docker root 3240 2.2 1.1 222248 12184 pts/0 Sl 22:19 0:00 /usr/bin/docker --insecure-registry 10.0.90.25:5000 -d root 3295 0.0 0.0 103244 860 pts/0 R+ 22:19 0:00 grep docker 然后再使用pull的时候,就不会报错了!
第二种方式:
在centos6.x系统上安装的docker,会在/etc/sysconfig/目录下生成docker文件,在其中修改other_args参数就可以(原本是空的other_args=),如下:
#vi /etc/sysconfig/docker #将other_args修改为这样: other_args="--insecure-registry 10.0.90.25:5000" 然后重启docker #service docker restart Stopping docker: [ OK ] Starting docker: [ OK ] 查看进程 # ps aux | grep docker root 3588 0.5 2.0 387316 20532 pts/0 Sl 22:29 0:02 /usr/bin/docker -d --insecure-registry 10.0.90.25:5000 root 3932 0.0 0.0 103244 864 pts/0 S+ 22:36 0:00 grep docker
PS:自己创建的私有库,如果只供自己使用的话,使用这2种方式是可行的,如果是要让公网的其他人也使用,就需要tls(配置证书)认证了!
2、在centos7.x系统
如果没有配置证书信任,执行pull私有库的时候,也会出现和centos6.x系统上一样的错误。虽然不像centos6.x系统可以修改/etc/sysconfig/docker来添加docker启动参数,但是也是有文件可以修改的
#cat /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network.target[Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process[Install] WantedBy=multi-user.target 修改文件中的ExecStart=/usr/bin/dockerd,修改为: ExecStart=/usr/bin/dockerd --insecure-registry x.x.x.x:5000 然后重启docker,查看进程 # ps aux | grep docker root 15431 6.8 0.6 514268 25448 ? Ssl 16:42 0:00 /usr/bin/dockerd --insecure-registry x.x.x.x:5000 #这里的x.x.x.x是私有库的ip地址 root 15438 0.8 0.1 144220 5916 ? Ssl 16:42 0:00 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --runtime docker-runc root 15543 0.0 0.0 112652 976 pts/0 S+ 16:42 0:00 grep --color=auto docker
这样再次在centos7.x上pull私有库的时候,就不会报tls(证书)相关的错误了。
参考链接:http://467754239.blog.51cto.com/4878013/1638770
初学docker,不足之处,请多多指出!
转载于:https://blog.51cto.com/linuxg/1842588
docker在centos7.x系统配置私有库相关推荐
- 【Docker】将本地镜像推送到远程库/私有库
前言 这里记录如何将本地镜像推送到远程库和私有库. 区别,一个是存放到阿里云,同一个团队可以登录到同一个阿里云仓库,去拉取镜像.一个是存放到本地私有库,同一个团队可以连接同一个私有库,去拉取镜像.例如 ...
- Docker本地镜像推送到私有库
Docker Registry是官方提供的工具,可以用于构建私有镜像仓库 1. 下载镜像Docker Registry docker pull registy 2. 运行私有库Registry,相当于 ...
- 虚拟化技术—docker容器—私有库篇
通常我们使用镜像都需要去官方pull下来,而平时公司使用都是自己定制的容器,那么我们就需要搭建自己的私有库. 建私有库: docker pull registry docker run -d -p 5 ...
- centons7安装docker私有库harbor
1.安装docker-compose 1.1.下载需要的版本(1.28.6) curl -L "https://github.com/docker/compose/releases/down ...
- WMware Harbor 开源 Docker 私有库搭建
WMware Harbor 开源 Docker 私有库搭建 Harbor简介 Harbor 的主要功能 基于角色的访问控制 基于镜像的复制策略 图形化用户界面 支持 AD/LDAP 镜像删除和垃圾回收 ...
- Docker镜像发布到阿里云和私有库
目录 一.Docker镜像 (一)概述 (二)Docker镜像加载原理 (三)镜像分层结构优势 (四)重点理解 (五)docker commit操作实例 (六)总结 二.本地镜像发布到阿里云 三.本地 ...
- Docker镜像推送阿里云和私有库
原文地址:http://www.linzichen.cn/article/1592190934097854464 当公司有新同事入职时,我们常常会让其从git或svn上拉代码下来,并在本地跑通.若公司 ...
- docker 私有库registry+镜像管理平台humpback
参考引用:https://www.cnblogs.com/humin/p/6970212.html:https://www.cnblogs.com/humin/p/6859690.html 1.新建配 ...
- Docker 私有仓库搭建,私有库镜像的推送 、拉取和删除
一.搭建私有库 docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry -v /data/config.yml:/etc/ ...
- 【docker】Docker核心技术快速入门及私有仓库搭建
更多内容请点击 我的博客 查看,欢迎来访. 什么是Docker? 官方文档翻译 Docker 是基于Go语言实现的开源容器项目.利用操作系统本身已有的机制和特性,可以实现远超传统虚拟机的轻量级虚拟化. ...
最新文章
- Shell-流程控制
- 跨境电商自建站后台系统原型rp_外贸业务员和跨境电商运营哪个好,跨境电商可以去哪个网站学...
- elementui 加载中_ElementUI cascader级联动态加载回显和搜索看这个就够了
- Android 查看每个应用的最大可用内存
- MYSQL性能优化(转)
- 使用TF lite 优化 MobileDet 目标检测模型部署
- 通过NSString初始化OC类
- Redis——多数据库
- 排序算法与常见数据结构
- short s=1;s=s+1有问题吗?short s=1;s+=1;有问题吗?
- jquery子元素过滤选择器
- python字符串转成数组_python将字符串转换成数组的方法
- Tomcat下载及配置(IDEA)
- Excel VBA 统分
- 求出字符串中大写字母,小写字母和数字的个数
- 看看别人家的待遇,字节跳动薪酬体系我真的酸了
- php创蓝253四要素认证_PHP短信接口分享:适用于创蓝253平台下的短信验证码、短信服务接口...
- 如何把C盘下用户的中文用户名改成英文用户名
- 中文版Echarts世界地图
- Js_10_2_滚轮事件
热门文章
- Android支付实践(一)之支付宝支付详解与demo
- oracle goldengate 触发器,Oracle goldengate的触发器错误 OGG-00869
- linux 跟踪程序读写,Linux中pthread行为的跟踪和可视化工具
- python安装cvxopt_python如何安装cvxopt
- mysql 主从 日志_mysql主从复制基于日志复制
- linux 定位 踩内存_运维常见问题故障定位,这里总结全了!
- 等待线程3秒返回结果_Excel小白超级讨厌的计算,原来只用3秒就能出结果!
- centos7 docker端口_docker相关知识
- 网络不稳定的原因_原来网络不稳定,也有可能是这个原因造成的!
- python的装饰器、迭代器、yield_python的装饰器,迭代器,生成器(yield)