1 搭建私有仓库

使用docker run的时候,先查找本地仓库,如果本地没有,会向公共仓库发起申请,找到对应版本, 下载后运行这个镜像的实例。

[root@localhost ~]# 
[root@localhost ~]# docker run -d -p 5000:5000 registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
4064ffdc82fe: Pull complete 
c12c92d1c5a2: Pull complete 
4fbc9b6835cc: Pull complete 
765973b0f65f: Pull complete 
3968771a7c3a: Pull complete 
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:latest
1ecea934119bfd43c0f960740197db8410bcf317c9bcdb005a7c28d720de51f7
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS              PORTS                    NAMES
1ecea934119b        registry                  "/entrypoint.sh /etc…"   19 seconds ago      Up 17 seconds       0.0.0.0:5000->5000/tcp   infallible_bartik
6af5902d98c0        nginx                     "nginx -g 'daemon of…"   20 hours ago        Up 20 hours         0.0.0.0:80->80/tcp       nginx
4bc701965bca        ansible/centos7-ansible   "/bin/bash"              21 hours ago        Up 21 hours                                   ws

关系:注册服务器存放仓库的服务器,一个服务器上有多个仓库,仓库可分为公共仓库和私有仓库,一个仓库里可以有多个镜像,而容器是镜像的实例。 注册服务器(repository) 仓库(registry) 镜像(image) 容器(container)

2 使用dockerfile来创建自己的镜像 运行一个python程序,用于flask访问redis, dockerfile

[root@localhost dockerfile]# more Dockerfile 
From python:2.7-slim
WORKDIR /app
ADD . /app
RUN pip install --trusted-host pypi.python.org -r requirements.txt
EXPOSE 80
ENV NAME World
CMD ["python","app.py"]

说明: dockerfile第一行必须指定基础的镜像,此处的dockerfile就是以python2.7-slim为基础镜像,当指定为基础镜像的时候使用着急字为FROM WORKDIR表示指定工作目录,主要是为了在使用RUN,CMD,ENTRYPOINT指定工作目录,在指定目录的时候,如果没有以/开头那么表示为相对路径,如果指定了是使用的绝对路径。 ADD表示复制指定的源文件到容器的目录路径之中,在使用COPY的时候也是复制,只是相对于dockerfile的相对路径。 RUN后面如果直接是命令,表示在shell中直接运行的命令,使用/bin/sh -c来直接运行这个命令;以上的RUN也可以修改为 RUN["executable","pip install --trusted-host pypi.python.org -r requirements.txt"],这步的主要目的就是安装相关的python模块文件redis和flask。

EXPOSE表示为容器对外的端口,在启动容器时,可使用-P参数来指定容器的端口隐射关系。

ENV表示设定环境变量,会被RUN使用到,并且在容器运行的时候保持。

CMD表示指定容器启动时的命令,表示容器运行之后,运行python app.py

dockerfile写完后,就需要创建一个app依赖的模块文件,requirements.txt.

[root@localhost dockerfile]# cat requirements.txt 
Flask
Redis

flask的程序,监听端口80

from flask import Flask
from redis import Redis, RedisError
import os
import socket



    redis = Redis(host="redis", db=0, socket_connect_timeout=2, socket_timeout=2)
    app = Flask(__name__)
    @app.route("/")
    def hello():
        try:
            visits = redis.incr("counter")
        except RedisError:
            visits = "<i>cannot connect to Redis, counter disabled</i>"

        html = "<h3>Hello {name}!</h3>" \
           "<b>Hostname:</b> {hostname}<br/>" \
           "<b>Visits:</b> {visits}"
        return html.format(name=os.getenv("NAME", "world"), hostname=socket.gethostname(), visits=visits)
if __name__ == "__main__":
    app.run(host='0.0.0.0', port=80)

