環(huán)境準(zhǔn)備

系統(tǒng)：

cat /etc/RedHat-release

CentOS Linux release 7.4.1708 (Core)

主機(jī)兩臺(tái)，分別是docker私有庫(kù)服務(wù)器（IP 192.168.121.121）和用戶開(kāi)發(fā)機(jī)（IP 192.168.121.122），開(kāi)發(fā)機(jī)從私有庫(kù)服務(wù)器拉取鏡像。

——————————————————————————–

1、配置軟件源并安裝安裝docker

兩臺(tái)主機(jī)安裝docker

yum install docker-ce

2、搭建私有鏡像倉(cāng)庫(kù)

登陸私有庫(kù)服務(wù)器

創(chuàng)建docker管理賬戶并設(shè)置密碼

useradd dkuser

passwd dkuser

把賬戶加入docker組，這一步是為了可以使用普通賬戶管理docker，而不用使用sudo命令

usermod -G docker dkuser

為賬戶配置sudo權(quán)限

visudo

添加下面一行

dkuser ALL=(ALL) NOPASSWD:ALL

切換賬戶

su dkuser

啟動(dòng)docker服務(wù)

sudo systemctl start docker

可以通過(guò)官方提供的registry鏡像來(lái)搭建本地的私有倉(cāng)庫(kù)，所以拉取官方鏡像

docker pull registry

創(chuàng)建存放鏡像和docker配置文件的目錄

sudo mkdir /data/docker

創(chuàng)建配置文件，storage配置中的delete=true配置項(xiàng)，是為了允許刪除鏡像。默認(rèn)的鏡像是沒(méi)有這個(gè)參數(shù)

sudo vi /data/docker/config.yml

version: 0.1

log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3

運(yùn)行registry容器

docker run -d -p 5000:5000 -v /data/docker/registry:/var/lib/registry -v /data/docker/config.yml:/etc/docker/registry/config.yml –restart always –name registry registry

說(shuō)明：
-d -p 5000:5000 端口映射
-v /data/docker/registry:/var/lib/registry 默認(rèn)情況下，會(huì)將倉(cāng)庫(kù)存放于容器內(nèi)的/var/lib/registry目錄下，指定本地目錄掛載到容器
–restart always 在容器退出時(shí)總是重啟容器,主要應(yīng)用在生產(chǎn)環(huán)境
–name registry 指定容器的名稱

查看容器

docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
071105c54db3 registry “/entrypoint.sh /etc…” 3 minutes ago Up About a minute 0.0.0.0:5000->5000/tcp registry

3、把本地鏡像上傳到私有倉(cāng)庫(kù)
在私有庫(kù)服務(wù)器上

這里以busybox鏡像為例，因?yàn)楸容^小

首先把鏡像下載到本地

docker pull busybox

為鏡像打標(biāo)簽

docker tag busybox 192.168.121.121:5000/busybox

查看鏡像

docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.121.121:5000/busybox latest db8ee88ad75f 7 hours ago 1.22MB
busybox latest db8ee88ad75f 7 hours ago 1.22MB

編輯配置文件，添加配置是為了能夠在本地上傳鏡像。

sudo vi /usr/lib/systemd/system/docker.service

在 ExecStart=/usr/bin/dockerd 后邊添加

–insecure-registry 192.168.121.121:5000

重啟docker服務(wù)

sudo systemctl daemon-reload
sudo systemctl restart docker

推送鏡像到私有庫(kù)

docker push 192.168.121.121:5000/busybox
The push refers to repository [192.168.121.121:5000/busybox]
0d315111b484: Pushed
latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527

報(bào)錯(cuò)解決：

docker push 192.168.121.121:5000/busybox
The push refers to repository [192.168.121.121:5000/busybox]
Get https://192.168.121.121:5000/v2/: http: server gave HTTP response to HTTPS client

因?yàn)镈ocker從1.3.X之后，與docker registry交互默認(rèn)使用的是https，然而此處搭建的私有倉(cāng)庫(kù)只提供http服務(wù)，所以當(dāng)與私有倉(cāng)庫(kù)交互時(shí)就會(huì)報(bào)上面的錯(cuò)誤。為了解決這個(gè)問(wèn)題需要在啟動(dòng)docker server時(shí)增加啟動(dòng)參數(shù)為默認(rèn)使用http訪問(wèn)

sudo vi /usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd 后邊添加

–insecure-registry 192.168.121.121:5000

4、開(kāi)發(fā)機(jī)從私有庫(kù)載入鏡像

同樣的也需要添加配置

vi /usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd 后邊添加

–insecure-registry 192.168.121.121:5000

啟動(dòng)docker服務(wù)

systemctl start docker

從私有庫(kù)載入鏡像

docker pull 192.168.121.121:5000/busybox
Using default tag: latest
latest: Pulling from busybox
ee153a04d683: Pull complete
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Downloaded newer image for 192.168.121.121:5000/busybox:latest

