How Dcoker Builds Private registry Mirror Warehouse

Keywords: Docker Nginx CentOS vim

How Docker builds a private mirror warehouse, how to access it, and how to delete the private mirror warehouse image

Machine Planning

Server name (hostname) Operating System Version Intranet IP External Network IP (Analog) Install software
docker01 CentOS7.7 172.16.1.31 10.0.0.31 docker
docker02 CentOS7.7 172.16.1.32 10.0.0.32 docker

Note: There are registry and docker-registry-web mirrors on docker01 machine, and private mirror warehouse and web page access are built.

Access warehouse

Repository is the place where mirrors are centrally stored.

One easily confused concept is the Registry.In fact, the registration server is the specific server that manages the warehouse, and there can be multiple warehouses on each server, with multiple mirrors underneath each warehouse.In this respect, a warehouse can be thought of as a specific project or catalog.For example, for warehouse addressesDocker.io/ubuntuFor example,Docker.ioIs the registered server address, and ubuntu is the warehouse name.

Most of the time, there is no need to strictly differentiate the two concepts.

Private warehouse building

Sometimes it may be inconvenient to use a public warehouse such as Docker Hub, where users can create a local warehouse for private use.

This article describes how to use a local warehouse.

Doker-registry is an official tool for building a private mirror warehouse.

Get Mirror

Description: Regisry Mirror SelectionRegistry:2andRegistry:2.4.1Fine.

Pull Private Mirror Warehouse

docker pull registry:2.4.1  # Of course docker pullRegistry:2It's fine too
# Or take it as follows and rename it via docker tag
docker pull registry.cn-beijing.aliyuncs.com/google_registry/registry:2.4.1

Used for web pages to view mirrors in repositories

docker pull hyper/docker-registry-web
# Or take it as follows and rename it via docker tag
docker pull registry.cn-beijing.aliyuncs.com/google_registry/docker-registry-web:latest

Mirror information to get

[root@docker01 ~]# docker images 
REPOSITORY                  TAG      IMAGE ID       CREATED       SIZE
hyper/docker-registry-web   latest   0db5683824d8   3 years ago   599MB
registry                    2.4.1    8ff6a4aae657   3 years ago   172MB

Container operation

Put the uploaded image in the local/opt/data/registry directory

mkdir -p /opt/data/registry

Start Private Warehouse

docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry --name registry registry:2.4.1

Or start for the purpose of removing mirrors from the repository

docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry  -v /data/config.yml:/etc/docker/registry/config.yml --name registry registry:2.4.1

/data/Config.ymlWhat is this?Let's delete the warehouse image below

One thing to note here is that when you start a repository, you need to add delete=true to the storage configuration in the configuration file to allow the removal of mirrors.The default image does not have this parameter

$ cat config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

Launch web page to view warehouse image container

docker run -d -p 8080:8080 --name registry-web --link registry \
  -e REGISTRY_URL=http://172.16.1.31:5000/v2 \
  -e REGISTRY_TRUST_ANY_SSL=true \
  -e REGISTRY_BASIC_AUTH="YWRtaW46YWRtaW4=" \
  -e REGISTRY_NAME=10.0.0.31:5000 \
  hyper/docker-registry-web

View docker run container

[root@docker01 ~]# docker ps 
CONTAINER ID   IMAGE                       COMMAND                  CREATED       STATUS       PORTS                    NAMES
2575cca9eace   hyper/docker-registry-web   "start.sh"               2 hours ago   Up 2 hours   0.0.0.0:8080->8080/tcp   registry-web
9e4530dd82df   registry:2.4.1              "/entrypoint.sh /etc..."  3 hours ago   Up 2 hours   0.0.0.0:5000->5000/tcp   registry

Implement http access to private repositories

Docker does not allow non-HTTPS push mirrors by default.We can remove this restriction by using the Docker configuration option.

If the direct [upload] or [pull] image fails, as it defaults to https mode, you will be prompted with the following information:

[root@docker02 ~]# docker push 172.16.1.31:5000/zhang/nginx:1.17   # Failed to push mirror
The push refers to repository [172.16.1.31:5000/zhang/nginx]
Get https://172.16.1.31:5000/v2/: http: server gave HTTP response to HTTPS client
[root@docker02 ~]# docker pull 172.16.1.31:5000/zhang/flannel:v0.12.0-amd64    # Failed to pull mirror
Error response from daemon: Get https://172.16.1.31:5000/v2/: http: server gave HTTP response to HTTPS client

Implement http upload method one

Add the following configuration, if the file does not exist then add it on both docker01 and docker02 machines, as both machines may push or pull mirrors to the repository.

[root@docker02 ~]# vim /etc/docker/daemon.json
{
  "insecure-registries": ["172.16.1.31:5000"]
}

Description: The file must conform to the json specification, or Docker will not start.