开始编译镜像,使用参数未build, -t 表示为这个镜像打上标签。

[root@localhost dockerfile]# docker build -t kel/python .
Sending build context to Docker daemon  4.608kB
Step 1/7 : From python:2.7-slim
 ---> 40792d8a2d6d
Step 2/7 : WORKDIR /app
 ---> Using cache
 ---> 9aa8427b4473
Step 3/7 : ADD . /app
 ---> b45825ac6286
Step 4/7 : RUN pip install --trusted-host pypi.python.org -r requirements.txt
 ---> Running in b5abce805944
Collecting Flask (from -r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/7f/e7/08578774ed4536d3242b14dacb4696386634607af824ea997202cd0edb4b/Flask-1.0.2-py2.py3-none-any.whl (91kB)
Collecting Redis (from -r requirements.txt (line 2))
  Downloading https://files.pythonhosted.org/packages/3b/f6/7a76333cf0b9251ecf49efff635015171843d9b977e4ffcf59f9c4428052/redis-2.10.6-py2.py3-none-any.whl (64kB)
Collecting itsdangerous>=0.24 (from Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/dc/b4/a60bcdba945c00f6d608d8975131ab3f25b22f2bcfe1dab221165194b2d4/itsdangerous-0.24.tar.gz (46kB)
Collecting Jinja2>=2.10 (from Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/7f/ff/ae64bacdfc95f27a016a7bed8e8686763ba4d277a78ca76f32659220a731/Jinja2-2.10-py2.py3-none-any.whl (126kB)
Collecting Werkzeug>=0.14 (from Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl (322kB)
Collecting click>=5.1 (from Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/34/c1/8806f99713ddb993c5366c362b2f908f18269f8d792aff1abfd700775a77/click-6.7-py2.py3-none-any.whl (71kB)
Collecting MarkupSafe>=0.23 (from Jinja2>=2.10->Flask->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/MarkupSafe-1.0.tar.gz
Building wheels for collected packages: itsdangerous, MarkupSafe
  Running setup.py bdist_wheel for itsdangerous: started
  Running setup.py bdist_wheel for itsdangerous: finished with status 'done'
  Stored in directory: /root/.cache/pip/wheels/2c/4a/61/5599631c1554768c6290b08c02c72d7317910374ca602ff1e5
  Running setup.py bdist_wheel for MarkupSafe: started
  Running setup.py bdist_wheel for MarkupSafe: finished with status 'done'
  Stored in directory: /root/.cache/pip/wheels/33/56/20/ebe49a5c612fffe1c5a632146b16596f9e64676768661e4e46
Successfully built itsdangerous MarkupSafe
Installing collected packages: itsdangerous, MarkupSafe, Jinja2, Werkzeug, click, Flask, Redis
Successfully installed Flask-1.0.2 Jinja2-2.10 MarkupSafe-1.0 Redis-2.10.6 Werkzeug-0.14.1 click-6.7 itsdangerous-0.24
Removing intermediate container b5abce805944
 ---> 02714dab17f4
Step 5/7 : EXPOSE 80
 ---> Running in f94efe4e46bd
Removing intermediate container f94efe4e46bd
 ---> e840cecd9caa
Step 6/7 : ENV NAME World
 ---> Running in 70b93f89f4c7
Removing intermediate container 70b93f89f4c7
 ---> 9c68b818afaa
Step 7/7 : CMD ["python","app.py"]
 ---> Running in d9da30b0b576
Removing intermediate container d9da30b0b576
 ---> a5195d8da32f
Successfully built a5195d8da32f
Successfully tagged kel/python:latest
[root@localhost dockerfile]# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
kel/python                latest              a5195d8da32f        21 seconds ago      132MB
python                    2.7-slim            40792d8a2d6d        27 hours ago        120MB
registry                  latest              b2b03e9146e1        3 weeks ago         33.3MB

在进行push到私有仓库前,必须打tag,标记相关的ip和端口
[root@localhost dockerfile]# docker tag kel/python 192.168.10.138:5000/python
[root@localhost dockerfile]# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
192.168.10.138:5000/python   latest              a5195d8da32f        14 minutes ago      132MB
kel/python                   latest              a5195d8da32f        14 minutes ago      132MB
python                       2.7-slim            40792d8a2d6d        28 hours ago        120MB
registry                     latest              b2b03e9146e1        3 weeks ago         33.3MB

[root@localhost dockerfile]# docker push 192.168.10.138:5000/python
The push refers to repository [192.168.10.138:5000/python]
Get https://192.168.10.138:5000/v2/: http: server gave HTTP response to HTTPS client

