如果不想用私有鏡像庫(kù)峦嗤，你可以用docker的庫(kù) https://hub.docker.com

環(huán)境準(zhǔn)備

環(huán)境：兩個(gè)裝有Docker 17.09.0-ce 的centos7虛擬機(jī)

虛擬機(jī)一：192.168.0.154 用戶(hù)開(kāi)發(fā)機(jī)

虛擬機(jī)二：192.168.0.153 用作私有倉(cāng)庫(kù)

搭建私有倉(cāng)庫(kù)

在153機(jī)器上下載registry鏡像

docker pull registry

下載完之后我們通過(guò)該鏡像啟動(dòng)一個(gè)容器

docker run -d -p 5000:5000 registry

默認(rèn)情況下，會(huì)將倉(cāng)庫(kù)存放于容器內(nèi)的/tmp/registry目錄下屋摔，這樣如果容器被刪除烁设，則存放于容器中的鏡像也會(huì)丟失，所以我們一般情況下會(huì)指定本地一個(gè)目錄掛載到容器內(nèi)的/tmp/registry下钓试，

不過(guò)具體的情況還是要到容器里去看

先啟動(dòng)容器

docker run -d -p 5000:5000 -v /opt/data/registry:/tmp/registry registry

b4c21ca8cf8a23ea72e0471909742541ffc312ea5cf492486b5bdc3130179864

可以看到容器存放位置不在/tmp 下

我們接著來(lái)查找下装黑，掛載位置到底在哪里

可以看到registry 掛載目錄是 在 /var/lib/registry 下

我們重新啟動(dòng)下?registry

docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry? -v /data/config.yml:/etc/docker/registry/config.yml? registry?

/data/config.yml 這個(gè)是什么呢？我們?cè)谙旅鎰h除倉(cāng)庫(kù)鏡像介紹

這里需要說(shuō)明一點(diǎn)弓熏，在啟動(dòng)倉(cāng)庫(kù)時(shí)恋谭，需在配置文件中的storage配置中增加delete=true配置項(xiàng)，允許刪除鏡像挽鞠。默認(rèn)的鏡像是沒(méi)有這個(gè)參數(shù)

cat config.yml

version:?0.1

log:

??fields:

????service: registry

storage:

??delete:

????enabled: true

??cache:

????blobdescriptor: inmemory

??filesystem:

????rootdirectory: /var/lib/registry

http:

??addr: :5000

??headers:

????X-Content-Type-Options: [nosniff]

health:

??storagedriver:

????enabled: true

????interval:?10s

????threshold:?3

可以看到我們啟動(dòng)了一個(gè)容器疚颊，地址為：192.168.0.153:5000。

測(cè)試

接下來(lái)我們就要操作把一個(gè)本地鏡像push到私有倉(cāng)庫(kù)中滞谢。首先在153機(jī)器下pull一個(gè)比較小的鏡像來(lái)測(cè)試（此處使用的是busybox）串稀。

docker pull busybox

接下來(lái)修改一下該鏡像的tag除抛。

docker tag busybox 192.168.0.153:5000/busybox

接下來(lái)把打了tag的鏡像上傳到私有倉(cāng)庫(kù)狮杨。

docker push 192.168.0.153:5000/busybox

可以看到 push 失敗：

Error: Invalid registry endpoint https://192.168.0.153:5000/v1/: Get https://192.168.0.153:5000/v1/_ping: dial tcp 192.168.0.153:5000: connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.112.136:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/192.168.0.153:5000/ca.crt

因?yàn)镈ocker從1.3.X之后到忽，與docker registry交互默認(rèn)使用的是https橄教，然而此處搭建的私有倉(cāng)庫(kù)只提供http服務(wù)，所以當(dāng)與私有倉(cāng)庫(kù)交互時(shí)就會(huì)報(bào)上面的錯(cuò)誤喘漏。為了解決這個(gè)問(wèn)題需要在啟動(dòng)docker server時(shí)增加啟動(dòng)參數(shù)為默認(rèn)使用http訪問(wèn)护蝶。修改docker啟動(dòng)配置文件：

vim? /usr/lib/systemd/system/docker.service

找到ExecStart

ExecStart=/usr/bin/dockerd --insecure-registry 192.168.0.153:5000

紅色字體為添加的

重啟docker：

systemctl daemon-reload

systemctl restart docker

重啟完之后我們?cè)俅芜\(yùn)行推送命令，把本地鏡像推送到私有服務(wù)器上翩迈。

docker push 192.168.0.153:5000/busybox

接下來(lái)我們從私有倉(cāng)庫(kù)中pull下來(lái)該鏡像持灰。

sudo docker pull 192.168.0.153:5000/busybox

查看鏡像

# curl -XGET http://registry:5000/v2/_catalog

# curl -XGET http://registry:5000/v2/image_name/tags/list

Registry刪除鏡像、垃圾回收

Docker倉(cāng)庫(kù)在2.1版本中支持了刪除鏡像的API负饲，但這個(gè)刪除操作只會(huì)刪除鏡像元數(shù)據(jù)堤魁，不會(huì)刪除層數(shù)據(jù)喂链。在2.4版本中對(duì)這一問(wèn)題進(jìn)行了解決，增加了一個(gè)垃圾回收命令妥泉，刪除未被引用的層數(shù)據(jù)

打包上傳鏡像

[root@master scripts]# docker tag alpine:v1 192.168.0.153:5000/fbgweb:v1

[root@master scripts]# docker push 192.168.0.153:5000/fbgweb:v1

The push refers to a repository [192.168.0.153:5000/fbgweb]

e30c8796115a: Pushed

9922d8737f34: Pushed

c3cc0aba53da: Pushed

f73b42f6c905: Pushed

4a3fe911d00f: Pushed

187a385eda60: Pushed

0e23c00d0c30: Pushed

d221a7f5318b: Pushed

7e2d3752fd4f: Pushed

v1: digest: sha256:6a67ba482a8dd4f8143ac96b1dcffa5e45af95b8d3e37aeba72401a5afd7ab8e size: 2204

查看倉(cāng)庫(kù)鏡像 （查看倉(cāng)庫(kù)鏡像腳本?get.py）

[root@master scripts]# python get.py? ? ? ? ? ? ? ? ? ? ? ? ? 192.168.0.153:5000/fbgweb:v1192.168.0.153:5000/nginx:1.7.9192.168.0.153:5000/nginx:1.8

查看數(shù)據(jù)進(jìn)行倉(cāng)庫(kù)容器中椭微，通過(guò)du命令查看大小

[root@master ~]# docker exec -it f70d0c79e6d546d4 sh

~ # du? -chs? /var/lib/registry/

182.4M? /var/lib/registry/

182.4M? total

刪除鏡像

刪除鏡像對(duì)應(yīng)的API如下：

DELETE /v2//manifests/

name:鏡像名稱(chēng)

reference: 鏡像對(duì)應(yīng)sha256值

發(fā)送請(qǐng)求，刪除剛才上傳的鏡像

[root@master scripts]#? curl -I -X DELETE http://192.168.0.153:5000/v2/fbgweb/manifests/sha256:6a67ba482a8dd4f8143ac96b1dcffa5e45af95b8d3e37aeba72401a5afd7ab8e

HTTP/1.1 202 Accepted

Docker-Distribution-Api-Version: registry/2.0

X-Content-Type-Options: nosniff

Date: Mon, 13 Nov 2017 13:04:24 GMT

Content-Length: 0

Content-Type: text/plain; charset=utf-8

查看鏡像

[root@master scripts]# python get.py

192.168.0.153:5000/nginx:1.7.9

192.168.0.153:5000/nginx:1.8

192.168.0.153:5000/nginx:latest

可以看到鏡像索引已經(jīng)被刪除

查看數(shù)據(jù)大小

[root@master ~]# docker exec -it f70d0c79e6d546d4 sh

~ # du? -chs? /var/lib/registry/

182.4M? /var/lib/registry/

182.4M? total

可以看到數(shù)據(jù)大小沒(méi)有變化（只刪除了元數(shù)據(jù)）

垃圾回收

進(jìn)行容器執(zhí)行垃圾回收命令

~ # registry garbage-collect /etc/docker/registry/config.yml

31 blobs marked, 5 blobs eligible for deletion

blob eligible for deletion: sha256:5e7cf06c8745d0985f94191c60aad8b87371c8a674162525bff0efccdb805931

INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/5e/5e7cf06c8745d0985f94191c60aad8b87371c8a674162525bff0efccdb805931? go.version=go1.7.6 instance.id=c38f4c35-9914-4b77-a59f-ea584137fae0

blob eligible for deletion: sha256:6a67ba482a8dd4f8143ac96b1dcffa5e45af95b8d3e37aeba72401a5afd7ab8e

INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/6a/6a67ba482a8dd4f8143ac96b1dcffa5e45af95b8d3e37aeba72401a5afd7ab8e? go.version=go1.7.6 instance.id=c38f4c35-9914-4b77-a59f-ea584137fae0

blob eligible for deletion: sha256:966e2fb5980b2a854c03551418af0b2ee2bef082dfaae075026d00fa36620960

INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/96/966e2fb5980b2a854c03551418af0b2ee2bef082dfaae075026d00fa36620960? go.version=go1.7.6 instance.id=c38f4c35-9914-4b77-a59f-ea584137fae0

blob eligible for deletion: sha256:a122ad1ef7a033582abfc7bae980cc11bdcc2d19bed7d8ea5b7efc50d16456c8

INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/a1/a122ad1ef7a033582abfc7bae980cc11bdcc2d19bed7d8ea5b7efc50d16456c8? go.version=go1.7.6 instance.id=c38f4c35-9914-4b77-a59f-ea584137fae0

blob eligible for deletion: sha256:b29205236f1d3eb6143e95f3a412a8f21a16a10b09c7aee28ecba3d803832285

INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/b2/b29205236f1d3eb6143e95f3a412a8f21a16a10b09c7aee28ecba3d803832285? go.version=go1.7.6 instance.id=c38f4c35-9914-4b77-a59f-ea584137fae0

查看數(shù)據(jù)大小

~ # du? -chs? /var/lib/registry/

159.5M? /var/lib/registry/

159.5M? total

可以看到鏡像數(shù)據(jù)已被刪除