centos7系统下搭建docker本地镜像仓库
时间:2017-02-19 23:24 来源:linux.it.net.cn 作者:IT
准备工作
用到的工具, Xshell5, Xftp5, Docker.io/registry:latest镜像, 宿主机IP:192.168.199.131
关于docker的安装和设置加速, 请参考这篇博文centos7系统下 docker 环境搭建
设置完加速后, 执行docker pull registry命令, 下载docker.io/registry官方镜像
启动registry镜像
启动docker.io/registry容器, 如果tag是latest, 可以忽略不写
docker run -d -p 80:5000 --restart=always --name local_registry docker.io/registry:latest
-d 后台运行 -p 端口映射, 宿主机80端口映射给容器的5000端口 –restart=always 容器意外关闭后, 自动重启 (如果重启docker服务, 带这个参数的, 能自动启动为Up状态, 不带这个的,不会自动启动) –name 给容器起个名字, 可以根据这个名字去停止/启动/删除容器
配置端口开放
[root@localhost docker]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@localhost docker]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
[root@localhost docker]# firewall-cmd --reload
success
[root@localhost docker]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: 80/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
配置端口开放之后, 需要执行firewall-cmd –reload才能生效
重命名镜像
[root@localhost docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
repos_local/zookeeper 0.0.1 bdb481b4f17a 2 days ago 541.5 MB
repos_local/zookeeper 是上篇博文介绍的使用Dockerfile文件创建的镜像, 重命名
docker tag repos_local/zookeeper:0.0.1 192.168.199.131/repos_local/zookeeper:latest
docker tag 原镜像名:tag 新镜像名:tag
docker images 查看镜像名称是否更改正确
[root@localhost docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.199.131/repos_local/zookeeper latest bdb481b4f17a 2 days ago 541.5 MB
推送镜像
docker push 192.168.199.131/repos_local/zookeeper:latest
如果提示以下错误, 说明没有把搭建的registry加入可信任的列表里面, 如果有https域名或者能创建.crt证书, 那么可以忽略以下步骤
Error response from daemon: invalid registry endpoint https://192.168.199.131/v0/: unable to ping registry endpoint https://192.168.199.131/v0/
v2 ping attempt failed with error: Get https://192.168.199.131/v2/: dial tcp 192.168.199.131:443: no route to host
v1 ping attempt failed with error: Get https://192.168.199.131/v1/_ping: dial tcp 192.168.199.131:443: no route to host. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.199.131` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/192.168.199.131/ca.crt
解决方法:
只针对centos7下 Docker version 1.12.5, build 047e51b/1.12.5版本有效, 其它版本没做过测试
vi /etc/sysconfig/docker
注意–insecure-registry 192.168.199.131插入的位置
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.199.131'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
重启docker服务
systemctl restart docker.service
重新执行docker push 192.168.199.131/repos_local/zookeeper:latest , 这次应该就能成功了
查看镜像仓库
[root@localhost docker]# curl 192.168.199.131/v2/_catalog
{"repositories":["repos_local/zookeeper"]}
[root@localhost docker]# curl 192.168.199.131/v2/repos_local/zookeeper/tags/list
{"name":"repos_local/zookeeper","tags":["latest"]}
至于镜像的删除, 目前还没找到一个好的解决方法, 如有建议请留言
(责任编辑:IT)
| 准备工作 用到的工具, Xshell5, Xftp5, Docker.io/registry:latest镜像, 宿主机IP:192.168.199.131 关于docker的安装和设置加速, 请参考这篇博文centos7系统下 docker 环境搭建 设置完加速后, 执行docker pull registry命令, 下载docker.io/registry官方镜像 启动registry镜像 启动docker.io/registry容器, 如果tag是latest, 可以忽略不写 docker run -d -p 80:5000 --restart=always --name local_registry docker.io/registry:latest -d 后台运行 -p 端口映射, 宿主机80端口映射给容器的5000端口 –restart=always 容器意外关闭后, 自动重启 (如果重启docker服务, 带这个参数的, 能自动启动为Up状态, 不带这个的,不会自动启动) –name 给容器起个名字, 可以根据这个名字去停止/启动/删除容器 配置端口开放 [root@localhost docker]# firewall-cmd --zone=public --add-port=80/tcp --permanent success [root@localhost docker]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: [root@localhost docker]# firewall-cmd --reload success [root@localhost docker]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: 80/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: 配置端口开放之后, 需要执行firewall-cmd –reload才能生效 重命名镜像 [root@localhost docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE repos_local/zookeeper 0.0.1 bdb481b4f17a 2 days ago 541.5 MB repos_local/zookeeper 是上篇博文介绍的使用Dockerfile文件创建的镜像, 重命名 docker tag repos_local/zookeeper:0.0.1 192.168.199.131/repos_local/zookeeper:latest docker tag 原镜像名:tag 新镜像名:tag docker images 查看镜像名称是否更改正确 [root@localhost docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.199.131/repos_local/zookeeper latest bdb481b4f17a 2 days ago 541.5 MB 推送镜像 docker push 192.168.199.131/repos_local/zookeeper:latest 如果提示以下错误, 说明没有把搭建的registry加入可信任的列表里面, 如果有https域名或者能创建.crt证书, 那么可以忽略以下步骤 Error response from daemon: invalid registry endpoint https://192.168.199.131/v0/: unable to ping registry endpoint https://192.168.199.131/v0/ v2 ping attempt failed with error: Get https://192.168.199.131/v2/: dial tcp 192.168.199.131:443: no route to host v1 ping attempt failed with error: Get https://192.168.199.131/v1/_ping: dial tcp 192.168.199.131:443: no route to host. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.199.131` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/192.168.199.131/ca.crt 解决方法: 只针对centos7下 Docker version 1.12.5, build 047e51b/1.12.5版本有效, 其它版本没做过测试 vi /etc/sysconfig/docker 注意–insecure-registry 192.168.199.131插入的位置 # Modify these options if you want to change the way the docker daemon runs OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.199.131' if [ -z "${DOCKER_CERT_PATH}" ]; then DOCKER_CERT_PATH=/etc/docker fi 重启docker服务 systemctl restart docker.service 重新执行docker push 192.168.199.131/repos_local/zookeeper:latest , 这次应该就能成功了 查看镜像仓库 [root@localhost docker]# curl 192.168.199.131/v2/_catalog {"repositories":["repos_local/zookeeper"]} [root@localhost docker]# curl 192.168.199.131/v2/repos_local/zookeeper/tags/list {"name":"repos_local/zookeeper","tags":["latest"]} 至于镜像的删除, 目前还没找到一个好的解决方法, 如有建议请留言 (责任编辑:IT) |