目前网上搭建Docker Registry私有仓库的资料确实很多,但是大部门看着一步步走,最终也可能不成功。原因可能是系统,Docker的版本问题所致。
本次我使用的版本为:docker registry 2.2
docker 版本: 1.11.2
系统:Centos7
内核:3.10.0-327.el7.x86_64
带有TLS认证的registry容器
1、添加一个官方源:
sudo tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
2、yum安装docker
yum install docker-engine -y
3、启动Docker,并配置开机启动:
systemctl start docker
systemctl enable docker
4、查看版本,新版本的变化:
[root@bogon ~]# docker -v
Docker version 1.11.2, build b9f10c9
5、pull仓库的镜像:
docker pull registry:2.2
6、pull下来后就可以看到上图的镜像了;把此段写到一个sh,然后执行就可了。
cat t.sh
#!/usr/bin/env bash
#前提条件系统安装了openssl-devel包:
#设置变量名
localdomain=$HOSTNAME
#创建SSL相关目录:
mkdir ~/certs
#生成SSL密钥:
openssl req -nodes -subj "/C=CN/ST=GuangDong/L=DongGuan/CN=$localdomain" -newkey rsa:4096 -keyout ~/certs/$localdo
main.key -out ~/certs/$localdomain.csr
openssl x509 -req -days 3650 -in ~/certs/$localdomain.csr -signkey ~/certs/$localdomain.key -out ~/certs/$localdom
ain.crt
运行容器
docker run -d -p 5000:5000 --restart=always --name registry \
-v ~/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$localdomain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/$localdomain.key \
registry:2.2
添加ca证书到Docker 容器目录下:
mkdir -p /etc/docker/certs.d/$localdomain:5000
cp ~/certs/$localdomain.crt /etc/docker/certs.d/$localdomain:5000/ca.crt
运行:sh t.sh
[root@registry ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
510564b4e92e registry:2.2 "/bin/registry /etc/d" 26 seconds ago Up 26 seconds 0.0.0.0:5000->5000/tcp registry
查看镜像,并打上TAG:
把镜像push到仓库上:
可以看到成功上传到仓库了,中间遇到了一些错误:
docker run -d -v /opt/docker/registry/:/var/lib/registry -p 5000:5000 --restart=always --name=registry registry:2.2
Registry服务默认会将上传的镜像保存在容器的/var/lib/registry,我们将主机的/opt/docker/registry目录挂载到该目录,即可实现将镜像保存到主机的/opt/docker/registry目录了。
如果执行上面创建命令提示:【端口被占用】
docker: Error response from daemon: driver failed programming external connectivity on endpoint registry1 (0ff13e39c37d400fc79f04b72f5668c21d219730c4b728702f760e8ad48b787d): Bind for 0.0.0.0:5000 failed: port is already allocated.
解决方法:修改一个端口,或者把占用端口的容器停止,再创建新容器;
创建容器时提示:已经存在别名为registry的容器了;
docker: Error response from daemon: Conflict. The name "/registry" is already in use by container c56b82e62245df74860c68c54d4d3c4d16578422f7c67664a8cb70ac5f19d726. You have to remove (or rename) that container to be able to reuse that name..
一般为相同名字的容器正在运行或者已经停止。解决方法:删除相同名字的容器,再重新创建;如果容器在测试时可以加上参数:--rm=true
退出时自动删除;
删除容器时提示:很明显是容器正在运行着,需要停止后再删除
[root@docker ~]# docker rm c56b82e62245
Error response from daemon: You cannot remove a running container c56b82e62245df74860c68c54d4d3c4d16578422f7c67664a8cb70ac5f19d726. Stop the container before attempting removal or use -f
docker stop c56b82e62245 && docker rm c56b82e62245
或者加上参数:-f
docker rm -f c56b82e62245
批量删除容器:
docker rm -f $(docker ps -qa)