【IT168 技术】1. 相关的版本信息
这里使用的docker的版本为1.0.1,这里使用的Ubuntu14.04
ubuntu@10-10-68-54:~$ sudo docker info
[sudo] password for ubuntu:
Containers: 1
Images: 78
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Dirs: 80
Execution Driver: native-0.2
Kernel Version: 3.13.0-24-generic
WARNING: No swap limit support
ubuntu@10-10-68-54:~$ sudo docker version
Client version: 1.0.1
Client API version: 1.12
Go version (client): go1.2.1
Git commit (client): 990021a
Server version: 1.0.1
Server API version: 1.12
Go version (server): go1.2.1
Git commit (server): 990021a
ubuntu@10-10-68-54:~$ sudo docker --version
Docker version 1.0.1, build 990021a
2. 安装Registry
Docker官方有免费的public pub,也有付费的private pub,我们也可以使用官方提供的docker registry在本地搭建自己的私有仓库,这样就可以再局域网中push/pull镜像了,可以很方便的进行push/pull操作,并且速度很快。这一节就是介绍registry的相关信息,这里使用的docker的版本为1.0.1,和最新版本的docker可能有所不同,主要体现在安全方面。
ubuntu@10-10-68-54:~$ sudo docker run -d -p 5000:5000 registry
Unable to find image 'registry' locally
Pulling repository registry
e33e81d7024c: Download complete
e33e81d7024c: Pulling image (latest) from registry
511136ea3c5a: Download complete
f3c84ac3a053: Download complete
a1a958a24818: Download complete
9fec74352904: Download complete
6cfde7386ab2: Download complete
18338e557800: Download complete
4e369c8d4164: Download complete
0c2bd7250cff: Download complete
d19d6b16e220: Download complete
89b39fe82d93: Download complete
881764bc7f3a: Download complete
6173f4c32b49: Download complete
14cf53930f50: Download complete
5573b22f32578152556c356548a79dc6bd1db63c2bdc4c24a0d9f9b3efba2fd0
使用docker images命令查看
ubuntu@10-10-68-54:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
registry latest e33e81d7024c 7 days ago 413.7 MB
ubuntu latest d0955f21bf24 8 days ago 188.3 MB
ubuntu 14.04 d0955f21bf24 8 days ago
使用docker ps命令查看,可以看到运行的容器
也可以使用下面的命令指定镜像存在的位置,
sudo docker run -d -p 5000:5000 -v /data:/tmp/registry registry
在另一台PC上push到registry服务器后,可以在相应的目录下查看到下面的三个目录,push的镜像在images,repositories
使用docker tag对其进行改名
ubuntu@10-10-68-54:~$ sudo docker tag d0955f21bf24 10.10.68.54:5000/ubuntu
ubuntu@10-10-68-54:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
registry latest e33e81d7024c 7 days ago 413.7 MB
ubuntu latest d0955f21bf24 8 days ago
10.10.68.54:5000/ubuntu latest d0955f21bf24 8 days ago
然后使用docker push把该镜像push到刚刚创建的registry 服务器上。
ubuntu@10-10-68-54:~$ sudo docker push 10.10.68.54:5000/ubuntu
The push refers to a repository [10.10.68.54:5000/ubuntu] (len: 1)
Sending image list
Pushing repository 10.10.68.54:5000/ubuntu (1 tags)
511136ea3c5a: Image successfully pushed
f3c84ac3a053: Image successfully pushed
a1a958a24818: Image successfully pushed
9fec74352904: Image successfully pushed
d0955f21bf24: Image successfully pushed
Pushing tag for rev [d0955f21bf24] on {http://10.10.68.54:5000/v1/repositories/ubuntu/tags/latest}
在另一台PC上可以使用下面的命令进行pull,
ubuntu@10-10-78-18:~$ sudo docker pull 10.10.68.54:5000/ubuntu
Pulling repository 10.10.68.54:5000/ubuntu
d0955f21bf24: Download complete
511136ea3c5a: Download complete
f3c84ac3a053: Download complete
a1a958a24818: Download complete
9fec74352904: Download complete
通过docker images可以看到,可以从刚才创建的registry上pull镜像到另一个PC上。
ubuntu@10-10-78-18:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
10.10.68.54:5000/ubuntu latest d0955f21bf24 8 days ago 192.7 MB
