Centos7搭建私有yum源與docker images倉庫

系統(tǒng)使用的是centos7-Minimal-2009
磁盤300G软免，根目錄分大點
另外掛載了一個200G的磁盤作為docker images的存儲
如果只需要搭建私有yum源，上半部分就可以了

私有yum源--yum repo

設(shè)置hostname

hostnamectl set-hostname mirrors.your-domain.com

安裝net-tool

yum install -y net-tools

我的網(wǎng)絡(luò)拓?fù)涫莕at 加 內(nèi)網(wǎng)環(huán)境

所以靜態(tài)路由需要配置情臭，不需要就跳過此段

查看路由表

ip route show

添加內(nèi)網(wǎng)靜態(tài)路由（重啟失效）

ip route add 10.0.0.0/8 via 10.101.2.1 dev ens224
ip route add 172.16.0.0/16 via 10.101.2.1 dev ens224

添加內(nèi)網(wǎng)靜態(tài)路由（永久）

cat << EOF > /etc/sysconfig/network-scripts/route-ens224
10.0.0.8/8 via 10.101.2.1 dev ens224
172.16.0.0/16 via 10.101.2.1 dev ens224
EOF

service network restart

關(guān)閉selinux、關(guān)閉firewall

sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0
systemctl stop firewalld.service
systemctl disable firewalld.service

安裝apache，設(shè)置啟動

yum install -y httpd
systemctl start httpd.service
systemctl enable httpd.service

試一下apache頁面

http://mirrors.your-domain.com

更換默認(rèn)repo為阿里云

mkdir -p /etc/yum.repos.d/bak/
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache

可以看一下現(xiàn)在的repo

yum repolist

安裝同步工具运提、repo制作工具

yum install -y yum-utils createrepo wget

創(chuàng)建目錄

mkdir -p /var/www/html/repo/centos/7
### base倉同步并創(chuàng)建repo數(shù)據(jù)
reposync -r base -p /var/www/html/repo/centos/7
createrepo /var/www/html/repo/centos/7/base

###extras倉庫同步并創(chuàng)建repo數(shù)據(jù)
reposync -r extras -p /var/www/html/repo/centos/7
createrepo /var/www/html/repo/centos/7/extras

###updates倉庫并創(chuàng)建repo數(shù)據(jù)
reposync -r updates -p /var/www/html/repo/centos/7
createrepo /var/www/html/repo/centos/7/updates

###epel倉庫同步并創(chuàng)建repo數(shù)據(jù)

reposync -r epel -p /var/www/html/repo/centos/7
createrepo /var/www/html/repo/centos/7/epel

###docker-ce倉庫同步并創(chuàng)建repo數(shù)據(jù)

reposync -r docker-ce-stable -p /var/www/html/repo/centos/7
createrepo /var/www/html/repo/centos/7/docker-ce-stable

手動更新包和更新repodata命令（可選）

reposync -np /var/www/html/repo/centos/7/

createrepo --update /var/www/html/repo/centos/7/base
createrepo --update /var/www/html/repo/centos/7/extras
createrepo --update /var/www/html/repo/centos/7/updates
createrepo --update /var/www/html/repo/centos/7/epel
createrepo --update /var/www/html/repo/centos/7/docker-ce-stable

制作repo指向文件

cat << EOF > /var/www/html/repo/Centos-7.repo
#base倉庫
[base]
name=Local CentOS-7  Base
baseurl=http://mirrors.your-domain.com/repo/centos/7/base
enabled=1
gpgcheck=0

# extras倉庫
[extras]
name=Local CentOS-7  Extras 
baseurl=http://mirrors.your-domain.com/repo/centos/7/extras
enabled=1
gpgcheck=0

# updates倉庫
[updates]
name=Local CentOS-7  Updates
baseurl=http://mirrors.your-domain.com/repo/centos/7/updates
enabled=1
gpgcheck=0

# epel倉庫
[epel]
name=Local Extra Packages for Enterprise Linux 7
baseurl=http://mirrors.your-domain.com/repo/centos/7/epel
enabled=1
gpgcheck=0


# docker-ce倉庫
[docker-ce-stable]
name=Local docker Packages for Enterprise Linux 7
baseurl=http://mirrors.your-domain.com/repo/centos/7/docker-ce-stable
enabled=1
gpgcheck=0
EOF

設(shè)置自動同步

cat << EOF > /var/www/html/sync_yum.sh
#!/bin/bash
echo 'Updating Aliyum Source'
exec > /var/log/sync_yumrepo.log
reposync -np /var/www/html/repo/centos/7/
if [ $? -eq 0 ];then
    createrepo --update /var/www/html/repo/centos/7/base
    createrepo --update /var/www/html/repo/centos/7/extras
    createrepo --update /var/www/html/repo/centos/7/updates
    createrepo --update /var/www/html/repo/centos/7/epel
    createrepo --update /var/www/html/repo/centos/7/docker-ce-stable
    echo "SUCESS: aliyum_yum update successful"
else
   echo "ERROR: aliyum_yum update failed"
fi
EOF

chmod +x /var/www/html/sync_yum.sh

每周一凌晨1點同步
crontab -e
0 1 * * 1 /bin/bash /var/www/html/sync_yum.sh

創(chuàng)建使用說明頁面

cat << EOF > /var/www/html/index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>CentOS repo與docker registry鏡像</title>

<script>document.createElement("myHero")</script>
<style>
myHero {
display: block;
background-color: #ddd;
padding: 10px;
font-size: 20px;
} 
</style> 

</head>
<body>
<h1>簡介</h1>
<hr>
<p>CentOS蝗柔，是基于 Red Hat Linux 提供的可自由使用源代碼的企業(yè)級 Linux 發(fā)行版本，是一個穩(wěn)定民泵，可預(yù)測癣丧，可管理和可復(fù)制的免費企業(yè)級計算平臺。</p>
<p>站點功能:</p>
<p>1.Centos yum repo</p>
<p>2.Docker images registry</p>

<hr>
<br>
<br>

<h1>一栈妆、CentOS 7 配置內(nèi)部YUM源</h1>
<br>
<h2>1胁编、備份</h2>
<myHero>mkdir -p /etc/yum.repos.d/bak/</myHero>
<myHero>mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/</myHero>
<br>
<h2>2、下載新的 CentOS-Base.repo 到 /etc/yum.repos.d/ </h2>
<myHero>curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.your-domain.com/repo/Centos-7.repo</myHero>
<br>
<h2>3鳞尔、生成緩存</h2>
<myHero>yum makecache</myHero>
<br>
<h2>4嬉橙、運行 yum repolist   可查看已經(jīng)生成緩存</h2>
<br>
<br>
<hr>
<h1>二、使用docker images registry倉庫</h1>

<br>
<h2>1寥假、下載ssl證書</h2>
<myHero>mkdir -p /etc/docker/certs.d/mirrors.your-domain.com</myHero>
<myHero>wget -O /etc/docker/certs.d/mirrors.your-domain.com/ca.crt http://mirrors.your-domain.com/ca.crt</myHero>

<br>
<h2>2市框、測試返回 </h2>
<myHero>curl -Ik https://mirrors.your-domain.com</myHero>
    HTTP/1.1 200 OK</myHero>
<br>
    Cache-Control: no-cache</myHero>

<br>
<h2>3、鏡像拉取測試（可選）</h2>
<myHero>docker pull mirrors.your-domain.com/library/ubuntu </myHero>
<br>
<h2>4糕韧、使用（以ceph為例）</h2>
<br>
<myHero>docker pull mirrors.your-domain.com/ceph/daemon:latest-mimic </myHero>
<br>
<br>
</body>
</html>
EOF

訪問

http://mirrors.your-domain.com

其他機(jī)器使用私有源

mkdir -p /etc/yum.repos.d/bak/

mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.your-domain.com/repo/Centos-7.repo

yum makecache

yum update

私有源部分結(jié)束

docker images registry --images本地倉

添加一個專用磁盤sdb枫振，200G，作為docker images存儲

pvcreate /dev/sdb
vgcreate registry_vg /dev/sdb
lvcreate -L 198G -n registry_data registry_vg
mkfs.xfs /dev/mapper/registry_vg-registry_data 
mkdir -p /var/lib/docker/volumes/registry/_data/docker