查看鏡像

docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.121.121:5000/busybox latest db8ee88ad75f 7 hours ago 1.22MB

5、刪除鏡像
在私有庫(kù)服務(wù)器上

相應(yīng)的參考命令:
#查詢鏡像
curl <倉(cāng)庫(kù)地址>/v2/_catalog

#查詢鏡像tag(版本)
curl <倉(cāng)庫(kù)地址>/v2/<鏡像名>/tags/list

#查詢鏡像digest_hash
curl –header “Accept:application/vnd.docker.distribution.manifest.v2+json” -I -XGET <倉(cāng)庫(kù)地址>/v2/<鏡像名>/manifests/<tag>

#刪除鏡像API
curl -I -X DELETE “<倉(cāng)庫(kù)地址>/v2/<鏡像名>/manifests/<鏡像digest_hash>”

在服務(wù)器執(zhí)行下面命令
查詢鏡像

curl -XGET http://192.168.121.121:5000/v2/_catalog
{“repositories”:[“busybox”]}

查詢鏡像tag

curl http://192.168.121.121:5000/v2/busybox/tags/list
{“name”:”busybox”,”tags”:[“latest”]}

查詢鏡像digest_hash，刪除命令里邊要填寫的 鏡像digest_hash 就是 查詢結(jié)果里邊 Docker-Content-Digest: 后邊的內(nèi)容

curl –header “Accept:application/vnd.docker.distribution.manifest.v2+json” -I -XGET http://192.168.121.121:5000/v2/busybox/manifests/latest
HTTP/1.1 200 OK
Content-Length: 527
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Docker-Distribution-Api-Version: registry/2.0
Etag: “sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649”
X-Content-Type-Options: nosniff
Date: Fri, 19 Jul 2019 06:09:44 GMT

刪除私有庫(kù)鏡像

curl -I -XDELETE http://192.168.121.121:5000/v2/busybox/manifests/sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
HTTP/1.1 202 Accepted
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Fri, 19 Jul 2019 06:10:56 GMT
Content-Length: 0

查看鏡像信息可以看到鏡像的標(biāo)簽顯示為空 null

curl http://192.168.121.121:5000/v2/busybox/tags/list
{“name”:”busybox”,”tags”:null}

 這里雖然刪除了，但是實(shí)際上硬盤地址還沒(méi)有釋放，是因?yàn)閐ocker刪除p_w_picpath只是刪除的p_w_picpath的元數(shù)據(jù)信息。層數(shù)據(jù)并沒(méi)有刪除?，F(xiàn)在進(jìn)入registry中進(jìn)行垃圾回收。

進(jìn)入registry容器

docker exec -it 071105c54db3 /bin/sh
/ # cd /var/lib/registry/

查看鏡像大小

/var/lib/registry # du -sch
756.0K .
756.0K total

執(zhí)行回收命令

/var/lib/registry # registry garbage-collect /etc/docker/registry/config.yml
busybox

0 blobs marked, 3 blobs and 0 manifests eligible for deletion
blob eligible for deletion: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/89/895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 go.version=go1.11.2 instance.id=7c37e39d-6ad1-4139-b9d1-592a900b0902 service=registry
blob eligible for deletion: sha256:db8ee88ad75f6bdc74663f4992a185e2722fa29573abcc1a19186cc5ec09dceb
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/db/db8ee88ad75f6bdc74663f4992a185e2722fa29573abcc1a19186cc5ec09dceb go.version=go1.11.2 instance.id=7c37e39d-6ad1-4139-b9d1-592a900b0902 service=registry
blob eligible for deletion: sha256:ee153a04d6837058642958836062f20badf39f558be3e6c7c7773ef7d8301d90
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/ee/ee153a04d6837058642958836062f20badf39f558be3e6c7c7773ef7d8301d90 go.version=go1.11.2 instance.id=7c37e39d-6ad1-4139-b9d1-592a900b0902 service=registry

再次查詢，發(fā)現(xiàn)回收資源執(zhí)行成功

/var/lib/registry # du -sch
0 .
0 total