我们能从registry上pull一个镜像,也可以从另一台PC上push一个镜像到registry上,先从docker.cn上pull一个centos6.3-base的镜像,
ubuntu@10-10-78-18:~$ sudo docker pull frankzfz/centos6.3-base
[sudo] password for ubuntu:
Pulling repository frankzfz/centos6.3-base
a8fe6b2d8f23: Download complete
然后使用下面的命令push到registy上,
ubuntu@10-10-78-18:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
10.10.68.54:5000/ubuntu latest d0955f21bf24 8 days ago 192.7 MB
frankzfz/centos6.3-base latest a8fe6b2d8f23 3 weeks ago 738 MB
但是直接使用下面的命令并不能push成功,
ubuntu@10-10-78-18:~$ sudo docker push 10.10.68.54:5000/frankzfz/centos6.3-base
The push refers to a repository [10.10.68.54:5000/frankzfz/centos6.3-base] (len: 0)
2015/03/28 20:38:21 No such id: 10.10.68.54:5000/frankzfz/centos6.3-base
使用docker tag 对刚才的进行镜像进行改名。
ubuntu@10-10-78-18:~$ sudo docker tag a8fe6b2d8f23 10.10.68.54:5000/centos6.3-base
ubuntu@10-10-78-18:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
10.10.68.54:5000/ubuntu latest d0955f21bf24 8 days ago 192.7 MB
frankzfz/centos6.3-base latest a8fe6b2d8f23 3 weeks ago 738 MB
10.10.68.54:5000/centos6.3-base latest a8fe6b2d8f23 3 weeks ago 738 MB
Push到刚才建立registy的机器上。
ubuntu@10-10-78-18:~$ sudo docker push 10.10.68.54:5000/centos6.3-base
The push refers to a repository [10.10.68.54:5000/centos6.3-base] (len: 1)
Sending image list
Pushing repository 10.10.68.54:5000/centos6.3-base (1 tags)
a8fe6b2d8f23: Image successfully pushed
Pushing tag for rev [a8fe6b2d8f23] on {http://10.10.68.54:5000/v1/repositories/centos6.3-base/tags/latest}
3 测试验证
现在把创建的centos6.3-base删除掉,然后使用pull命令从registry进行拉取。
ubuntu@10-10-78-18:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
10.10.68.54:5000/ubuntu latest d0955f21bf24 8 days ago 192.7 MB
通过上面的信息可以看出已经把刚才centos-6.3的images给删除了,然后通过下面的命令从10.10.68.54上进行拉取。
ubuntu@10-10-78-18:~$ sudo docker pull 10.10.68.54:5000/centos6.3-base
Pulling repository 10.10.68.54:5000/centos6.3-base
a8fe6b2d8f23: Download complete
image (latest) from 10.10.68.54:5000/centos6.3-base
ubuntu@10-10-78-18:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
10.10.68.54:5000/ubuntu latest d0955f21bf24 8 days ago 192.7 MB
10.10.68.54:5000/centos6.3-base latest a8fe6b2d8f23 3 weeks ago 738 MB
在registry的服务器上可以看到刚才push的镜像目录。
4 新版本Docker配置
对于docker1.3.x的版本增加了安全性,docker registry交互默认使用的是https,上面搭建的私有仓库只提供http服务,所以如果在docker1.3.X以后的版本使用上面的搭建私有仓库的方式,会出现下面的错误信息:
Error: Invalid registry endpoint ... Get ... If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add '--insecure-registry 10.10.63.106:5000' to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/10.10.63.106:5000/ca.crt
解决方法在etc/sysconfig/docker文件中添加--insecure-registry=10.10.63.106:5000,
cat /etc/sysconfig/docker
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS=--selinux-enabled -H fd://
DOCKER_OPTS="$DOCKER_OPTS --insecure-registry=10.10.63.106:5000"
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
或者修改/usr/lib/systemd/system/docker.service,在该文件中修改下面的一行。
[root@10-10-63-106 ~]# cat /usr/lib/systemd/system/docker.service.back
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
ExecStart=/usr/bin/docker -d --insecure-registry 10.10.63.106:5000 $OPTIONS $DOCKER_STORAGE_OPTIONS
LimitNOFILE=1048576
LimitNPROC=1048576
MountFlags=private
[Install]
WantedBy=multi-user.target
在启动registry容器的时候,使用下面的命令,
docker run -p 5000:5000 registry
出现下面的容器信息,使用netstat –nlp可以查看到监听的端口号为5000.
在指定目录下生成下面的两个子目录: