docker之搭建私有仓库

因为前面有了一些 Docker 基础，我就不再多罗嗦了

1. 修改配置http访问

[root@test01 ~]# cat /etc/docker/daemon.json
{"registry-mirrors": ["https://registry.docker-cn.com"],"insecure-registries":["192.168.1.30:5000"]}

如果不这样配置，结果如下。这个问题可能是由于客户端采用https，docker registry未采用https服务所致。一种处理方式是把客户对地址“192.168.1.30:5000”请求改为http

[root@test01 ~]# docker push 192.168.1.30:5000/centos
The push refers to a repository [192.168.1.30:5000/centos]
Get https://192.168.1.30:5000/v1/_ping: http: server gave HTTP response to HTTPS client

2. 使用容器运行docker-registry

[root@test01 ~]# docker run -d -p 5000:5000 --privileged=true -v /opt/data/registry:/tmp/registry --name='docker-registry' registry

参数说明：
-v /opt/data/registry:/tmp/registry :默认情况下，会将仓库存放于容器内的/tmp/registry目录下，指定本地目录挂载到容器
–privileged=true ：CentOS7中的安全模块selinux把权限禁掉了，参数给容器加特权，不加上传镜像会报权限错误(OSError: [Errno 13] Permission denied: ‘/tmp/registry/repositories/liibrary’)或者（Received unexpected HTTP status: 500 Internal Server Error）错误

3. 上传镜像

[root@test01 ~]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
docker.io/wordpress        latest              346b1443b020        30 hours ago        407 MB
[root@test01 ~]# docker push 192.168.1.30:5000/wordpress
The push refers to a repository [192.168.1.30:5000/wordpress]
An image does not exist locally with the tag: 192.168.1.30:5000/wordpress
[root@test01 ~]#

根据提示，我们知道需要修改一下tag才能上传

[root@test01 ~]# docker tag docker.io/wordpress 192.168.1.30:5000/wordpress
[root@test01 ~]# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
192.168.1.30:5000/wordpress   latest              346b1443b020        30 hours ago        407 MB
docker.io/wordpress           latest              346b1443b020        30 hours ago        407 MB
[root@test01 ~]# docker push 192.168.1.30:5000/wordpress
The push refers to a repository [192.168.1.30:5000/wordpress]
3d7c1bb6ce9f: Pushed

4. 从私有仓库中下载

[root@test01 ~]# docker pull 192.168.1.30:5000/wordpress

5. 客户端永久配置使用私有仓库

加入ADD_REGISTRY='--add-registry 192.168.1.30:5000'

[root@test01 ~]# cat /etc/sysconfig/docker
# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false -H unix:///var/run/docker.sock -H 0.0.0.0:2376'
ADD_REGISTRY='--add-registry 192.168.1.30:5000'
if [ -z "${DOCKER_CERT_PATH}" ]; then
    DOCKER_CERT_PATH=/etc/docker
fi