gitlab 配置Container Registry

关于开启Container Registry,官方文档有做说明,emmm,一言难尽吧,特别简洁,然后自己开启的时候遇到了很多坑,算是记录一下吧。

官方文档:https://docs.gitlab.com/ee/user/packages/container_registry/

1、开启 Container Registry

gitlab官方文档有明确的说明,仅8.8版本及以上才有这个功能。

官方文档上是在界面端配置的,然而,我并没有看到这个配置,下面是我的版本号:

[root@localhost ssl]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
13.2.3

直接修改gitlab配置文件: vim /etc/gitlab/gitlab.rb

//外部访问地址,此处被nginx代理,暴露给外部访问
registry_external_url 'http://xxx.com'
//启用
gitlab_rails['registry_enabled'] = true
//registry 服务ip
gitlab_rails['registry_host'] = "172.29.1.70"
//registry 服务真正端口
gitlab_rails['registry_port'] = "5000"

这里需要注意的是,registry_external_url是外部访问的url,如docker需要pull和push,都是访问该路径。然后,刷新配置,重启:

gitlab-ctl reconfigure
gitlab-ctl restart

这个时候,可以在浏览器访问下registry_external_url:

70921f0bb0c52804ec2575cf0bc777f.png

可以看到,是一个空白页面,别慌,正常现象。

2、Docker访问

私有镜像仓库搭好了,该用docker测试访问一下

[root@localhost mysql]# docker login http://xxx.com -u root -p xxx
Error response from daemon: Get https://xxx.com/v1/users/: http: server gave HTTP response to HTTPS client

访问报错,而且,指令中请求使用的是http协议,docker使用的却是https。在这个地方,搜了一下,有很多人是修改/etc/docker/daemon.json文件,添加以下配置:

"insecure-registries":["ip:port"]

然而,启动的时候报错,可能只有我这里有这个问题:

[root@localhost mysql]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 二 2020-11-17 15:18:43 CST; 7s ago
     Docs: http://docs.docker.com
  Process: 18488 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
 Main PID: 18488 (code=exited, status=1/FAILURE)

11月 17 15:18:43 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
11月 17 15:18:43 localhost.localdomain dockerd-current[18488]: unable to configure the Docker daemon with file /etc/docker/daemon.json: the following direct...0:5050])
11月 17 15:18:43 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
11月 17 15:18:43 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
11月 17 15:18:43 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
11月 17 15:18:43 localhost.localdomain systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

于是修改删除,重新启动,找到启动配置文件:/usr/lib/systemd/system/docker.service,这个文件(在systemctl status指令下能找到服务启动的文件)里面包含docker的配置文件所在的位置:

Description=Docker Application Container Engine
  3 Documentation=http://docs.docker.com
  4 After=network.target
  5 Wants=docker-storage-setup.service
  6 Requires=docker-cleanup.timer
  7 
  8 [Service]
  9 Type=notify
 10 NotifyAccess=main
 //以下引入配置文件及环境变量
 11 EnvironmentFile=-/run/containers/registries.conf
 12 EnvironmentFile=-/etc/sysconfig/docker
 13 EnvironmentFile=-/etc/sysconfig/docker-storage
 14 EnvironmentFile=-/etc/sysconfig/docker-network
 15 Environment=GOTRACEBACK=crash
 16 Environment=DOCKER_HTTP_HOST_COMPAT=1
 17 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
 18 ExecStart=/usr/bin/dockerd-current \
 19           --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
 20           --default-runtime=docker-runc \
 21           --exec-opt native.cgroupdriver=systemd \
 22           --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
 23           --init-path=/usr/libexec/docker/docker-init-current \
 24           --seccomp-profile=/etc/docker/seccomp.json \
 25           $OPTIONS \
 26           $DOCKER_STORAGE_OPTIONS \
 27           $DOCKER_NETWORK_OPTIONS \
 28           $ADD_REGISTRY \
 29           $BLOCK_REGISTRY \
 30           $INSECURE_REGISTRY \
 31       $REGISTRIES
 32 ExecReload=/bin/kill -s HUP $MAINPID
 33 LimitNOFILE=1048576
 34 LimitNPROC=1048576
 35 LimitCORE=infinity
 36 TimeoutStartSec=0
 37 Restart=on-abnormal
 38 KillMode=process
 39

于是,我在/etc/sysconfig/docker文件中修改:

OPTIONS='--selinux-enabled=false --insecure-registry xxx.com --log-driver=journald'

设置私有库,然后重启:

[root@localhost mysql]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@localhost mysql]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since 二 2020-11-17 15:25:44 CST; 9s ago
     Docs: http://docs.docker.com
 Main PID: 23295 (dockerd-current)
   Memory: 22.9M
   CGroup: /system.slice/docker.service
           ├─23295 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupd...
           └─23303 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-...

11月 17 15:25:43 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:43.481151266+08:00" level=info msg="libcontainerd: new containerd proc...: 23303"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.492774158+08:00" level=info msg="Graph migration to content-address...seconds"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.493754865+08:00" level=info msg="Loading containers: start."
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.509437763+08:00" level=info msg="Firewalld running: false"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.567080971+08:00" level=info msg="Default bridge (docker0) is assign...address"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.595571883+08:00" level=info msg="Loading containers: done."
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.612819377+08:00" level=info msg="Daemon has completed initialization"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.612848894+08:00" level=info msg="Docker daemon" commit="0be3e21/1.1...n=1.13.1
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.618192007+08:00" level=info msg="API listen on /var/run/docker.sock"
11月 17 15:25:44 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.

启动成功,然后再登录:

[root@localhost mysql]# docker login http://xxx.com -u root -p xxx
Login Succeeded

登录成功!

ps:官方文档有说明,如果启用了双重验证(Two-Factor Authentication)则不应该输入密码,而是token:

 docker login xxx.com -u <username> -p <token>
©著作权归作者所有,转载或内容合作请联系作者
【社区内容提示】社区部分内容疑似由AI辅助生成,浏览时请结合常识与多方信息审慎甄别。
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

相关阅读更多精彩内容

友情链接更多精彩内容