CoreOS環境下通過register映象搭建私有倉庫

Docker支援採用倉庫（本處指的是registry）來支援映象的分發和更新管理。這極大的便利了使用者。

官方提供了dockerhub網站來作為一個公開的集中倉庫。然而，本地存取dockerhub速度往往很慢，並且很多時候我們需要一個原生的私有倉庫只供網內使用。

關於如何建立和使用本地倉庫，其實已經有很多文章介紹了。但是這些文章要麼內容已經過時，要麼給出了錯誤的設定，導致無法正常建立倉庫。 本文以CoreOS系統為基礎，講解如何通過register映象建立一個本地Repo

1 使用registry啟動私有倉庫的容器
docker run -d -p 5000:5000 -v /root/my_registry:/tmp/registry registry
說明：若之前沒有安裝registry容器則會自動下載並啟動一個registry容器，建立原生的私有倉庫服務。預設情況下，會將倉庫建立在容器的/tmp/registry目錄下，可以通過 -v 引數來將映象檔案存放在原生的指定路徑上（例如，放在本地目錄/root/my_registry下）。

2 向私有倉庫push映象
啟動完register的映象後，將register映象上傳到本地倉庫上作為測試

說明：根據第一步啟動的registry容器所在宿主主機的IP和Port，push某環境的本地容器。

localhost images # docker push 10.0.0.142:5000/register
The push refers to a repository [10.0.0.142:5000/register] (len: 1)
Sending image list
Pushing repository 10.0.0.142:5000/register (1 tags)
e9e06b06e14c: Image successfully pushed
a82efea989f9: Image successfully pushed
37bea4ee0c81: Image successfully pushed
07f8e8c5e660: Image successfully pushed
1f4ab7282e19: Image successfully pushed
0e4483abe66b: Image successfully pushed
c6153b5d8f1f: Image successfully pushed
2bc4611f2ed7: Image successfully pushed
30887473610f: Image successfully pushed
3f8e22c413b1: Image successfully pushed
22b1c756fa19: Image successfully pushed
90607d8d09d1: Image successfully pushed
4f4a5acb19eb: Image successfully pushed
204704ce3137: Image successfully pushed
Pushing tag for rev [204704ce3137] on {http://10.0.0.142:5000/v1/repositories/register/tags/latest}

宿主主機my_registry的目錄結構

    localhost my_registry # ls -R
    .:
    images  repositories

    ./images:
    07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95  2bc4611f2ed7611f46c4aaee05e34b7a490671c79c41b827dc168377da95b041  90607d8d09d11e65ed8f4e4f5b20d99ecc1db1539b7c96ef28884dcebb1cbee6
    0e4483abe66bcc57ffe504a9baf65432f4931e5f91da3d5257e9990580d4beb0  30887473610f3f9354a34931cc43b8dd744d93375d6d95704d45313f843008dd  a82efea989f94b1d9fac76e26e37b0bbde11047a3afcaa47064949dfa3b3209b
    1f4ab7282e19ba4c80106bb4f6adf631c7d7ac7f48dd05bcb10b42768eb57913  37bea4ee0c816e3a3fa025f36127ef8ef0817b3f8fcd7b49eb7b26064f647bb0  c6153b5d8f1ff7de06410275d26bed8163e39cee970d052d457aef2d1658c383
    204704ce31375bcf4afecf672563b4881bbef0d59135c68d273235bb7254fb4b  3f8e22c413b1783145e785a4729c4d5f98f9baca025b74d73774ed438ac82ba2  e9e06b06e14c2f7d8df0251e3bb852c3a10a70639498163d4f180a823c18fdfc
    22b1c756fa19552df56cee7d7dc685ba2411878dbfda0950e849941af91a7f43  4f4a5acb19eb919eac7b507368e36b9a1d55b79974c20704de9b3ed32d258429

    ./images/07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95:
    _checksum  ancestry  json  layer

    ./images/0e4483abe66bcc57ffe504a9baf65432f4931e5f91da3d5257e9990580d4beb0:
    _checksum  ancestry  json  layer

    ./images/1f4ab7282e19ba4c80106bb4f6adf631c7d7ac7f48dd05bcb10b42768eb57913:
    _checksum  ancestry  json  layer

    ./images/204704ce31375bcf4afecf672563b4881bbef0d59135c68d273235bb7254fb4b:
    _checksum  ancestry  json  layer

    ./images/22b1c756fa19552df56cee7d7dc685ba2411878dbfda0950e849941af91a7f43:
    _checksum  ancestry  json  layer

    ./images/2bc4611f2ed7611f46c4aaee05e34b7a490671c79c41b827dc168377da95b041:
    _checksum  ancestry  json  layer

    ./images/30887473610f3f9354a34931cc43b8dd744d93375d6d95704d45313f843008dd:
    _checksum  ancestry  json  layer

    ./images/37bea4ee0c816e3a3fa025f36127ef8ef0817b3f8fcd7b49eb7b26064f647bb0:
    _checksum  ancestry  json  layer

    ./images/3f8e22c413b1783145e785a4729c4d5f98f9baca025b74d73774ed438ac82ba2:
    _checksum  ancestry  json  layer

    ./images/4f4a5acb19eb919eac7b507368e36b9a1d55b79974c20704de9b3ed32d258429:
    _checksum  ancestry  json  layer

    ./images/90607d8d09d11e65ed8f4e4f5b20d99ecc1db1539b7c96ef28884dcebb1cbee6:
    _checksum  ancestry  json  layer

    ./images/a82efea989f94b1d9fac76e26e37b0bbde11047a3afcaa47064949dfa3b3209b:
    _checksum  ancestry  json  layer

    ./images/c6153b5d8f1ff7de06410275d26bed8163e39cee970d052d457aef2d1658c383:
    _checksum  ancestry  json  layer

    ./images/e9e06b06e14c2f7d8df0251e3bb852c3a10a70639498163d4f180a823c18fdfc:
    _checksum  ancestry  json  layer

    ./repositories:
    library

    ./repositories/library:
    register

    ./repositories/library/register:
    _index_images  json  tag_latest  taglatest_json

關於https的問題

root@gerryyang:~# docker push 104.131.173.242:5000/Ubuntu_sshd_gcc_gerry:14.04 
FATA[0002] Error: Invalid registry endpoint https://104.131.173.242:5000/v1/: Get https://104.131.173.242:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 104.131.173.242:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/104.131.173.242:5000/ca.crt 
解決方法：

解決方案：

vi /usr/lib/systemd/system/docker.service

內容修改如下：

        [Unit] 
        Description=Docker Application Container Engine 
        Documentation=http://docs.docker.com 
        After=network.target docker.socket 
        Requires=docker.socket 
         
        [Service] 
        Type=notify 
        EnvironmentFile=-/etc/sysconfig/docker 
        EnvironmentFile=-/etc/sysconfig/docker-storage 
        ExecStart=/usr/bin/docker -d --insecure-registry 10.0.0.142:5000  -H fd:// $OPTIONS $DOCKER_STORAGE_OPTIONS 
        LimitNOFILE=1048576 
        LimitNPROC=1048576 
         
        [Install] 
        WantedBy=multi-user.target 

在CoreOS系統中，執行方法一，可能會遇到/usr/lib/systemd/system/docker.service 檔案ReadOnly 無法修改的情況，這時可以手工啟動並新增 --insecure-registry引數
localhost ~ # /usr/lib/coreos/dockerd --daemon --insecure-registry 10.0.0.142:5000 

3 私有倉庫查詢方法
curl http://10.0.0.142:5000/v1/search
說明：使用curl檢視倉庫104.131.173.242:5000中的映象。在結果中可以檢視到ubuntu_sshd_gcc_gerry，說明已經上傳成功了。

4 在其他的機器上存取和下載私有倉庫的映象
在客戶機上手工啟動docker:localhost ~ # /usr/lib/coreos/dockerd --daemon --insecure-registry 10.0.0.142:5000 
執行pull命令
localhost ~ # docker pull 10.0.0.142:5000/jdk7
Pulling repository 10.0.0.142:5000/jdk7
134625e9d4d7: Download complete
134625e9d4d7: Pulling image (latest) from 10.0.0.142:5000/jdk7
6941bfcbbfca: Download complete
41459f052977: Download complete
fd44297e2ddb: Download complete
40eba1bcf993: Download complete
e60bdcf6f45f: Download complete
367c013cf9ca: Download complete
81812b96beec: Download complete
776f6d47bdf7: Download complete
2c96f979a63a: Download complete
f33b1fffe108: Download complete
71f589de03a8: Download complete
2115aa302043: Download complete
6a498e83fe1b: Download complete
591be66f0e03: Download complete
c468a9de6202: Download complete
a510d6919954: Download complete
14b73f7c3942: Download complete
b591b7e6f5da: Download complete
f1a90a0630e1: Download complete
131a069bbe25: Download complete
Status: Downloaded newer image for 10.0.0.142:5000/jdk7:latest

本文永久更新連結地址：http://www.linuxidc.com/Linux/2015-06/118545.htm