2. 软件开发
    3. 如何搭建docker本地仓库

    如何搭建docker本地仓库

    xiaoxiao2024-11-07  62

    作者:【吴业亮】

    博客:https://wuyeliang.blog.csdn.net/

    一、创建本地仓库

    1、创建仓库

    # docker run -d -p 5000:5000 -v /var/lib/registry:/var/lib/registry --restart=always --name registry registry:2 Trying to pull repository docker.io/library/registry ... 2: Pulling from docker.io/library/registry 81033e7c1d6a: Pull complete Status: Downloaded newer image for docker.io/registry:2 5188ec6904756070138edfc49d4c0f231841bfbdd620556a85eb44b201b37b31

    2、查看容器

    # docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5188ec690475 registry:2 "/entrypoint.sh /e..." 16 sec ago Up 14 seconds 0.0.0.0:5000->5000/tcp registry

    3、信任本地仓库,在 /etc/docker/daemon.json中新增insecure-registries行

    { "registry-mirrors": ["https://***.mirror.aliyuncs.com"], "insecure-registries" : ["10.130.70.34:5000"], "dns" : [ "114.114.114.114","8.8.8.8" ] }

    4、重启dokcer服务

    service docker restart

    5、从外网下载percona镜像

    [root@dokcer ~]# docker pull percona Using default tag: latest latest: Pulling from library/percona 8ba884070f61: Already exists c6f6865b89f9: Pull complete 422d044cecee: Pull complete 8389af72ea04: Pull complete 91f3664696cb: Pull complete 31ae0525f3a4: Pull complete df3f3d8a2a27: Pull complete Digest: sha256:744769bb87ea11ceeb9efe7cb04cc49a86db88a6b6449c19f743161be5f6f51a Status: Downloaded newer image for percona:latest

    6、查看镜像

    [root@dokcer ~]# docker images | grep percona percona latest 69377a52e49a 2 months ago 583MB

    7、打上tag

    [root@dokcer ~]# docker tag percona 192.168.8.100:5000/percona

    8、查看镜像

    [root@dokcer ~]# docker images | grep percona 192.168.8.100:5000/percona latest 69377a52e49a 2 months ago 583MB percona latest 69377a52e49a 2 months ago 583MB

    9、上传到本地仓库

    [root@dokcer ~]# docker push 10.130.70.34:5000/percona The push refers to repository [10.130.70.34:5000/percona] aa15337bef7a: Pushed 9e6b0d4d6830: Pushed 6ba257b8d07b: Pushed 718bd1772058: Pushed 1ac4a9b4d611: Pushed 9b8d5bae7d82: Pushed d69483a6face: Mounted from centos latest: digest: sha256:50c3e70053e51bc1983dc292dcb3f2dd71771f20e64adc07045bcede560a5217 size: 1784

    二、本地仓库ssl加密

    1、制作ssl证书

    # cd /etc/pki/tls/certs # make server.key umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > server.key Generating RSA private key, 2048 bit long modulus ... ... e is 65537 (0x10001) Enter pass phrase:# 输入密码 Verifying - Enter pass phrase:#确认 # 从private key 中删除密码 # openssl rsa -in server.key -out server.key Enter pass phrase for server.key:# input passphrase writing RSA key # make server.csr umask 77 ; \ /usr/bin/openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN# 国家 State or Province Name (full name) []:shanghai # 省 Locality Name (eg, city) [Default City]: shanghai # 市 Organization Name (eg, company) [Default Company Ltd]:openstack # 公司 Organizational Unit Name (eg, section) []:Server World # 部门 Common Name (eg, your name or your server's hostname) []:www.srv.world # 主机名 Email Address []:xxx@srv.world # 邮箱 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:#回车 An optional company name []:# Enter # openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 Signature ok subject=/C=CN/ST=shanghai/L=shanghai/O=openstack/OU=computer/CN=www.openstack.com/emailAddress=example@openstack.com Getting Private key

    2、拷贝证书

    cp -a /etc/pki/tls/certs/server* /etc/docker/certs.d/

    3、启动容器

    # docker run -d -p 5000:5000 --restart=always --name registry \ -v /var/lib/registry:/var/lib/registry \ -v /etc/docker/certs.d:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/server.key \ registry:2 2: Pulling from docker.io/library/registry 81033e7c1d6a: Pull complete 6ff332201ab29c521fa70e54187d7677f9df1803550f8d61bcaff88f8c602e3b

    4、查看容器

    # docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6ff332201ab2 registry:2 "/entrypoint.sh /e..." 21 sec ago 18 seconds 0.0.0.0:5000->5000/tcp registry

    三、设置用户名密码 1、安装加密工具

    # yum -y install httpd-tools

    2、新增用户

    # htpasswd -Bc /etc/docker/.htpasswd admin New password: Re-type new password: Adding password for user admin

    3、启动容器

    # docker run -d -p 5000:5000 --restart=always --name registry \ -v /var/lib/registry:/var/lib/registry \ -v /etc/docker/certs.d:/certs \ -v /etc/docker:/auth \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/server.key \ -e REGISTRY_AUTH=htpasswd \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/.htpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \ registry:2

    4、登录本地仓库

    [root@node01 ~]# docker login 192.168.8.100:5000 Username: admin Password: Login Succeeded [root@node01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/nginx latest b175e7467d66 6 days ago 109 MB
    最新回复(0)