docker搭建本地私有仓库,将常用镜像丢到私有仓库,可以加速下载,万一docker hub被墙,还能为docker提供服务。
1、下载 registry 镜像
docker pull registry
2、编写 registry的配置文件说明如下:
docker搭建本地私有仓库,将常用镜像丢到私有仓库,可以加速下载,万一docker hub被墙,还能为docker提供服务。
1、下载 registry 镜像
docker pull registry
2、编写 registry的配置文件说明如下:
官方文档上说,支持多种口味的配置文件,所谓多种口味是指启动的时候通过设置 不同的环境变量:
SETTINGS_FLAVOR = xxxx 来确定,使用配置文件的哪个?
<<: *common 表示从哪种口味继承
我们现在搭建一个基于本地文件存储的 docker hub。
All other flavors inherit the `common’ config snippet
common: &common
issue: ‘“docker-registry server”‘
# Default log level is info
loglevel: _env:LOGLEVEL:info
# Enable debugging (additional informations in the output of the _ping endpoint)
debug: _env:DEBUG:false
# By default, the registry acts standalone (eg: doesn't query the index)
standalone: _env:STANDALONE:true
# The default endpoint to use (if NOT standalone) is index.docker.io
index_endpoint: _env:INDEX_ENDPOINT:https://index.docker.io
# Storage redirect is disabled
storage_redirect: _env:STORAGE_REDIRECT
# Token auth is enabled (if NOT standalone)
disable_token_auth: _env:DISABLE_TOKEN_AUTH
# No priv key
privileged_key: _env:PRIVILEGED_KEY
# No search backend
search_backend: _env:SEARCH_BACKEND
# SQLite search backend
sqlalchemy_index_database: _env:SQLALCHEMY_INDEX_DATABASE:sqlite:////data/docker_hub/docker-registry.db
# Mirroring is not enabled
mirroring:
source: _env:MIRROR_SOURCE # https://registry-1.docker.io
source_index: _env:MIRROR_SOURCE_INDEX # https://index.docker.io
tags_cache_ttl: _env:MIRROR_TAGS_CACHE_TTL:172800 # seconds
cache:
host: _env:CACHE_REDIS_HOST
port: _env:CACHE_REDIS_PORT
db: _env:CACHE_REDIS_DB:0
password: _env:CACHE_REDIS_PASSWORD
# Enabling LRU cache for small files
# This speeds up read/write on small files
# when using a remote storage backend (like S3).
cache_lru:
host: _env:CACHE_LRU_REDIS_HOST
port: _env:CACHE_LRU_REDIS_PORT
db: _env:CACHE_LRU_REDIS_DB:0
password: _env:CACHE_LRU_REDIS_PASSWORD
# Enabling these options makes the Registry send an email on each code Exception
email_exceptions:
smtp_host: _env:SMTP_HOST
smtp_port: _env:SMTP_PORT:25
smtp_login: _env:SMTP_LOGIN
smtp_password: _env:SMTP_PASSWORD
smtp_secure: _env:SMTP_SECURE:false
from_addr: _env:SMTP_FROM_ADDR:[email protected]
to_addr: _env:SMTP_TO_ADDR:[email protected]
# Enable bugsnag (set the API key)
bugsnag: _env:BUGSNAG
# CORS support is not enabled by default
cors:
origins: _env:CORS_ORIGINS
methods: _env:CORS_METHODS
headers: _env:CORS_HEADERS:[Content-Type]
expose_headers: _env:CORS_EXPOSE_HEADERS
supports_credentials: _env:CORS_SUPPORTS_CREDENTIALS
max_age: _env:CORS_MAX_AGE
send_wildcard: _env:CORS_SEND_WILDCARD
always_send: _env:CORS_ALWAYS_SEND
automatic_options: _env:CORS_AUTOMATIC_OPTIONS
vary_header: _env:CORS_VARY_HEADER
resources: _env:CORS_RESOURCES
local: &local
<<: *common
storage: local