查一下registry_vg-registry_data的UUID

blkid

[root@mirrors ~]# blkid
/dev/mapper/centos-root: UUID="ff7c3399-c44d-49dc-9e98-570b00bcd84a" TYPE="xfs" 
/dev/sda2: UUID="IuHCZp-JMfJ-f8bi-16x2-2NAx-yd4k-bcusvV" TYPE="LVM2_member" 
/dev/sda1: UUID="4a5490c9-3203-4f96-8191-ad49d3183347" TYPE="xfs" 
/dev/sdb: UUID="i3wvm3-op4P-v2qk-QLc1-Keww-69mG-zgA9SV" TYPE="LVM2_member" 
/dev/mapper/centos-swap: UUID="dd5cdb94-fbeb-4f79-90bf-807fd4b0d581" TYPE="swap" 
/dev/mapper/registry_vg-registry_data: UUID="21d493a8-7329-45e5-82f9-02e97066cdb0" TYPE="xfs" 
/dev/mapper/centos-home: UUID="824c3751-2548-4cd2-9fdd-e0081a444a4e" TYPE="xfs" 

在fstab的最后加一行萤彩，UUID替換成registry_vg-registry_data的
vi /etc/fstab

UUID=21d493a8-7329-45e5-82f9-02e97066cdb0 /var/lib/docker/volumes/registry/_data/docker        xfs     defaults        0 0

mount -a

加一個阿里的docker-ce源

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache

安裝docker粪滤，并啟動

yum install docker-ce -y
systemctl start docker
systemctl enable docker

設(shè)置docker kolla.conf,我是用來部署openstack的

mkdir /etc/systemd/system/docker.service.d
tee /etc/systemd/system/docker.service.d/kolla.conf << 'EOF'
[Service]
MountFlags=shared
EOF

創(chuàng)建證書

yum install -y openssl
mkdir -p ~/certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout ~/certs/domain.key -x509 -days 365 -out ~/certs/domain.crt

一路回車，到Common Name這一步填:mirrors.your-domain.com

Generating a 4096 bit RSA private key
.......................................................................................++
......++
writing new private key to '/root/certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:mirrors.your-domain.com

下載registry并獲取配置

docker run -it --rm --entrypoint cat registry:2 /etc/docker/registry/config.yml > ~/config.yml

更改 config.yml 配置文件

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
  tls:
    certificate: /var/lib/registry/domain.crt
    key: /var/lib/registry/domain.key

health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

proxy:
  remoteurl: https://p7a8ba4a.mirror.aliyuncs.com

其中乒疏，https://p7a8ba4a.mirror.aliyuncs.com 是我個人的阿里云docker加速地址

放置配置文件與證書

mkdir -p /var/lib/docker/volumes/registry/_data/
cp ~/certs/domain.* ~/config.yml /var/lib/docker/volumes/registry/_data/
mkdir -p /etc/docker/certs.d/dev.registry.io
cp ~/certs/domain.crt /etc/docker/certs.d/mirrors.your-domain.com/ca.crt
cp /etc/docker/certs.d/mirrors.your-domain.com/ca.crt /var/www/html/ca.crt

運行 registry container

systemctl restart docker

docker run -d --restart=always -p 443:5000 --name registry -v registry:/var/lib/registry registry:2 /var/lib/registry/config.yml

docker ps

CONTAINER ID   IMAGECOMMAND  CREATED   STATUS  PORTS NAMES
b12c05b4a54a   registry:2   "/entrypoint.sh /var…"   9 hours ago   Up 16 seconds   0.0.0.0:443->5000/tcp, :::443->5000/tcp   registry

訪問驗證

curl -Ik https://mirrors.your-domain.com

HTTP/2 200
cache-control: no-cache

其他機(jī)器使用

先獲取證書
mkdir -p /etc/docker/certs.d/mirrors.your-domain.com
wget -O /etc/docker/certs.d/mirrors.your-domain.com/ca.crt http://mirrors.your-domain.com/ca.crt

拉取方式（以ceph為例）

docker pull mirrors.your-domain.com/ceph/daemon:latest-mimic