Shulou(Shulou.com)06/02 Report--

Docker repository actually provides two functions, one is image management, the other is authentication.

The former is mainly realized by docker-registry project and uploads and downloads through http service; the latter can realize http request management through docker-index project or off-the-shelf authentication scheme. Use the official warehouse: simple, but slow

Log in to the dockerhub official website to create users and log in to use the officially provided dockerhub space and add your own userID as the uploaded root directory to achieve images version control.

Https://hub.docker.com/

Http://note.youdao.com/noteshare?id=54dad70770ed572d8ba05e35f05104d2&sub=A354A2FC89EB4F1C81302EF5A186FB8F

After creation, log in using docker login on the dockers server. After login, you can upload and download the warehouse.

Local self-built warehouse: complex, fast and safe

1. Create using an official image

Configuration file

The registry opened by the official image is also a container. If you do not specify the storage location of the image as the disk location of a host, the image may be lost, so you need to mount the local storage with the-v parameter.

Docker run-d-p 5000UR 5000-v / data/docker_images:/tmp registry:0.9.1

# # the red section can specify a storage location of the host.

It is relatively simple and quick to create this way.

1) run on the server where the docker service is installed:

Docker run-d-p 5000UR 5000-v / data/docker_images:/tmp registry:0.9.1

The running results are as follows:

2) docker ps (view the running docker container)

3) since the-- name parameter is not added to the creation of the first step, container creation will generate a random name, and the container will be renamed for management convenience.

Docker rename keen_banach registry

4) View the log of the container

Docker logs registry (container name or ID)

5) check whether the container is running properly through get access

Curl localhost:5000

It is equivalent to the result returned by direct access by the browser (this part of the return value is determined by the reference in the dockerfile when the registry container image is made)

6) View the mount location on the host: (a * .db file has been added)

Ls / data/docker_images

The content is as follows: (it is a SQL statement of sqlite)

7) upload an image in the local test:

# docker images (view local image files)

# docker tag rancher/agent:v1.2.11 10.234.2.182:5000/rancher-agent:v1 (rename one of the images)

One operation, complete failure, unable to upload, error 404

The final diagnosis is due to the fact that the docker v2 version has been supported by default since registry version 1.3, and the v2 version will involve https and authentication, so the upload cannot be completed according to the original path push.

Dir path of v2 version: / var/lib/registry

Dir path of v1 version: / tmp/registry

Solution method

Either docker is downgraded, or registry is upgraded to v2 and reconfigured. It is more reasonable for v2 to intersect with v1, but the configuration is also more cumbersome.

8) the final solution is replaced by registry v2 version

Docker run-d-p 5000R 5000-- name registry registry:latest

9) upload image

Docker push 132.232.204.252:5000/rancher-agent

Both client and server upload will report an error or error message:

The push refers to repository [132.232.204.252:5000/rancher-agent]

Get https://132.232.204.252:5000/v2/: http: server gave HTTP response to HTTPS client

Roughly means that the client uses the request server of https to return the return of http

Since Docker has interacted with docker registry since 1.3.x, https is used by default, but the private repository built here only provides http services, so a https error is reported when interacting with the private repository. To solve this problem, you need to add the startup parameter to use http access by default when starting docker server.

There are two ways to solve the problem:

I. Local configuration trust

Modify the start startup entry in the docker.service file

The path is generally / usr/lib/systemd/system/

Vim / usr/lib/systemd/system/docker.service

ExexStart=/usr/bin/dockerd-H unix:// adds trusted server addresses after changing careers.

-- insecure-registry 127.0.0.1 insecure-registry 5000-- insecure-registry 132.232.204.252

Deamon needs to be reloaded after modification

Restart the docker service

# systemctl daemon-reload

# systemctl restart docker.service

Check the registration registries that added trust before and after docker info modification.

If you upload again, you can succeed.

Check that mirrors have also been added to the repository web.

Second, configure the nginx proxy on the server side and add the certificate

=

Docker-registry version development

1. March 13, 2013

Docker has its first release on github [3]

2. July 3, 2013

Docker released docker registry v1 [4] on Githubs.

3. January 30, 2015

Docker registry v2 (project named docker distribution) has the first release and stops updating docker registry v1 [5]

4. April 16, 2015

Docker releases docker1.6 and officially promotes docker registry v2

When using docker registry v2, it should be noted that only docker1.6 and above support registry v2, but docker is forward compatible. We can see from the source code that docker engine will first determine whether the remote repository is v1 or v2 when downloading the image, thus using a different download strategy, which is too important.

Pit points:

1. There are two parts in the development of docker. One is that the version naming method used by docker before March 2017 is docker1.xx, and the last version of this method is the docker1.13.1 version. In March 2017, it was changed to the annual naming method. The combination of the first version of docker17.03,docker and redistry has undergone some changes in the docker1.3 version because of the emergence of the registry v2 version.

2. Registry recommends using v2 version directly. 0.9.1 is the last v1 version. Although docker has forward compatibility, registry v1 and v2 projects are two completely different projects and do not have compatibility.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.