`
hanqunfeng
  • 浏览: 1540907 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

docker学习笔记之三:进阶实战--Registry创建镜像仓库私服

阅读更多

registry V2说明文档 https://docs.docker.com/registry/deploying/

 

【重要】registry v2安装参考资料:

http://www.open-open.com/lib/view/open1456539405281.html

 

下载registry镜像:

sudo docker pull registry

 

创建证书:

sudo mkdir -p /docker_registry_dir/certs

sudo vi /etc/hosts :指定自定义的域名

 

  1. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
  2. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
  3. 10.211.55.8 docker.registry.server

 

 

 

sudo openssl req -newkey rsa:4096 -nodes -sha256 -keyout /docker_registry_dir/certs/domain.key -x509 -days 365 -out /docker_registry_dir/certs/domain.crt

 

  1. Generating a 4096 bit RSA private key
  2. .................................++
  3. ...++
  4. writing new private key to \'/docker_registry_dir/certs/domain.key\'
  5. -----
  6. You are about to be asked to enter information that will be incorporated
  7. into your certificate request.
  8. What you are about to enter is what is called a DistinguishedName or a DN.
  9. There are quite a few fields but you can leave some blank
  10. For some fields there will be a default value,
  11. If you enter \'.\', the field will be left blank.
  12. -----
  13. CountryName(2 letter code)[XX]:CN
  14. State or ProvinceName(full name)[]:beijing
  15. LocalityName(eg, city)[DefaultCity]:beijing
  16. OrganizationName(eg, company)[DefaultCompanyLtd]:NQ
  17. OrganizationalUnitName(eg, section)[]:NQ
  18. CommonName(eg, your name or your server\'s hostname) []:docker.registry.server
  19. Email Address []:hanqf2008@163.com

 

 

sudo mkdir -p /etc/docker/certs.d/docker.registry.server:5000

sudo cp /docker_registry_dir/certs/domain.crt /etc/docker/certs.d/docker.registry.server:5000/ca.crt

说明:因为是自己制作的证书,所以注意保存/docker_registry_dir/certs/domain.crt,其它客户端也需要将该证书拷贝到/etc/docker/certs.d/docker.registry.server:5000/ca.crt下,如果是认证过的证书,则不需要执行该步骤。

 

创建认证帐号:

sudo mkdir -p /docker_registry_dir/auth

切换到root用户:

docker run --rm --entrypoint  htpasswd  docker.io/registry:latest -Bbn admin admin >> /docker_registry_dir/auth/htpasswd :可以创建多个帐号

 

启动registry容器:

sudo mkdir /docker_registry_dir/registryDir

 

  1. sudo docker run -d -p 5000:5000--restart=always --name registry \\
  2. -v /docker_registry_dir/auth:/auth \\
  3. -e "REGISTRY_AUTH=htpasswd" \\
  4. -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \\
  5. -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \\
  6. -v /docker_registry_dir/registryDir:/var/lib/registry \\
  7. -v /docker_registry_dir/certs:/certs \\
  8. -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \\
  9. -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \\
  10. docker.io/registry:latest
 

 

 

上传镜像:

sudo docker login docker.registry.server:5000

 

  1. Username: admin
  2. Password:
  3. Email: hanqf2008@163.com
  4. WARNING: login credentials saved in/root/.docker/config.json
  5. LoginSucceeded

 

 

sudo docker tag docker.io/swarm:latest docker.registry.server:5000/swarm:latest

sudo dcoker push docker.registry.server:5000/swarm:latest

 

  1. The push refers to a repository [docker.registry.server:5000/swarm]
  2. c54d433c22fe:Pushed
  3. 2fe4d825a161:Pushed
  4. 249a306ce89e:Pushed
  5. latest: digest: sha256:c9e1b4d4e399946c0542accf30f9a73500d6b0b075e152ed1c792214d3509d70 size:923
 
下载镜像:
如果没有登录私服,要先登录。
这里先删除docker.registry.server:5000/swarm:latest,然后重新下载
sudo docker rmi docker.registry.server:5000/swarm:latest
sudo docker pull docker.registry.server:5000/swarm:latest
  1. Trying to pull repository docker.registry.server:5000/swarm ...
  2. latest:Pulling from docker.registry.server:5000/swarm
  3. Digest: sha256:c9e1b4d4e399946c0542accf30f9a73500d6b0b075e152ed1c792214d3509d70
  4. Status:Downloaded newer image for docker.registry.server:5000/swarm:latest
 

 

 

查看仓库镜像:

sudo curl --cacert /docker_registry_dir/certs/domain.crt  --basic --user admin:admin https://docker.registry.server:5000/v2/_catalog

 

