安装Docker官方Registry实现镜像分发-CFANZ编程社区

1、Docker Registry介绍

Docker Registry作为Docker的核心组件之一负责镜像内容的存储与分发，客户端的docker pull以及docker push命令都将直接与Registry进行交互，最初的版本是由Python实现的，由于设计初期在安全性、性能以及API的设计是有着很多缺陷的，后面在0.9版本后就停止开发了，后面也把项目名改成distribution来重新设计开发出新的registry，后面新的项目是由Go语言开发的，所有的API，底层存储方式，系统架构都进行了全方面的重新设计也解决了上一代registry中存在的一些问题；2016年的4月份registry2.0就正式发布，docker的1.6版本也开始支持registry2.0，后面陆陆续续开发了一些版本，到registry2.4之后就支持回收站的机制，也就是可以删除镜像了，在2.4版本之前是没办法删除镜像的，之所以要使用的话就使用的版本高于2.4版本，现在最新的是2.8.1了。

2、部署Docker Registry

2.1、下载docker registry镜像

查看registry历史版本地址：https://hub.docker.com/_/registry?tab=tags

root@node1:~# docker pull registry:2.6.2
2.6.2: Pulling from library/registry
486039affc0a: Pull complete 
ba51a3b098e6: Pull complete 
470e22cd431a: Pull complete 
1048a0cdabb0: Pull complete 
ca5aa9d06321: Pull complete 
Digest: sha256:c4bdca23bab136d5b9ce7c06895ba54892ae6db0ebfc3a2f1ac413a470b17e47
Status: Downloaded newer image for registry:2.6.2
docker.io/library/registry:2.6.2
root@node1:~# docker images
REPOSITORY                                   TAG                 IMAGE ID            CREATED             SIZE
harbor.stars.org/zg-test/nginx-1.18.0-base   v1                  30a83f4f2a50        2 hours ago         464MB
harbor.stars.org/zg-test/ubuntu-base         v1                  ff7be0679685        3 hours ago         426MB
nginx                                        latest              670dcc86b69d        10 days ago         142MB
alpine                                       latest              d7d3d98c851f        11 days ago         5.53MB
ubuntu                                       18.04               ad080923604a        7 weeks ago         63.1MB
centos                                       7.9.2009            eeb6ee3f44bd        10 months ago       204MB
registry                                     2.6.2               10b45af23ff3        2 years ago         28.5MB

2.2、准备登陆认证

2.2.1、创建授权目录

创建一个授权使用的目录是用来管理认证文件的

root@node1:~# mkdir -p /data/docker/auth

2.2.2、创建授权的用户和密码

在创建授权用户和密码时，需要用到htpasswd命令，系统没有安装这个命令的话是需要安装一下的，ubuntu系统安装apache2-utils包，CentOS和Rocky系统的话安装httpd-tools包即可。

root@node1:~# apt -y install apache2-utils

#创建用户并验证
root@node1:~# cd /data/docker/auth/
root@node1:/data/docker/auth# docker run --entrypoint htpasswd registry:2.6.2 -Bbn stars test1234 > htpasswd
root@node1:/data/docker/auth# cat htpasswd
stars:$2y$05$./j/lHyRwnPQ8qCMj9.jNu7FOkAgPvxOhvYUEnvayZDsARaocIK4e

2.3、启动Docker registry

root@node1:~# docker run -d -p 5000:5000 --restart=always --name zg-registry -v /data/docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2.6.2
0a0c720e4f96b192bbdb7b9f1bbbb5f05f1f5e41c7baa73174410a31489aaab9

刚刚启动容器的参数介绍一下：
--restart=always这个表示容器可以跟随宿主机的重启而重启
-v这个表示将宿主机上的目录或者文件挂载到容器中使用
-e这个表示使用的环境变量，指定用户认证的信息在哪

