Docker私有仓库搭建及镜像删除
在我们平时使用docker创建我们自己的镜像时,有些人/公司的镜像不想上传到公共的hub上去,这时搭建一个私有仓库就很有必要了,内部人员使用私有仓库也很方便
VV把踩到的私有仓库删除镜像的坑总结了一下,于是,今天给大家带来这篇文章:Docker私有仓库搭建及镜像删除,希望能够帮助大家
创建私有仓库
1.下载registry镜像
[root@uat-app01 ~]# docker pull registry
查看image
[root@uat-app01 docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/registry latest 177391bcf802 3 weeks ago 33.26 MB
下载完后,执行如下命令,启动registry容器
docker run -d -p 5000:5000 --privileged=true -v /opt/registry:/var/lib/registry -v /opt/registry/config.yml:/etc/docker/registry/config.yml --name registry registry
注意:/opt/registry目录不存在需要提前创建
参数说明:
-d 守住状态后台运行
-p 端口映射,端口号可自定义
-v 挂载本地目录 /opt/registry:/var/lib/registry
默认情况下,会将仓库存放于容器内的/var/lib/registry目录下,指定本地目录挂载到容器
–privileged=true
CentOS7中的安全模块selinux把权限禁掉了,参数给容器加特权,不加上传镜像会报权限错误
(OSError: [Errno 13] Permission denied: ‘/tmp/registry/repositories/liibrary’)或者(Received unexpected HTTP status: 500 Internal Server Error)错误
-v 挂载本地配置文件 /opt/registry/config.yml:/etc/docker/registry/config.yml 这个配置文件在删除私有仓库时需要使用,文章后面会提到
该配置文件内容如下:
[root@uat-app01 registry]# cat /opt/registry/config.yml version: 0.1 log: fields: service: registry storage: delete: enabled: true cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] health: storagedriver: enabled: true interval: 10s threshold: 3
–name指定容器名
下面要在客户端向私有仓库上传镜像,VV这里使用的是hello-world的镜像
修改/etc/sysconfig/docker配置文件
添加如下内容,如果不添加push的时候会报错,https证书问题
OPTIONS=’–insecure-registry 192.168.1.40:5000’(IP地址及端口,可根据实际情况填写)
修改配置文件后,重启docker
[root@uat-app01 opt]# service docker restart Redirecting to /bin/systemctl restart docker.service
修改docker tag,将原有的hello-world修改
[root@uat-app01 registry]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/hello-world latest f2a91732366c 5 weeks ago 1.848 kB
[root@uat-app01 registry]# docker tag docker.io/hello-world 192.168.1.40:5000/hello [root@uat-app01 registry]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/registry latest 177391bcf802 3 weeks ago 33.26 MB 192.168.1.40:5000/hello latest f2a91732366c 5 weeks ago 1.848 kB docker.io/hello-world latest f2a91732366c 5 weeks ago 1.848 kB
上传镜像:
[root@uat-app01 registry]# docker push 192.168.1.40:5000/hello The push refers to a repository [192.168.1.40:5000/hello] Put http://192.168.1.40:5000/v1/repositories/hello/: dial tcp 192.168.1.40:5000: getsockopt: connection refused
push的时候发生异常,连接被拒绝
原因:docker重启后registry容器没有运行
于是,重启registry容器
[root@uat-app01 opt]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@uat-app01 opt]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES bdd399396473 registry "/entrypoint.sh /etc/" 36 minutes ago Exited (2) 1 minutes ago 0.0.0.0:5000->5000/tcp registry
重启退出的registry容器
[root@uat-app01 opt]# docker start registry
再次上传镜像到私有仓库
[root@uat-app01 registry]# docker push 192.168.1.40:5000/hello The push refers to a repository [192.168.1.40:5000/hello] f999ae22f308: Pushed latest: digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b size: 524
镜像上传成功
查看上传的镜像
[root@uat-app01 registry]# curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X \ HEAD http://192.168.1.40:5000/v2/hello/manifests/latest HTTP/1.1 200 OK Content-Length: 524 Content-Type: application/vnd.docker.distribution.manifest.v2+json Docker-Content-Digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b Docker-Distribution-Api-Version: registry/2.0 Etag: "sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b" X-Content-Type-Options: nosniff Date: Tue, 26 Dec 2017 07:57:45 GMT
使用其它客户端进行pull镜像
注意:
使用其它客户端下载镜像时,也需要修改etc/sysconfig/docker配置文件
添加如下内容
OPTIONS=’–insecure-registry 192.168.1.40:5000′(IP地址及端口,可根据实际情况填写)
修改后,重启docker服务
pull刚刚上传的hello镜像,pull成功,说明私有仓库配置完成。
[root@uat-ucs02 ~]# docker pull 192.168.1.40:5000/hello Using default tag: latest Trying to pull repository 192.168.1.40:5000/hello ... latest: Pulling from 192.168.1.40:5000/hello Digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b
下面就要说一下私有仓库镜像删除的问题
起初,安装私有仓库的时候,并没有思考到删除镜像的问题,当想要删除上传的镜像时,镜像删不掉,很麻烦,就得重新弄私有仓库
Docker仓库在2.1版本中支持了删除镜像的API,但这个删除操作只会删除镜像元数据,不会删除层数据。在2.4版本中对这一问题进行了解决,增加了一个垃圾回收命令,删除未被引用的层数据
先来查看刚才成功上传的hello镜像信息,可以查得到
[root@uat-app01 registry]# curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X \ HEAD http://192.168.1.40:5000/v2/hello/manifests/latest HTTP/1.1 200 OK Content-Length: 524 Content-Type: application/vnd.docker.distribution.manifest.v2+json Docker-Content-Digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b Docker-Distribution-Api-Version: registry/2.0 Etag: "sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b" X-Content-Type-Options: nosniff Date: Tue, 26 Dec 2017 07:57:45 GMT [root@uat-ucs02 ~]# docker pull 192.168.1.40:5000/hello Using default tag: latest Trying to pull repository 192.168.1.40:5000/hello ... latest: Pulling from 192.168.1.40:5000/hello Digest: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b
下面我们要删除该镜像:
删除镜像的API如下:
DELETE /v2/<name>/manifests/<reference>
name:镜像名称
reference: 镜像对应sha256值
示例:运行后,发现Accepted接收请求,说明删除成功
[root@uat-app01 registry]# curl -v -X DELETE http://192.168.1.40:5000/v2/hello/manifests/sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b * About to connect() to 192.168.1.40 port 5000 (#0) * Trying 192.168.1.40... * Connected to 192.168.1.40 (192.168.1.40) port 5000 (#0) > DELETE /v2/hello/manifests/sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b HTTP/1.1 > User-Agent: curl/7.29.0 > Host: 192.168.1.40:5000 > Accept: */* > < HTTP/1.1 202 Accepted < Docker-Distribution-Api-Version: registry/2.0 < X-Content-Type-Options: nosniff < Date: Tue, 26 Dec 2017 07:58:56 GMT < Content-Length: 0 < Content-Type: text/plain; charset=utf-8 < * Connection #0 to host 192.168.1.40 left intact
再去查该镜像时,提示not found
[root@uat-app01 registry]# docker pull 192.168.1.40:5000/hello Using default tag: latest Trying to pull repository 192.168.1.40:5000/hello ... Pulling repository 192.168.1.40:5000/hello Error: image hello:latest not found
但这只是删除了元数据,镜像数据并没有删除
如果镜像过大,占用磁盘空间过多,遗留的镜像数据,会继续占用系统资源,于是要将垃圾数据删除
进入到registry容器中
[root@uat-app01 registry]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES bdd399396473 registry "/entrypoint.sh /etc/" 8 minutes ago Up 8 minutes 0.0.0.0:5000->5000/tcp registr
进入容器后,查看/var/lib/registry目录大小
默认情况下,会将仓库存放于容器内的/var/lib/registry目录下
[root@uat-app01 registry]# docker exec -it registry sh /var/lib # du -sh registry/ 24.0K registry/
执行容器垃圾回收命令,这里使用的配置文件为开启容器时挂载到容器中/etc/docker/registry目录下的config.yml文件
/var/lib # registry garbage-collect /etc/docker/registry/config.yml hello 0 blobs marked, 3 blobs eligible for deletion blob eligible for deletion: sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/80/8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b go.version=go1.7.6 instance.id=50ad6bf8-36ea-4eba-adf6-b78fc369c560 blob eligible for deletion: sha256:ca4f61b1923c10e9eb81228bd46bee1dfba02b9c7dac1844527a734752688ede INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/ca/ca4f61b1923c10e9eb81228bd46bee1dfba02b9c7dac1844527a734752688ede go.version=go1.7.6 instance.id=50ad6bf8-36ea-4eba-adf6-b78fc369c560 blob eligible for deletion: sha256:f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7 INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/f2/f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7 go.version=go1.7.6 instance.id=50ad6bf8-36ea-4eba-adf6-b78fc369c560
再次查看该目录,发现文件夹变小,说明镜像数据已删除
/var/lib # du -sh registry/ 12.0K registry/
镜像数据删除成功
好了,我们下篇文章见
关注下方二维码,关注我的微信公众号,有更多大数据文章哦~
还可以领取大数据学习资料和软件包哦~
快快关注吧~