  1. {"repositories":["swarm"]}
 

 

sudo curl --cacert /docker_registry_dir/certs/domain.crt  --basic --user admin:admin https://docker.registry.server:5000/v2/swarm/tags/list

 

  1. {"name":"swarm","tags":["latest"]}
 

sudo curl --cacert /docker_registry_dir/certs/domain.crt  --basic --user admin:admin https://docker.registry.server:5000/v2/swarm/manifests/latest

 

删除仓库镜像:【目前不支持】

官方参考资料:https://docs.docker.com/registry/spec/api/

 sudo curl --cacert /docker_registry_dir/certs/domain.crt  --basic --user admin:admin https://docker.registry.server:5000/v2/_catalog

 

{"repositories":["mysql","swarm"]}

 

 

sudo curl  -X DELETE --cacert /docker_registry_dir/certs/domain.crt  --basic --user admin:admin https://docker.registry.server:5000/v2/mysql/manifests/latest

 

{"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}

 

sudo curl  -X DELETE --cacert /docker_registry_dir/certs/domain.crt  --basic --user admin:admin https://docker.registry.server:5000/v2/mysql/manifests/sha256:bd446145a97e292a05e36f322ca06a82188608f7de107307e5a24ae775dc5a44

 
{"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}
 
使用第三方删除工具:
 
安装:
curl https://raw.githubusercontent.com/burnettk/delete-docker-registry-image/master/delete_docker_registry_image.py | sudo tee /usr/local/bin/delete_docker_registry_image >/dev/null
sudo chmod a+x /usr/local/bin/delete_docker_registry_image
 
指定本地仓库的路径,这里用环境变量没有起作用,所以使用了软连接方式
sudo ln -s /docker_registry_dir/registryDir /opt/registry_data
 
删除指定tag
sudo /usr/local/bin/delete_docker_registry_image --image mysql:latest
此时:

sudo curl --cacert /docker_registry_dir/certs/domain.crt  --basic --user admin:admin https://docker.registry.server:5000/v2/_catalog

{"repositories":["mysql","swarm"]}

 

看到mysql还在,但是其下面对应的tag已经不见了:

sudo curl --cacert /docker_registry_dir/certs/domain.crt  --basic --user admin:admin https://docker.registry.server:5000/v2/mysql/tags/list

{"name":"mysql","tags":null}

 
删除指定仓库
sudo /usr/local/bin/delete_docker_registry_image --image mysql
删除成功

sudo curl --cacert /docker_registry_dir/certs/domain.crt  --basic --user admin:admin https://docker.registry.server:5000/v2/_catalog

{"repositories":["swarm"]}

 

 

https://docs.docker.com/registry/spec/api/#deleting-an-image

 

 

Method

Path

Entity

Description

GET

/v2/

Base

Check that the endpoint implements Docker Registry API V2.

GET

/v2/<name>/tags/list

Tags

Fetch the tags under the repository identified by name.

GET

/v2/<name>/manifests/<reference>

Manifest

Fetch the manifest identified by name and reference where reference can be a tag or digest. A HEAD request can also be issued to this endpoint to obtain resource information without receiving all data.

PUT

/v2/<name>/manifests/<reference>

Manifest

Put the manifest identified by name and reference where reference can be a tag or digest.

DELETE

/v2/<name>/manifests/<reference>

Manifest

Delete the manifest identified by name and reference. Note that a manifest can only be deleted by digest.

GET

/v2/<name>/blobs/<digest>

Blob

Retrieve the blob from the registry identified by digest. A HEAD request can also be issued to this endpoint to obtain resource information without receiving all data.

DELETE

/v2/<name>/blobs/<digest>

Blob

Delete the blob identified by name and digest

POST

/v2/<name>/blobs/uploads/

Initiate Blob Upload

Initiate a resumable blob upload. If successful, an upload location will be provided to complete the upload. Optionally, if the digest parameter is present, the request body will be used to complete the upload in a single request.

GET

/v2/<name>/blobs/uploads/<uuid>

Blob Upload

Retrieve status of upload identified by uuid. The primary purpose of this endpoint is to resolve the current status of a resumable upload.

PATCH

/v2/<name>/blobs/uploads/<uuid>

Blob Upload

Upload a chunk of data for the specified upload.

PUT

/v2/<name>/blobs/uploads/<uuid>

Blob Upload

Complete the upload specified by uuid, optionally appending the body as the final chunk.

DELETE

/v2/<name>/blobs/uploads/<uuid>

Blob Upload

Cancel outstanding upload processes, releasing associated resources. If this is not called, the unfinished uploads will eventually timeout.

GET

/v2/_catalog

Catalog

Retrieve a sorted, json list of repositories available in the registry.

 

 

分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics