Shulou(Shulou.com)06/03 Report--

Create a docker privatized warehouse

Sometimes it may not be convenient to use a public repository like Docker Hub (sometimes it cannot be accessed). Users can create a local repository for private use. Here, the official tool docker-registry is used to configure the private repository.

1. Use official tools to configure

Docker-registry is an official tool that can be used to build private image repositories.

Registry ["red" stri] record, register

Benefits of private warehouses:

1. Save bandwidth

2. You can customize the system by yourself.

The docker-registry tool is an image. Just download it and start the docker instance using the registry image.

With docker, all software is no longer released as office.exe or lrzsz.rpm, but as an docker image. You just need to download the docker image and run a docker instance.

With docker, you no longer have to worry about installing linux services!

Experimental environment:

Docker Private Warehouse address: 192.168.1.63

Docker server address: 192.168.1.64. Xuegod64 uses the docker private repository on xuegod63 to pull/push the image.

Experimental topology diagram:

Configure xuegod63 as docker private repository

[root@xuegod63 ~] # systemctl start firewalld # because port mapping will be used later

[root@xuegod63 ~] # systemctl enable firewalld

[root@xuegod63] # iptables-F

2. Close selinux

[root@xuegod63 ~] # vim / etc/sysconfig/selinux

Change to: SELINUX = enforcing

Is: SELINUX=disabled

[root@xuegod63 ~] # reboot

[root@xuegod63 ~] # getenforce

Disabled

Configure xuegod63 as docker private warehouse server

1. Start docker

[root@xuegod63 ~] # systemctl start docker

two。 Pull registry image. The registry image includes software for building local private repositories:

Registry [red records] record, register; pull pull; push push

Upload registry.tar to Linux

Method 1: import the local image:

[root@xuegod63] # docker load-I registry.tar

Method 2: import images online, which is relatively slow

[root@xuegod63 ~] # docker pull registry

Using default tag: latest

Trying to pull repository docker.io/library/registry...

Latest: Pulling from docker.io/library/registry

. . .

Acf34ba23c50: Waiting

Error pulling image configuration: Get https://dseasb33srnrn.cloudfront.net/registry-v2/docker/registry/v2/blobs/sha256/13/136c8b16df203ef26b2f39e24bd3f403b63be67610ec99a5b5af0cceac5c1b51/data?Expires=1491661458&Signature=VpBWJnckUbRqJol8EWTw2ZswQ-xOjrbqDfUstwjJwA55NoaOlESDpUC2AOloQXQRXx~F7-DGwaOY4bjJpdymnVhyv5ylO2ZB1tlkgANsNYhyoKOSyT8IycW94Cee~GaXqdcwkdECsLqWbRW1S297k4jK2GXTtaZqUsBrrmx3oAQ_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q: EOF

Note: this is due to the inability to access foreign websites.

Solution: try a few more times, and finally once, you won't be hit by the wall and can access the successful one.

Extension: when downloading registry images, sometimes you cannot access foreign websites, resulting in download failure

3. View registry image

[root@xuegod63 ~] # docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

Docker.io/registry latest 047218491f8c 3 weeks ago 33.17 MB

Extension: .io domain name

.io is an abbreviation for [british indian ocean territory] British Indian Ocean Territory.

4. Practice: use registry images to build a private repository

Use registry images to build a private repository. The program to build a private library has been installed in the registry image, so I only need to run a docker instance using the registry image.

By default, the directory in which the image information is stored in the Registry program is in the / var/lib/registry directory, so if the container is deleted, the image stored in the container will also be lost. Therefore, we usually specify a directory for the local physical machine, such as / opt/registry, to mount to the container's / var/lib/registry, so there are both!

Note: the default storage path for instances running by registry is / var/lib/registry, which is just a temporary directory and will disappear after a period of time. So use the-v argument to specify a locally persistent path.

The registry service listens to the port number. Default is 5000.

[root@xuegod63] # docker run-d-p 5000 purl 5000-v / opt/registry:/var/lib/registry registry

E4698f625a56661edd2678269215ba42d4fa41c2da881768a741a72b4a3d0c60

[root@xuegod63 ~] # ls / opt/registry # this directory will be created automatically

[root@xuegod63 ~] # docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

E4698f625a56 docker.io/registry "/ entrypoint.sh / etc/" 7 minutes ago Up 6 minutes 0.0.0.0 etc/ 5000-> 5000/tcp suspicious_colden

[root@xuegod63 ~] # netstat-antup | grep 5000

Tcp6 00: 5000: * LISTEN 4032/docker-proxy

Indicates that the private library has been started successfully.

View the list of images in the private repository:

Http://192.168.1.63:5000/v2/_catalog # found that it is still empty.

5. Build docker services on xuegod64 and use private repositories

Turn on the CENTOS7.4-64-64 virtual machine:

1. Install docker online

[root@xuegod64 ~] # yum install docker-y

two。 Modify the docker configuration file to specify that the docker image acceleration node is the address of the private repository

[root@xuegod64 ~] # vim / etc/sysconfig/docker

Modify this line

Change: 4 OPTIONS='--selinux-enabled-log-driver=journald-signature-verification=false'

Is: OPTIONS='--selinux-enabled-- log-driver=journald-- signature-verification=false-- insecure-registry 192.168.1.63 signature-verification=false 5000'

Note: add red marked text. -- unsafe registration for insecure-registry

[root@xuegod64 ~] # systemctl restart docker # start the docker service

Practice 1: test uploading local images to private repositories on xuegod64

1. Pull a test image from Docker HUB, name: busybox

Method 1: import locally

Upload the busybox.tar image to the Linux system as a test image.

