仓库的搭建

下载registry镜像

[root@foundation3 ~]# docker search registry  ###搜寻registry镜像
[root@foundation3 ~]# docker pull registry  ##拉取镜像
Using default tag: latest
latest: Pulling from library/registry
4064ffdc82fe: Pull complete 
c12c92d1c5a2: Pull complete 
4fbc9b6835cc: Pull complete 
765973b0f65f: Pull complete 
3968771a7c3a: Pull complete 
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:latest

生成容器

[root@foundation3 ~]# docker images registry 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            latest              b2b03e9146e1        6 weeks ago         33.3 MB
[root@foundation3 ~]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry
2f890beaae98611c968fb1e554ad4362a0a8fb829104454e50681125dd426d36
[root@foundation3 ~]# docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
2f890beaae98        registry            "/entrypoint.sh /e..."   41 seconds ago      Up 39 seconds       0.0.0.0:5000->5000/tcp   ecstatic_turing
8b2d41ee2c1d        ubuntu              "/bin/bash"              3 minutes ago       Up 3 minutes                                 vm1

修改镜像的tag，完成后把打了tag的镜像上传到本地镜像

[root@foundation3 ~]# docker tag nginx localhost:5000/nginx
[root@foundation3 ~]# docker push localhost:5000/nginx
The push refers to a repository [localhost:5000/nginx]
08d25fa0442e: Pushed 
a8c4aeeaa045: Pushed 
cdb3f9544e4c: Pushed 
latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948

[root@foundation3 ~]# cd /opt/registry/
[root@foundation3 registry]# pwd
/opt/registry
[root@foundation3 registry]# ls
docker
[root@foundation3 registry]# tree docker

删除本地的镜像文件，从仓库拉取测试仓库的搭建

[root@foundation3 registry]# docker images 
REPOSITORY             TAG                 IMAGE ID            CREATED             SIZE
rhel7                  v4                  646362a6d8a3        5 hours ago         140 MB
rhel7                  v3                  04a5789b1686        6 hours ago         178 MB
<none>                 <none>              3b0a481fbbda        6 hours ago         140 MB
rhel7                  v2                  74fb024c3c03        47 hours ago        154 MB
rhel7                  v1                  fca0454295a3        2 days ago          169 MB
localhost:5000/nginx   latest              c82521676580        3 weeks ago         109 MB
registry               latest              b2b03e9146e1        6 weeks ago         33.3 MB
ubuntu                 latest              07c86167cdc4        2 years ago         188 MB
progrium/stress        latest              db646a8f4087        4 years ago         282 MB
rhel7                  latest              0a3eb3fde7fd        4 years ago         140 MB
[root@foundation3 registry]# docker rmi localhost:5000/nginx
Untagged: localhost:5000/nginx:latest
Untagged: localhost:5000/nginx@sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f
Deleted: sha256:c82521676580c4850bb8f0d72e47390a50d60c8ffe44d623ce57be521bca9869
Deleted: sha256:2c1f65d17acf8759019a5eb86cc20fb8f8a7e84d2b541b795c1579c4f202a458
Deleted: sha256:8f222b457ca67d7e68c3a8101d6509ab89d1aad6d399bf5b3c93494bbf876407
Deleted: sha256:cdb3f9544e4c61d45da1ea44f7d92386639a052c620d1550376f22f5b46981af
[root@foundation3 registry]# docker pull localhost:5000/nginx
Using default tag: latest
latest: Pulling from nginx
2da35ff30a7d: Pull complete 
831fb1a65ced: Pull complete 
7a63da4e8a19: Pull complete 
Digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f
Status: Downloaded newer image for localhost:5000/nginx:latest

2、加ssl证书
创建证书文件夹，加入本地解析

[root@foundation3 docker]# cd /tmp/docker/
[root@foundation3 docker]# mkdir certs
[root@foundation3 docker]# vim /etc/hosts
[root@foundation3 docker]# ping westos.org
PING westos.org (172.25.3.250) 56(84) bytes of data.
64 bytes from westos.org (172.25.3.250): icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from westos.org (172.25.3.250): icmp_seq=2 ttl=64 time=0.035 ms

生成ssl证书

[root@foundation3 docker]# cd /tmp/docker/
[root@foundation3 docker]# ls
certs  Dockerfile  dvd.repo  ssh  supervisord.conf  test  web
[root@foundation3 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt

将证书copy到上面创建的证书文件夹下

[root@foundation3 docker]# cd /etc/docker/
[root@foundation3 docker]# ls
daemon.json  key.json
[root@foundation3 docker]# mkdir certs.d
[root@foundation3 docker]# cd certs.d/
[root@foundation3 certs.d]# mkdir westos.org
[root@foundation3 certs.d]# ls
westos.org
[root@foundation3 certs.d]# cd westos.org/
[root@foundation3 westos.org]# cp /tmp/docker/certs/domain.crt ./ca.crt
[root@foundation3 westos.org]# ls
ca.crt

建立私有仓库并指定证书文件

[root@foundation3 docker]# docker run  -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry
d2096c185ff10752189fe303fe1f901bae24cf695494d21cb016e0b91571471e

查看443端口是否建立


上传镜像文件到私有仓库

[root@foundation3 docker]# docker push  westos.org/rhel7
The push refers to a repository [westos.org/rhel7]
08d25fa0442e: Pushed 
a8c4aeeaa045: Pushed 
cdb3f9544e4c: Pushed 
latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948

将证书信息发送到其他主机，拉取测试

[root@foundation3 docker]# docker rmi westos.org/rhel7
###删除镜像
[root@foundation3 docker]# docker pull westos.org/rhel7
拉取镜像

给私有仓库加入用户名和密码

[root@foundation3 docker]# docker ps  
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                            NAMES
85a4cc1c8cdd        nginx               "nginx -g 'daemon ..."   7 minutes ago       Up 6 minutes        80/tcp                           vm1
d2096c185ff1        registry            "/entrypoint.sh /e..."   15 hours ago        Up 54 minutes       0.0.0.0:443->443/tcp, 5000/tcp   registry
[root@foundation3 docker]# docker rm -f `docker ps -aq`
###删除之前的容器
85a4cc1c8cdd
d2096c185ff1
[root@foundation3 docker]# docker ps   ##查看
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

建立auth目录生成用户名和密码

###先cd /tmp/docker/
[root@foundation3 docker]# mkdir auth  ###建立目录
[root@foundation3 docker]# cd auth/
[root@foundation3 auth]# ls
[root@foundation3 auth]# cd ..
[root@foundation3 docker]# ls
auth  certs  Dockerfile  dvd.repo  ssh  supervisord.conf  test  web
[root@foundation3 docker]# docker run --entrypoint htpasswd registry -Bbn xbw westos > auth/htpasswd
###生成用户名和密码
[root@foundation3 docker]# cat auth/htpasswd 
xbw:$2y$05$cYJeBAi0/uI.kQLfIFOPMuU12RIEpDRn3uxWWJErx6ooSyFmj9XN6

[root@foundation3 docker]# docker run --entrypoint htpasswd registry -Bbn lala redhat >> auth/htpasswd
###再次添加用户时,记住用追加
[root@foundation3 docker]# cat auth/htpasswd 
xbw:$2y$05$cYJeBAi0/uI.kQLfIFOPMuU12RIEpDRn3uxWWJErx6ooSyFmj9XN6
lala:$2y$05$umBe8/fdCmB26kRyhEVVQOpDFZQbA4a.hNmfc3qN.xK4gB9Mvf7zm

启动registry容器

[root@foundation3 docker]# docker run  -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -p 443:443 registry

[root@foundation3 docker]# docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                            NAMES
a8adb1859409        registry            "/entrypoint.sh /e..."   5 seconds ago       Up 4 seconds        0.0.0.0:443->443/tcp, 5000/tcp   registry

上传镜像到仓库，失败，需要登陆

[root@foundation3 docker]# docker push westos.org/rhel7
The push refers to a repository [westos.org/rhel7]
08d25fa0442e: Preparing 
a8c4aeeaa045: Preparing 
cdb3f9544e4c: Preparing 
no basic auth credentials

输入用户名和密码登陆后上传镜像成功

[root@foundation3 docker]# docker login -u xbw -p westos westos.org
Login Succeeded
[root@foundation3 docker]# ping westos.org
PING westos.org (172.25.3.250) 56(84) bytes of data.
64 bytes from westos.org (172.25.3.250): icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from westos.org (172.25.3.250): icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from westos.org (172.25.3.250): icmp_seq=3 ttl=64 time=0.089 ms
^C
--- westos.org ping statistics ---
[root@foundation3 .docker]# docker push westos.org/rhel7
The push refers to a repository [westos.org/rhel7]
08d25fa0442e: Pushed 
a8c4aeeaa045: Pushed 
cdb3f9544e4c: Pushed 
latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948

登录一次之后,数据会被建立在root下的.docker文件中