CoreOS环境下通过register镜像搭建私有仓库

官方提供了dockerhub网站来作为一个公开的集中仓库。然而，本地访问dockerhub速度往往很慢，并且很多时候我们需要一个本地的私有仓库只供网内使用。

关于如何创建和使用本地仓库，其实已经有很多文章介绍了。但是这些文章要么内容已经过时，要么给出了错误的配置，导致无法正常创建仓库。 本文以CoreOS系统为基础，讲解如何通过register镜像创建一个本地Repo

1 使用registry启动私有仓库的容器
docker run -d -p 5000:5000 -v /root/my_registry:/tmp/registry registry
说明：若之前没有安装registry容器则会自动下载并启动一个registry容器，创建本地的私有仓库服务。默认情况下，会将仓库创建在容器的/tmp/registry目录下，可以通过 -v 参数来将镜像文件存放在本地的指定路径上（例如，放在本地目录/root/my_registry下）。

2 向私有仓库push镜像
启动完register的镜像后，将register镜像上传到本地仓库上作为测试

说明：根据第一步启动的registry容器所在宿主主机的IP和Port，push某环境的本地容器。

localhost images # docker push 10.0.0.142:5000/register
The push refers to a repository [10.0.0.142:5000/register] (len: 1)
Sending image list
Pushing repository 10.0.0.142:5000/register (1 tags)
e9e06b06e14c: Image successfully pushed
a82efea989f9: Image successfully pushed
37bea4ee0c81: Image successfully pushed
07f8e8c5e660: Image successfully pushed
1f4ab7282e19: Image successfully pushed
0e4483abe66b: Image successfully pushed
c6153b5d8f1f: Image successfully pushed
2bc4611f2ed7: Image successfully pushed
30887473610f: Image successfully pushed
3f8e22c413b1: Image successfully pushed
22b1c756fa19: Image successfully pushed
90607d8d09d1: Image successfully pushed
4f4a5acb19eb: Image successfully pushed
204704ce3137: Image successfully pushed
Pushing tag for rev [204704ce3137] on {http://10.0.0.142:5000/v1/repositories/register/tags/latest}

宿主主机my_registry的目录结构

    localhost my_registry # ls -R
    .:
    images  repositories

    ./images:
    07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95  2bc4611f2ed7611f46c4aaee05e34b7a490671c79c41b827dc168377da95b041  90607d8d09d11e65ed8f4e4f5b20d99ecc1db1539b7c96ef28884dcebb1cbee6
    0e4483abe66bcc57ffe504a9baf65432f4931e5f91da3d5257e9990580d4beb0  30887473610f3f9354a34931cc43b8dd744d93375d6d95704d45313f843008dd  a82efea989f94b1d9fac76e26e37b0bbde11047a3afcaa47064949dfa3b3209b
    1f4ab7282e19ba4c80106bb4f6adf631c7d7ac7f48dd05bcb10b42768eb57913  37bea4ee0c816e3a3fa025f36127ef8ef0817b3f8fcd7b49eb7b26064f647bb0  c6153b5d8f1ff7de06410275d26bed8163e39cee970d052d457aef2d1658c383
    204704ce31375bcf4afecf672563b4881bbef0d59135c68d273235bb7254fb4b  3f8e22c413b1783145e785a4729c4d5f98f9baca025b74d73774ed438ac82ba2  e9e06b06e14c2f7d8df0251e3bb852c3a10a70639498163d4f180a823c18fdfc
    22b1c756fa19552df56cee7d7dc685ba2411878dbfda0950e849941af91a7f43  4f4a5acb19eb919eac7b507368e36b9a1d55b79974c20704de9b3ed32d258429

    ./images/07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95:
    _checksum  ancestry  json  layer

    ./images/0e4483abe66bcc57ffe504a9baf65432f4931e5f91da3d5257e9990580d4beb0:
    _checksum  ancestry  json  layer

    ./images/1f4ab7282e19ba4c80106bb4f6adf631c7d7ac7f48dd05bcb10b42768eb57913:
    _checksum  ancestry  json  layer

    ./images/204704ce31375bcf4afecf672563b4881bbef0d59135c68d273235bb7254fb4b:
    _checksum  ancestry  json  layer

    ./images/22b1c756fa19552df56cee7d7dc685ba2411878dbfda0950e849941af91a7f43:
    _checksum  ancestry  json  layer

    ./images/2bc4611f2ed7611f46c4aaee05e34b7a490671c79c41b827dc168377da95b041:
    _checksum  ancestry  json  layer

    ./images/30887473610f3f9354a34931cc43b8dd744d93375d6d95704d45313f843008dd:
    _checksum  ancestry  json  layer

    ./images/37bea4ee0c816e3a3fa025f36127ef8ef0817b3f8fcd7b49eb7b26064f647bb0:
    _checksum  ancestry  json  layer

    ./images/3f8e22c413b1783145e785a4729c4d5f98f9baca025b74d73774ed438ac82ba2:
    _checksum  ancestry  json  layer

    ./images/4f4a5acb19eb919eac7b507368e36b9a1d55b79974c20704de9b3ed32d258429:
    _checksum  ancestry  json  layer

    ./images/90607d8d09d11e65ed8f4e4f5b20d99ecc1db1539b7c96ef28884dcebb1cbee6:
    _checksum  ancestry  json  layer

    ./images/a82efea989f94b1d9fac76e26e37b0bbde11047a3afcaa47064949dfa3b3209b:
    _checksum  ancestry  json  layer

    ./images/c6153b5d8f1ff7de06410275d26bed8163e39cee970d052d457aef2d1658c383:
    _checksum  ancestry  json  layer

    ./images/e9e06b06e14c2f7d8df0251e3bb852c3a10a70639498163d4f180a823c18fdfc:
    _checksum  ancestry  json  layer

    ./repositories:
    library

    ./repositories/library:
    register

    ./repositories/library/register:
    _index_images  json  tag_latest  taglatest_json

关于https的问题

root@gerryyang:~# docker push 104.131.173.242:5000/Ubuntu_sshd_gcc_gerry:14.04 
FATA[0002] Error: Invalid registry endpoint https://104.131.173.242:5000/v1/: Get https://104.131.173.242:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `–insecure-registry 104.131.173.242:5000` to the daemon’s arguments. In the case of HTTPS, if you have access to the registry’s CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/104.131.173.242:5000/ca.crt 
解决方法：

解决方案：

vi /usr/lib/systemd/system/docker.service

内容修改如下：

        [Unit] 
        Description=Docker Application Container Engine 
        Documentation=http://docs.docker.com 
        After=network.target docker.socket 
        Requires=docker.socket 
         
        [Service] 
        Type=notify 
        EnvironmentFile=-/etc/sysconfig/docker 
        EnvironmentFile=-/etc/sysconfig/docker-storage 
        ExecStart=/usr/bin/docker -d –insecure-registry 10.0.0.142:5000  -H fd:// $OPTIONS $DOCKER_STORAGE_OPTIONS 
        LimitNOFILE=1048576 
        LimitNPROC=1048576 
         
        [Install] 
        WantedBy=multi-user.target 

在CoreOS系统中，执行方法一，可能会遇到/usr/lib/systemd/system/docker.service 文件ReadOnly 无法修改的情况，这时可以手工启动并添加 –insecure-registry参数
localhost ~ # /usr/lib/coreos/dockerd –daemon –insecure-registry 10.0.0.142:5000 

3 私有仓库查询方法
curl http://10.0.0.142:5000/v1/search
说明：使用curl查看仓库104.131.173.242:5000中的镜像。在结果中可以查看到ubuntu_sshd_gcc_gerry，说明已经上传成功了。

4 在其他的机器上访问和下载私有仓库的镜像
在客户机上手工启动docker:localhost ~ # /usr/lib/coreos/dockerd –daemon –insecure-registry 10.0.0.142:5000 
执行pull命令
localhost ~ # docker pull 10.0.0.142:5000/jdk7
Pulling repository 10.0.0.142:5000/jdk7
134625e9d4d7: Download complete
134625e9d4d7: Pulling image (latest) from 10.0.0.142:5000/jdk7
6941bfcbbfca: Download complete
41459f052977: Download complete
fd44297e2ddb: Download complete
40eba1bcf993: Download complete
e60bdcf6f45f: Download complete
367c013cf9ca: Download complete
81812b96beec: Download complete
776f6d47bdf7: Download complete
2c96f979a63a: Download complete
f33b1fffe108: Download complete
71f589de03a8: Download complete
2115aa302043: Download complete
6a498e83fe1b: Download complete
591be66f0e03: Download complete
c468a9de6202: Download complete
a510d6919954: Download complete
14b73f7c3942: Download complete
b591b7e6f5da: Download complete
f1a90a0630e1: Download complete
131a069bbe25: Download complete
Status: Downloaded newer image for 10.0.0.142:5000/jdk7:latest

更多CentOS相关信息见CentOS 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=14