2.4、测试registry仓库

2.4.1、登陆测试

直接登陆的话会报错，因为docker registry默认走的是https协议，要想在私有仓库中能成功登录仓库，需要在各个登陆仓库的服务上配置一下/etc/docker/daemon.json文件或者配置一下docker的service文件都可以，指定一下insecure-registry信任仓库。
root@node1:~# docker login 10.0.0.100:5000
Username: stars
Password: 
Error response from daemon: Get https://10.0.0.100:5000/v2/: http: server gave HTTP response to HTTPS client
root@node1:~# cat /etc/docker/daemon.json 
{                                                                                                                                                                                                               
  "registry-mirrors": ["https://c51gf9he.mirror.aliyuncs.com"],
  "insecure-registries": ["10.0.0.100:5000"]
}
配置完重启一下docker服务
root@node1:~# systemctl daemon-reload 
root@node1:~# systemctl restart docker

在此登陆测试就可以登陆了
root@node1:~# docker login 10.0.0.100:5000
Username: stars
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

2.4.2、node1节点上传镜像

root@node1:~# docker tag nginx:latest 10.0.0.100:5000/zg-test/nginx-latest:v1
root@node1:~# docker images
REPOSITORY                                   TAG                 IMAGE ID            CREATED             SIZE
harbor.stars.org/zg-test/nginx-1.18.0-base   v1                  30a83f4f2a50        3 hours ago         464MB
harbor.stars.org/zg-test/ubuntu-base         v1                  ff7be0679685        4 hours ago         426MB
10.0.0.100:5000/zg-test/nginx-latest         v1                  670dcc86b69d        10 days ago         142MB
nginx                                        latest              670dcc86b69d        10 days ago         142MB
alpine                                       latest              d7d3d98c851f        11 days ago         5.53MB
ubuntu                                       18.04               ad080923604a        7 weeks ago         63.1MB
centos                                       7.9.2009            eeb6ee3f44bd        10 months ago       204MB
registry                                     2.6.2               10b45af23ff3        2 years ago         28.5MB
root@node1:~# docker push 10.0.0.100:5000/zg-test/nginx-latest:v1 
The push refers to repository [10.0.0.100:5000/zg-test/nginx-latest]
abc66ad258e9: Pushed 
243243243ee2: Pushed 
f931b78377da: Pushed 
d7783033d823: Pushed 
4553dc754574: Pushed 
43b3c4e3001c: Pushed 
v1: digest: sha256:186c79dc14ab93e43d315143ee4b0774506dc4fd952388c20e35d3d37058ab8d size: 1570

2.4.3、node2节点设置信任仓库

root@node2:~# vim /lib/systemd/system/docker.service
root@node2:~# grep -Ev "^$|^#" /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=10.0.0.100:5000
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
root@node2:~# systemctl daemon-reload 
root@node2:~# systemctl restart docker

2.4.4、登陆私有仓库并下载node1节点上传的镜像

root@node2:~# docker login 10.0.0.100:5000
Username: stars
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
root@node2:~# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
root@node2:~# docker pull 10.0.0.100:5000/zg-test/nginx-latest:v1
v1: Pulling from zg-test/nginx-latest
461246efe0a7: Pull complete 
060bfa6be22e: Pull complete 
b34d5ba6fa9e: Pull complete 
8128ac56c745: Pull complete 
44d36245a8c9: Pull complete 
ebcc2cc821e6: Pull complete 
Digest: sha256:186c79dc14ab93e43d315143ee4b0774506dc4fd952388c20e35d3d37058ab8d
Status: Downloaded newer image for 10.0.0.100:5000/zg-test/nginx-latest:v1
10.0.0.100:5000/zg-test/nginx-latest:v1
root@node2:~# docker images
REPOSITORY                             TAG                 IMAGE ID            CREATED             SIZE
10.0.0.100:5000/zg-test/nginx-latest   v1                  670dcc86b69d        10 days ago         142MB
root@node2:~# docker run -d -p 9988:80 --name test100-nginx 10.0.0.100:5000/zg-test/nginx-latest:v1 
2ddfef9a273e26a596e8113f2ca080e40f2700d5b6b9dab879e58531121ddec9
root@node2:~# lsof -i:9988
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 16128 root    4u  IPv6  60700      0t0  TCP *:9988 (LISTEN)