[root@xuegod64] # docker load-I busybox.tar

[root@xuegod64 ~] # docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

Docker.io/busybox latest 00f017a8c2a6 2 weeks ago 1.11 MB

Docker.io/registry latest 047218491f8c 3 weeks ago 33.17 MB

Note:

BusyBox Overview: BusyBox is a software that integrates more than a hundred of the most commonly used Linux commands and tools. BusyBox includes BusyBox with simple tools such as ls, cat, and echo, as well as larger and more complex tools such as grep, find, mount, and telnet. Some people call BusyBox the Swiss in the Linux tool. To put it simply, BusyBox is like a big toolbox, which integrates many tools and commands that compress Linux, as well as the shell that comes with the Android system.

Switzerland × × has seen: 1 No: 2

Official website: * × × w.busybox.net

Method 2: install online

[root@xuegod64 opt] # docker pull busybox

Using default tag: latest

Trying to pull repository docker.io/library/busybox...

Latest: Pulling from docker.io/library/busybox

Experimental topology diagram:

2. Create a link to the image or label the basic image (copy an image and give it a name)

Syntax: docker tag image name: label private warehouse address / image name: label

# docker tag docker.io/busybox:latest 192.168.1.63:5000/busybox:latest

Note: do not write the image tag. Default is: latest

[root@xuegod64 ~] # docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

192.168.1.63:5000/busybox latest 00f017a8c2a6 2 weeks ago 1.11 MB

3. Push the newly tagged 192.168.1.63:5000/busybox image to the local private repository.

[root@xuegod64 ~] # docker push 192.168.1.63:5000/busybox

4. Log in to xuegod64 and view the storage directory and files of the image

[root@xuegod63 ~] # rpm-ivh / mnt/Packages/tree-1.6.0-10.el7.x86_64.rpm [root@xuegod63 ~] # tree / opt/registry/docker/registry/v2/

. . .

└── busybox

├── _ layers

│ └── sha256

│ ├── 00f017a8c2a6e1fe2ffd05c281f27d069d2a99323a8cd514dd35f228ba26d2ff

│ │ └── link

│ └── 04176c8b224aa0eb9942af765f66dae866f436e75acef028fe44b8a98e045515

│ └── link

View the list of images in the private repository:

Http://192.168.1.63:5000/v2/_catalog

Practice 2: using mirrors in a private warehouse

Delete the mirror:

Syntax: docker rmi image name: label

[root@xuegod64 ~] # docker rmi 192.168.1.63:5000/busybox # Delete an image

[root@xuegod64 ~] # docker pull 192.168.1.63:5000/busybox # download image

[root@xuegod64 ~] # docker images # View imported images

REPOSITORY TAG IMAGE ID CREATED SIZE

192.168.1.63:5000/busybox latest 00f017a8c2a6 2 weeks ago 1.11 MB

Using the newly imported image, run a new docker instance:

[root@xuegod64 ~] # docker run 192.168.1.63:5000/busybox:latest echo "hello"

Hello

It runs successfully.

Summary

Steps to build a private warehouse:

1. Import the registry image into docker

2. Run a docker instance based on registry image. Registry listens to port 5000 by default.

To import an image to a private repository:

1. Install the docker service

2. Modify the image source of docker service to the address of private warehouse:-- insecure-registry 192.168.1.63

3. Label the image to be imported, such as: 192.168.1.63:5000/busybox:latest

4. Upload the tagged image to the private repository: docker push 192.168.1.63:5000/busybox:latest

Use of private warehouses:

1. Modify the image source of docker service to the address of private warehouse:-- insecure-registry 192.168.1.63

2. Download the image you just uploaded: docker pull 192.168.1.63:5000/busybox:latest

10.3 use Ali Cloud's private repository to store your own docker images

10.3.1 using A Yun's docker private warehouse

1. Log in to Aliyun Kai Kai platform

Https://dev.aliyun.com/search.html, click "create Namespace" on this page

Create an image repository:

Then, select the

Click Management to view how to use it:

Log in to Aliyun docker registry:

$sudo docker login-username=446423587@qq.com registry.cn-hangzhou.aliyuncs.com

The user name of logging in to registry is the full name of your Aliyun account, and the password is the password you set when you activate the service.

My password is 446423587A

You can change the docker login password by clicking the button in the upper right corner of the image management home page.

Https://cr.console.aliyun.com/?spm=5176.1971733.2.28.4884464bqVSUpv#/imageList

Log in to xuegod64 to push the local image to Aliyun registry:

1. Create a link to the image or label the basic image

[root@xuegod64 ~] # docker login-- username=446423587@qq.com registry.cn-hangzhou.aliyuncs.com # log in to Aliyun registry first

Password: 446423587A

Login Succeeded

View the local image name or ID

[root@xuegod64 ~] # docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

. . .

192.168.1.63:5000/busybox latest 00f017a8c2a6 12 months ago 1.11 MB

[root@xuegod64 ~] # docker tag 00f017a8c2a6 registry.cn-hangzhou.aliyuncs.com/xuegod-k8s/busybox:v2

[root@xuegod64 ~] # docker push registry.cn-hangzhou.aliyuncs.com/xuegod-k8s/busybox:v2

View on Aliyun:

Download an image:

[root@xuegod64 ~] # docker pull registry.cn-hangzhou.aliyuncs.com/xuegod-k8s/busybox:v2

Summary:

10.1 create docker static IP

10.2 create a docker privatized warehouse

10.3 use Ali Cloud's private repository to store your own docker images

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.