storage_path: _env:STORAGE_PATH:/data/docker_hub
s3: &s3
<<: *common
storage: s3
s3_region: _env:AWS_REGION
s3_bucket: _env:AWS_BUCKET
boto_bucket: _env:AWS_BUCKET
storage_path: _env:STORAGE_PATH:/registry
s3_encrypt: _env:AWS_ENCRYPT:true
s3_secure: _env:AWS_SECURE:true
s3_access_key: _env:AWS_KEY
s3_secret_key: _env:AWS_SECRET
s3_use_sigv4: _env:AWS_USE_SIGV4
boto_host: _env:AWS_HOST
boto_port: _env:AWS_PORT
boto_calling_format: _env:AWS_CALLING_FORMAT
cloudfronts3: &cloudfronts3
<<: *s3
cloudfront:
base: _env:CF_BASE_URL
keyid: _env:CF_KEYID
keysecret: _env:CF_KEYSECRET
azureblob: &azureblob
<<: *common
storage: azureblob
azure_storage_account_name: _env:AZURE_STORAGE_ACCOUNT_NAME
azure_storage_account_key: _env:AZURE_STORAGE_ACCOUNT_KEY
azure_storage_container: _env:AZURE_STORAGE_CONTAINER:registry
azure_use_https: _env:AZURE_USE_HTTPS:true
Ceph Object Gateway Configuration
See http://ceph.com/docs/master/radosgw/ for details on installing this service.
ceph-s3: &ceph-s3
<<: *common
storage: s3
s3_region: ~
s3_bucket: _env:AWS_BUCKET
s3_encrypt: _env:AWS_ENCRYPT:false
s3_secure: _env:AWS_SECURE:false
storage_path: _env:STORAGE_PATH:/registry
s3_access_key: _env:AWS_KEY
s3_secret_key: _env:AWS_SECRET
boto_bucket: _env:AWS_BUCKET
boto_host: _env:AWS_HOST
boto_port: _env:AWS_PORT
boto_debug: _env:AWS_DEBUG:0
boto_calling_format: _env:AWS_CALLING_FORMAT
Google Cloud Storage Configuration
See:
https://developers.google.com/storage/docs/reference/v1/getting-startedv1#keys
for details on access and secret keys.
gcs:
<<: *common
storage: gcs
boto_bucket: _env:GCS_BUCKET
storage_path: _env:STORAGE_PATH:/registry
gs_secure: _env:GCS_SECURE:true
gs_access_key: _env:GCS_KEY
gs_secret_key: _env:GCS_SECRET
# OAuth 2.0 authentication with the storage.
# oauth2 can be set to true or false. If it is set to true, gs_access_key,
# gs_secret_key and gs_secure are not needed.
# Client ID and Client Secret must be set into OAUTH2_CLIENT_ID and
# OAUTH2_CLIENT_SECRET environment variables.
# See: https://developers.google.com/accounts/docs/OAuth2.
oauth2: _env:GCS_OAUTH2:false
This flavor is for storing images in Openstack Swift
swift: &swift
<<: *common
storage: swift
storage_path: _env:STORAGE_PATH:/registry
# keystone authorization
swift_authurl: _env:OS_AUTH_URL
swift_container: _env:OS_CONTAINER
swift_user: _env:OS_USERNAME
swift_password: _env:OS_PASSWORD
swift_tenant_name: _env:OS_TENANT_NAME
swift_region_name: _env:OS_REGION_NAME
This flavor stores the images in Glance (to integrate with openstack)
See also: https://github.com/docker/openstack-docker
glance: &glance
<<: *common
storage: glance
storage_alternate: _env:GLANCE_STORAGE_ALTERNATE:file
storage_path: _env:STORAGE_PATH:/tmp/registry
openstack:
<<: *glance
This flavor stores the images in Glance (to integrate with openstack)
and tags in Swift.
