Docker 学习笔记

时光毁灭记忆、已成空白 提交于 2020-10-09 08:40:55

当我们只需 docker pull等操作的时候,默认都是从公共的仓库 docker hub上面进行下载。我们也可以设置自己的私有仓库 registry。下面简单的介绍一下两种常见的访问方式。 更多的详细解释参见 https://docs.docker.com/registry/

HTTP 方式

Registry的配置很简单 他本身就是一个服务,因此我们可以直接从容器启动 , 比如指定了一个名字registry,开放端口5000,挂载了一个宿主机的目录作为存放镜像的目录

docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry

上传镜像就两步操作,第一打个标签,第二上传

docker tag busybox:1.29 172.16.1.150/busybox:1.29
docker push 172.16.1.150/busybox:1.29

默认情况下会报错,这是因为他默认会使用https的协议,而我们使用的http

The push refers to repository [172.16.1.150/busybox]
Get https://172.16.1.150/v2/: dial tcp 172.16.1.150:443: connect: connection refused

解决方法是把我们的私有仓库的地址加入白名单

创建一个 /etc/docker/damemon.json 的文件,如下所示

{
"insecure-registries": ["172.16.1.150:5000"]
}

然后重启 docker 服务,再次上传就可以了

systemctl restart docker
docker push 172.16.1.150/busybox:1.29

下载的方式也类似,首先删单当前的相关镜像,然后下载一个

docker rmi busybox:1.29
docker rmi busybox:latest
docker pull 172.16.1.150:5000/busybox:1.29

删除镜像

这个需要进入registry容器,删除对应的metadata的目录,然后执行一个垃圾回收的操作,彻底的清空


[root@ip-172-16-1-150 bash_completion.d]# docker exec -it registry sh
/ # rm -fr /var/lib/registry/docker/registry/v2/repositories/busybox/
/ # registry garbage-collect /etc/docker/registry/config.yml
ghost
ghost: marking manifest sha256:71422ddf0230e11db21c0c38298a7a57ec9c2bf2ea2f9044303ca25b5f7205a9
ghost: marking blob sha256:40128288ca81dcda5779742757851149b0d7aee322f854b1a65a030d7a49e836
ghost: marking blob sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08
ghost: marking blob sha256:57d481011659a13bdb095379d64b4b858612ae1b923da2247c8fc97d52920c72
ghost: marking blob sha256:d6fabc993f172c5fea591f7820f283ca6e238289b3414930dbc808a392f80e9f
ghost: marking blob sha256:834ca887ea10ccf5c773b01efa3b1331ba97b7b9fa6fc0c00f8577e96491ab05
ghost: marking blob sha256:ad02ebe5fd045290b160178a369c06b5dcac3794f366b205e5322eb55104ec48
ghost: marking blob sha256:4ac08c3f0139584f5793c0781db31b35c5d858ec8bb3a1dfc10049ac143bf2ed
ghost: marking blob sha256:e9fc087e6a7813bb7d52f69744d4345fb4f8ad65c14136cacc67425cb987a7e0
ghost: marking blob sha256:846777c8cbce526597e1ae3c9c3efb82431d2b2bbd9bbe50fa687c396e0d598e
ghost: marking blob sha256:54ad64533e5521e02c68f5678ce64c996b9d824dd3a049424d43bf62a35f8599

11 blobs marked, 3 blobs and 0 manifests eligible for deletion
blob eligible for deletion: sha256:e004c2cc521c95383aebb1fb5893719aa7a8eae2e7a71f316a4410784edb00a9
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/e0/e004c2cc521c95383aebb1fb5893719aa7a8eae2e7a71f316a4410784edb00a9  go.version=go1.11.2 instance.id=d1623c34-896c-4e22-9982-f1d0708b6f46 service=registry
blob eligible for deletion: sha256:758ec7f3a1ee85f8f08399b55641bfb13e8c1109287ddc5e22b68c3d653152ee
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/75/758ec7f3a1ee85f8f08399b55641bfb13e8c1109287ddc5e22b68c3d653152ee  go.version=go1.11.2 instance.id=d1623c34-896c-4e22-9982-f1d0708b6f46 service=registry
blob eligible for deletion: sha256:b4a6e23922ddc3d105fee9afff80151a13fe058143351a8e9294286575f2f37e
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/b4/b4a6e23922ddc3d105fee9afff80151a13fe058143351a8e9294286575f2f37e  go.versio
```n=go1.11.2 instance.id=d1623c34-896c-4e22-9982-f1d0708b6f46 service=registry
/ # exit

通过浏览器查看

显示镜像

![](https://s4.51cto.com/images/blog/202010/08/3c411412f3ab4ac6f509587d3e7b43ab.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

显示镜像的tag等信息

![](https://s4.51cto.com/images/blog/202010/08/5f02a4dfeb571a9b55c94a2769f9995b.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

# Basic Auth的访问方式
这种方式会弹出用户名和密码要求验证,因此我们每次上传下载之前需要登录

[root@ip-172-16-1-150 bash_completion.d]# mkdir /opt/registry-var/auth/ -p
[root@ip-172-16-1-150 bash_completion.d]# htpasswd -Bbn beanxyz 12345 >> /opt/registry-var/auth/htpasswd
[root@ip-172-16-1-150 bash_completion.d]# docker rm -f docker ps -a -q
84ed40662093
65e5c21d305f
cd1381f25ed2
[root@ip-172-16-1-150 bash_completion.d]# htpasswd -Bbn beanxyz 12345 >> /opt/registry-var/auth/htpasswd^C
[root@ip-172-16-1-150 bash_completion.d]# docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
8e938a0fd7cae83a6563ba75060eb5ee2b41d444569817388ee04516a87802c9
[root@ip-172-16-1-150 bash_completion.d]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8e938a0fd7ca registry "/entrypoint.sh /etc…" 5 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp fervent_driscoll
[root@ip-172-16-1-150 bash_completion.d]# docker login 172.16.1.150:5000
Username: beanxyz
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
















Login Succeeded
[root@ip-172-16-1-150 bash_completion.d]# docker

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!