centos7搭建docker私有仓库
1.环境:
- [root@docker02 anchors]# cat /etc/redhat-release
- CentOS Linux release 7.3.1611 (Core)
- [root@docker02 anchors]# docker info
- Containers:
- Running:
- Paused:
- Stopped:
- Images:
- Server Version: 17.03.1-ce
.....
- 10.60.10.39 docker01.lo -->仓库
- 10.60.10.40 docker02.lo -->客户端
10.60.10.41 docker03.lo -->客户端
2.仓库配置https认证
a.配置hosts文件
[root@docker01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.60.10.39 docker01.lo
10.60.10.40 docker02.lo
10.60.10.41 docker03.lo
b.生成证书
- [root@docker01 ~]# cd /etc/docker/
- [root@docker01 docker]# mkdir certs
#切到docker配置文件目录,新建certs目录。
- [root@docker01 docker]# openssl req -newkey rsa: -nodes -sha256 -keyout certs/docker01.lo.key -x509 -days -out certs/docker01.lo.crt
- Generating a bit RSA private key
- ..........................................................................................................................................................................................................................................................................++
- ..............++
- writing new private key to 'certs/docker01.lo.key'
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name ( letter code) [XX]:CN
- State or Province Name (full name) []:ZJ
- Locality Name (eg, city) [Default City]:HZ
- Organization Name (eg, company) [Default Company Ltd]:ZX
- Organizational Unit Name (eg, section) []:ZX
- Common Name (eg, your name or your server's hostname) []:docker01.lo
- Email Address []:TEST@.com
注意,以上红色字体的三处关键字要一致,这里我用得是仓库主机的主机名。
- [root@docker01 docker]# ll certs/
- total
- -rw-r--r--. root root Jun : docker01.lo.crt
- -rw-r--r--. root root Jun : docker01.lo.key
3.运行registry容器
- docker run -d -P -it -p : --restart=always --name registry_https01 -v `pwd`/certs:/etc/docker/certs/ -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/docker01.lo.crt -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/docker01.lo.key registry
- [root@docker01 docker]# docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 4b10b23f3dd0 registry "/entrypoint.sh /e..." seconds ago Up seconds 0.0.0.0:->/tcp registry_https01
- [root@docker01 docker]# netstat -ntpl
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0.0.0.0: 0.0.0.0:* LISTEN /sshd
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /master
- tcp6 ::: :::* LISTEN /sshd
- tcp6 ::: :::* LISTEN /master
- tcp6 ::: :::* LISTEN /dockerd
- tcp6 ::: :::* LISTEN /docker-proxy
- tcp6 ::: :::* LISTEN /dockerd
- tcp6 ::: :::* LISTEN /dockerd
4.配置客户端( 需要配置hosts文件如步骤2-a)
a.远程拷贝docker01.lo.crt到客户端/etc/pki/ca-trust/source/anchors目录下
- [root@docker01 docker]# scp certs/docker01.lo.crt 10.60.10.40:/etc/pki/ca-trust/source/anchors
- root@10.60.10.40's password:
- docker01.lo.crt % .0KB/s :
- [root@docker01 docker]# scp certs/docker01.lo.crt 10.60.10.41:/etc/pki/ca-trust/source/anchors
- root@10.60.10.41's password:
- docker01.lo.crt % .0KB/s :
b.更新证书
- [root@docker02 ~]# cd /etc/pki/ca-trust/source/anchors
- [root@docker02 anchors]# update-ca-trust
- [root@docker03 ~]# cd /etc/pki/ca-trust/source/anchors
- [root@docker03 anchors]# update-ca-trust
c.上传image
- [root@docker02 anchors]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- nginx latest 958a7ae9e569 weeks ago MB
- swarm latest 36b1e23becab months ago 15.9 MB
- centos 6.8 0cd976dc0a98 months ago MB
- [root@docker02 anchors]# docker tag centos:6.8 docker01.lo:/centos:6.8
- [root@docker02 anchors]# docker push docker01.lo:/centos
- The push refers to a repository [docker01.lo:/centos]
- b1b065555b8a: Pushed
- 6.8: digest: sha256:c338f851dc6520fc3f7ece01e4fbe207eaa78b775a0738f2bfdd6f36144e6b8a size:
- [root@docker02 anchors]# curl https://docker01.lo:5000/v2/_catalog
- {"repositories":["centos"]}
-----------------------------------------------------------------------------
- [root@docker03 anchors]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- ubuntu latest 7b9b13f7b9c0 weeks ago MB
- nginx latest 958a7ae9e569 weeks ago MB
- swarm latest 36b1e23becab months ago 15.9 MB
- centos 6.8 0cd976dc0a98 months ago MB
- [root@docker03 anchors]# docker tag ubuntu docker01.lo:5000/ubuntu
[root@docker03 anchors]# docker push docker01.lo:/ubuntu- The push refers to a repository [docker01.lo:/ubuntu]
- d8b353eb3025: Pushed
- f2e85bc0b7b1: Pushed
- fc9e1e5e38f7: Pushed
- fe9a3f9c4559: Pushed
- 6a8bf8c8edbd: Pushed
- latest: digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368 size:
- [root@docker03 anchors]# curl https://docker01.lo:5000/v2/_catalog
- {"repositories":["centos","ubuntu"]}
d.下载image
- [root@docker02 anchors]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- nginx latest 958a7ae9e569 weeks ago MB
- swarm latest 36b1e23becab months ago 15.9 MB
- centos 6.8 0cd976dc0a98 months ago MB
- docker01.lo:/centos 6.8 0cd976dc0a98 months ago MB
- [root@docker02 anchors]# docker pull docker01.lo:/ubuntu
- Using default tag: latest
- latest: Pulling from ubuntu
- bd97b43c27e3: Pull complete
- 6960dc1aba18: Pull complete
- 2b61829b0db5: Pull complete
- 1f88dc826b14: Pull complete
- 73b3859b1e43: Pull complete
- Digest: sha256:ea1d854d38be82f54d39efe2c67000bed1b03348bcc2f3dc094f260855dff368
- Status: Downloaded newer image for docker01.lo:/ubuntu:latest
- [root@docker02 anchors]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- docker01.lo:/ubuntu latest 7b9b13f7b9c0 weeks ago MB
- nginx latest 958a7ae9e569 weeks ago MB
- swarm latest 36b1e23becab months ago 15.9 MB
- centos 6.8 0cd976dc0a98 months ago MB
- docker01.lo:/centos 6.8 0cd976dc0a98 months ago MB
-------------------------------------------------
- [root@docker03 anchors]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- docker01.lo:/ubuntu latest 7b9b13f7b9c0 weeks ago MB
- ubuntu latest 7b9b13f7b9c0 weeks ago MB
- nginx latest 958a7ae9e569 weeks ago MB
- swarm latest 36b1e23becab months ago 15.9 MB
- centos 6.8 0cd976dc0a98 months ago MB
- [root@docker03 anchors]# docker pull docker01.lo:/centos:6.8
- 6.8: Pulling from centos
- Digest: sha256:c338f851dc6520fc3f7ece01e4fbe207eaa78b775a0738f2bfdd6f36144e6b8a
- Status: Downloaded newer image for docker01.lo:/centos:6.8
- [root@docker03 anchors]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- docker01.lo:/ubuntu latest 7b9b13f7b9c0 weeks ago MB
- ubuntu latest 7b9b13f7b9c0 weeks ago MB
- nginx latest 958a7ae9e569 weeks ago MB
- swarm latest 36b1e23becab months ago 15.9 MB
- centos 6.8 0cd976dc0a98 months ago MB
- docker01.lo:/centos 6.8 0cd976dc0a98 months ago MB
5.问题解决:
[root@docker03 anchors]# docker push docker01.lo:5000/centos
The push refers to a repository [docker01.lo:5000/centos]
Get https://docker01.lo:5000/v1/_ping: x509: certificate signed by unknown authority
如碰到上述问题:
- [root@docker03 anchors]# cat docker01.l.crt >> /etc/pki/tls/certs/ca-bundle.crt
- [root@docker03 anchors]# update-ca-trust
[root@docker03 anchors]# systemctl restart docker
centos7搭建docker私有仓库的更多相关文章
- CentOS7搭建Docker私有仓库----Docker
有时候使用Docker Hub这样的公共仓库可能不方便,这种情况下用户可以使用registry创建一个本地仓库供私人使用,这点跟Maven的管理类似.目前Docker Registry已经升级到了v2 ...
- 一步步搭建docker私有仓库并从私有仓库中下载镜像
一步步搭建docker私有仓库 #下载镜像 docker pull registry#查看镜像 docker images #运行私有仓库,指定端口和数据卷 docker run -d -p : -v ...
- 搭建docker私有仓库
保存镜像的地方成为仓库(registry).目前有2种仓库:公共仓库和私有仓库. 最方便的是使用公共仓库上传和下载镜像,下载不需要注册,上传需要到公共仓库注册.公共仓库网站:https://hub.d ...
- Centos7搭建Harbor私有仓库(二)
1 说明 前文Centos7搭建Harbor私有仓库(一)中成功搭建了Harbor,但,是以http方式搭建的,这里我们修改为https方式 以下基于镜像CentOS-7-x86_64-Minimal ...
- windows 环境下搭建docker私有仓库
windows 环境下搭建docker私有仓库 1.在公用仓库中pull仓库镜像 docker pull regitry 2.启动仓库镜像 //-d意思是后台运行,-p是做端口映射,这里是将本地的50 ...
- Docker自学纪实(六)搭建docker私有仓库
docker的镜像仓库分两种:一种是从官方公有仓库拉取:还有就是自己搭建私有仓库.官方的镜像仓库是面对整个应用市场的:私有仓库一般用于公司内部,就是公司项目自身所需的镜像.搭建私有仓库有什么好处?私有 ...
- 搭建docker私有仓库,建立k8s集群
服务器IP角色分布 192.168.5.2 etcd server 192.168.5.2 kubernetes master 192.168.5.3 kubernetes node 192.168. ...
- 手把手教你搭建Docker私有仓库
章节一:centos7 docker安装和使用_入门教程 章节二:使用docker部署Asp.net core web应用程序 有了前面的基础,接下来的操作就比较简单了.先准备两台虚拟机,两台机器上都 ...
- 03搭建docker私有仓库
搭建docker私仓,可以使用docker官方提供的registry镜像.该镜像目前有2.0,2.3和2.3.1版本.它只与1.6.0以上版本的docker兼容.搭建私仓的步骤如下: 一:无代理.无认 ...
随机推荐
- android app rate on google play and amazon
http://stackoverflow.com/questions/11393191/linking-back-to-amazon-app-store-for-ratings public st ...
- WebGL 进入三维世界
1.观察目标点和上方向 为了确定观察者的状态,你需要获取两项信息:视点,即观察者的位置:观察目标点(look-at point),即被观察目标所在的点,它可以用来确定视线.此外,因为我们需要把观察到的 ...
- Python之XML解析详解
什么是XML? XML 指可扩展标记语言(eXtensible Markup Language). XML 被设计用来传输和存储数据. XML是一套定义语义标记的规则,这些标记将文档分成许多部件并对这 ...
- 【11-13】A股主要指数的市盈率(PE)估值高度
全指材料(SH000987) - 2018-11-13日,当前值:12.4646,平均值:30.54,中位数:26.09865,当前 接近历史新低.全指材料(SH000987)的历史市盈率PE详情 内 ...
- ns-3 的下载、编译以及 Eclipse 的相关配置
0. 写在前面 对于初次接触Linux系统的人来说,ns-3 的安装似乎并不友好.但其实仅仅要按部就班地来做,其安装过程也没有看上去的那么复杂.本文将官方 Wiki 中的安装过程稍作梳理,希望能为刚開 ...
- TCP拥塞控制算法纵横谈-Illinois和YeAH
周五晚上.终于下了雨.所以也终于能够乱七八糟多写点松散的东西了... 方法论问题. 这个题目太大以至于内容和题目的关联看起来有失偏颇.只是也无所谓,既然被人以为"没有方法论"而歧视 ...
- SqlServer当前月份时间
SqlServer当前月份时间 SELECT -DAY(getdate()+-DAY(getdate()))
- 与MQ通讯的完整JAVA程序
该程序实现了发送消息与读取消息的功能,见其中的 send***与get***方法.这只适合于测试,因为环境中的程序还需要对此有稍微的更改,在真实的环境中肯定是在while(true){...} 的无限 ...
- django初体验 学习笔记
django环境搭建 1.安装Python 2.ipython sudo apt-get install ipython sudo pip instal ...
- Mac下Intellij IDea发布JavaWeb项目 详解二 (新建Module)
Step3 添加两个module 3.1 右键[WebWorkSpace]-[New]-[Module] 3.2 重复 准备工作1:新建第一个JavaWeb项目[1.6-1.11]的操作,建好一个名为 ...