glance-swift: &glance-swift
<<: *swift
storage: glance
storage_alternate: swift
openstack-swift:
<<: *glance-swift
elliptics:
<<: *common
storage: elliptics
elliptics_nodes: _env:ELLIPTICS_NODES
elliptics_wait_timeout: _env:ELLIPTICS_WAIT_TIMEOUT:60
elliptics_check_timeout: _env:ELLIPTICS_CHECK_TIMEOUT:60
elliptics_io_thread_num: _env:ELLIPTICS_IO_THREAD_NUM:2
elliptics_net_thread_num: _env:ELLIPTICS_NET_THREAD_NUM:2
elliptics_nonblocking_io_thread_num: _env:ELLIPTICS_NONBLOCKING_IO_THREAD_NUM:2
elliptics_groups: _env:ELLIPTICS_GROUPS
elliptics_verbosity: _env:ELLIPTICS_VERBOSITY:4
elliptics_logfile: _env:ELLIPTICS_LOGFILE:/dev/stderr
elliptics_addr_family: _env:ELLIPTICS_ADDR_FAMILY:2
This flavor stores the images in Aliyun OSS
See:
https://i.aliyun.com/access_key/
for details on access and secret keys.
oss: &oss
<<: *common
storage: oss
storage_path: _env:STORAGE_PATH:/registry/
oss_host: _env:OSS_HOST
oss_bucket: _env:OSS_BUCKET
oss_accessid: _env:OSS_KEY
oss_accesskey: _env:OSS_SECRET
This is the default configuration when no flavor is specified
dev: &dev
<<: *local
loglevel: _env:LOGLEVEL:debug
debug: _env:DEBUG:true
search_backend: _env:SEARCH_BACKEND:sqlalchemy
This flavor is used by unit tests
test:
<<: *dev
index_endpoint: https://registry-stage.hub.docker.com
standalone: true
storage_path: _env:STORAGE_PATH:./tmp/test
To specify another flavor, set the environment variable SETTINGS_FLAVOR
$ export SETTINGS_FLAVOR=prod
prod:
<<: *s3
storage_path: _env:STORAGE_PATH:/prod
3、启动服务
创建文件夹:
mkdir /data/docker_hub
创建配置文件:
vi docker_registry.yml
然后我们启动registry,由于本地hub,我们就不开启认证了
sudo docker run -d -p 0.0.0.0:5000:5000 -v /usr/local:/registry-conf -v /data/docker_hub:/data/docker_hub -e DOCKER_REGISTRY_CONFIG=/registry-conf/docker_registry.yml -e SETTINGS_FLAVOR=local -e SEARCH_BACKEND=sqlalchemy registry
执行docker ps,发现我们的registry服务已经启动了。
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
04522945dd1e registry:latest “docker-registry” 4 seconds ago Up 2 seconds 0.0.0.0:5000->5000/tcp fervent_euclid
4、尝试上传镜像到私有hub
先执行 docker images 查看已经有的镜像:
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
redis 2.8.19 8c37ff647cf2 4 weeks ago 110.7 MB
使用docker tag 将 8c37ff647cf2 这个镜像标记为 10.14.40.112:5000/tc-redis(格式为 docker tag IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG])。
docker tag 8c37ff647cf2 10.14.40.112:5000/tc-redis
然后我们把镜像推送到私有hub中
docker push 10.14.40.112:5000/tc-redis
如果出现 insecure 错误,修改 vi /etc/rc.d/init.d/docker 文件,加上启动命令如下:
$exec -d $other_args –insecure-registry 10.14.40.112:5000 $DOCKER_STORAGE_OPTIONS &>> $logfile &
5、拉取镜像
我们把本地的 tc-redis 删除,然后尝试从本地私有仓库拉取镜像
docker rmi -f 8c37ff647cf2
然后我们从私有仓库拉取镜像
docker pull 10.14.40.112:5000/tc-redis
然后执行 docker images 查看镜像:
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
10.14.40.112:5000/tc-redis latest 8c37ff647cf2 4 weeks ago 110.7 MB
5、搜索镜像:
curl http://10.14.40.112:5000/v1/search?q=tc
{“num_results”: 1, “query”: “”, “results”: [{“description”: null, “name”: “library/tc-redis”}]}
至此我们一个简单的 docker 私有hub搭建完毕
docker-registry私有仓库项目主页https://github.com/docker/docker-registry