报错解决办法:

[root@localhost dockerfile]# more /etc/docker/daemon.json
{ "insecure-registries":["192.168.10.138:5000"]}

重启docker [root@localhost dockerfile]# systemctl restart docker 再执行

[root@localhost dockerfile]# docker push 192.168.10.138:5000/python
The push refers to repository [192.168.10.138:5000/python]
b6c1f6c6568c: Pushed 
0c70e341e949: Pushed 
d3f4638c4576: Pushed 
1ea4f6a807ba: Pushed 
fda4dc055a55: Pushed 
e8fc09a140cf: Pushed 
cdb3f9544e4c: Pushed 
latest: digest: sha256:8c4d21d7124ecdf3751aa3df52d40f213154cb439465f023f19b2e71ddf89d46 size: 1787

registry使用的是v2版本,从而和v1的api接口不一样,默认存储路径为:

[root@localhost dockerfile]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                    NAMES
94cd1c5420cd        registry            "/entrypoint.sh /etc…"   About a minute ago   Up About a minute   0.0.0.0:5000->5000/tcp   dreamy_sinoussi
[root@localhost dockerfile]# docker exec -it 94cd1c5420cd   sh 
/ # ls /var/lib/registry/docker/registry/v2/repositories/python/
_layers     _manifests  _uploads
/ # ls -l /var/lib/registry/docker/registry/v2/repositories/python/
total 0
drwxr-xr-x    3 root     root            20 Aug  2 03:20 _layers
drwxr-xr-x    4 root     root            35 Aug  2 03:20 _manifests
drwxr-xr-x    2 root     root             6 Aug  2 03:20 _uploads

这个也就是刚刚上传的镜像文件,使用curl可以来进行检查查看(api文档路径https://docs.docker.com/registry/spec/api/):

[root@localhost dockerfile]# curl http://192.168.10.138:5000/v2
<a rel="nofollow" href="/v2/">Moved Permanently</a>.
[root@localhost dockerfile]# curl http://192.168.10.138:5000/v2/python/tags/list
{"name":"python","tags":["latest"]}

看以上的ip地址问本宿主机的ip地址, 查看本地的监听端口和容器的监听端口:

[root@localhost dockerfile]# netstat -ntlp | grep docker
tcp        0      0 192.168.10.138:10010    0.0.0.0:*               LISTEN      12330/docker-contai 
tcp6       0      0 :::5000                 :::*                    LISTEN      12738/docker-proxy  
[root@localhost dockerfile]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
94cd1c5420cd        registry            "/entrypoint.sh /etc…"   2 hours ago         Up 2 hours          0.0.0.0:5000->5000/tcp   dreamy_sinoussi
[root@localhost dockerfile]# docker exec -it 94cd1c5420cd sh
/ # netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 :::5000                 :::*                    LISTEN      1/registry
/ # ps -ef 
PID   USER     TIME   COMMAND
    1 root       0:02 registry serve /etc/docker/registry/config.yml
   44 root       0:00 sh
   63 root       0:00 sh
   71 root       0:00 ps -ef
/ # 

docker的地址也可以直接访问

[root@localhost dockerfile]# docker exec -it 94cd1c5420cd  sh
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02  
          inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4660 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3712 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:48628007 (46.3 MiB)  TX bytes:264393 (258.1 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # exit
[root@localhost dockerfile]# curl http://172.17.0.2:5000/v2/python/tags/list
{"name":"python","tags":["latest"]}

创建容器

[root@localhost ~]# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
192.168.10.138:5000/python   latest              a5195d8da32f        4 hours ago         132MB
kel/python                   latest              a5195d8da32f        4 hours ago         132MB
<none>                       <none>              b23c1ee6391c        19 hours ago        120MB
python                       2.7-slim            40792d8a2d6d        31 hours ago        120MB
registry                     latest              b2b03e9146e1        3 weeks ago         33.3MB
[root@localhost ~]# docker run -itd -p 80:80  kel/python                   
cb49a91fc1af36d1231522d5655b1575f22707b488be991c603fc27be3b1ee9c

参考 https://mp.weixin.qq.com/s/Gr6YF6SzOP0hVacb4u0IBA