Restart the docker service and push a mirror to the mirror Center

[root@docker02 ~]# systemctl restart docker.service  
[root@docker02 ~]# docker images 
REPOSITORY                TAG     IMAGE ID        CREATED       SIZE
172.16.1.31:5000/zhang/nginx    1.17    ed21b7a8aee9    2 weeks ago   127MB
# Push Mirror to Mirror Warehouse [Note Mirror Name]
[root@docker02 ~]# docker push 172.16.1.31:5000/zhang/nginx:1.17
The push refers to repository [172.16.1.31:5000/zhang/nginx]
d37eecb5b769: Layer already exists 
99134ec7f247: Layer already exists 
c3a984abe8a8: Layer already exists 
1.17: digest: sha256:7ac7819e1523911399b798309025935a9968b277d86d50e5255465d6592c0266 size: 948

Visible push success.

Implement http upload mode two

Increase startup parameters when starting docker server to use http access by default.Both docker01 and docker02 machines will be added, as both machines may push or pull mirrors to the warehouse.Modify docker startup profile:

[root@docker02 ~]# vim  /usr/lib/systemd/system/docker.service

Find ExecStart and append information at the end of the line as follows:

ExecStart=/usr/bin/dockerd --insecure-registry 172.16.1.31:5000

Restart the docker service and push a mirror to the mirror Center

[root@docker02 ~]# systemctl daemon-reload
[root@docker02 ~]# systemctl restart docker
[root@docker02 ~]# docker images 
REPOSITORY                TAG       IMAGE ID       CREATED       SIZE
172.16.1.31:5000/zhang/centos   7.7.1908  08d05d1d5859   5 months ago  204MB
# Push Mirror to Mirror Warehouse [Note Mirror Name]
[root@docker02 ~]# docker push 172.16.1.31:5000/zhang/centos:7.7.1908
The push refers to repository [172.16.1.31:5000/zhang/centos]
034f282942cd: Pushed 
7.7.1908: digest: sha256:8f2c78ca3141051eef77fb083066222abf20330a2345c970a5a61427aeb2dc7b size: 529

Visible push success.

registry-web browser access

http://10.0.0.31:8080/

Registry Delete Mirrors, Garbage Collection

Upload Mirror

[root@docker02 ~]# docker push 172.16.1.31:5000/zhang/nginx:1.17
The push refers to repository [172.16.1.31:5000/zhang/nginx]
d37eecb5b769: Layer already exists 
99134ec7f247: Layer already exists 
c3a984abe8a8: Layer already exists 
1.17: digest: sha256:7ac7819e1523911399b798309025935a9968b277d86d50e5255465d6592c0266 size: 948

Description: The mirrored sha256 information can be obtained in the above way.

View data size, enter warehouse container, view size with du command
[root@docker01 ~]# docker exec -it registry sh  # Enter Container
# du -sh /var/lib/registry/    # Already inside the container
138M	/var/lib/registry/

delete mirror

The API s for deleting mirrors are as follows:

DELETE /v2/<name>/manifests/<reference>

Name:Mirror name

reference:mirror corresponds to sha256 value

Send a request to delete the image you just uploaded
[root@docker02 ~]# curl -I -X DELETE http://172.16.1.31:5000/v2/zhang/nginx/manifests/sha256:7ac7819e1523911399b798309025935a9968b277d86d50e5255465d6592c0266
HTTP/1.1 202 Accepted
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Tue, 21 Apr 2020 05:11:14 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8

View Mirror

http://10.0.0.31:8080/

You can see that the mirror index has been deleted

View data size

[root@docker01 ~]# docker exec -it registry sh
# du -sh /var/lib/registry/
138M	/var/lib/registry/

You can see that the size of the data has not changed (only the metadata has been deleted)

Garbage collection

Conduct container execution garbage collection command

# registry garbage-collect /etc/docker/registry/config.yml 
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/74/74cda408e262b296a56beb25c60ce2cf938a3a2fa6a1a1ddc862e67ac1135c9f  go.version=go1.6.2 instance.id=a4ea7e2a-71a1-4607-b313-274d0f725589
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/7a/7ac7819e1523911399b798309025935a9968b277d86d50e5255465d6592c0266  go.version=go1.6.2 instance.id=a4ea7e2a-71a1-4607-b313-274d0f725589
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/c4/c499e6d256d6d4a546f1c141e04b5b4951983ba7581e39deaf5cc595289ee70f  go.version=go1.6.2 instance.id=a4ea7e2a-71a1-4607-b313-274d0f725589
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/ed/ed21b7a8aee9cc677df6d7f38a641fa0e3c05f65592c592c9f28c42b3dd89291  go.version=go1.6.2 instance.id=a4ea7e2a-71a1-4607-b313-274d0f725589
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/ff/ffadbd415ab7081b4d3fac4adf708f1bc2ed5d0b65d85c947342a5fa46257486  go.version=go1.6.2 instance.id=a4ea7e2a-71a1-4607-b313-274d0f725589

View data size

# du -sh /var/lib/registry/
89M	/var/lib/registry/

You can see that the mirrored data has been deleted.

Complete!

-—END-— If you feel good, pay attention to the next chop (-^O^-)!

Posted by brob on Mon, 22 Jun 2020 09:21:52 -0700

Hot Keywords

©2024 Programmer Group