1 搭建私有仓库
使用docker run的时候,先查找本地仓库,如果本地没有,会向公共仓库发起申请,找到对应版本, 下载后运行这个镜像的实例。
[root@localhost ~]#
[root@localhost ~]# docker run -d -p 5000:5000 registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
4064ffdc82fe: Pull complete
c12c92d1c5a2: Pull complete
4fbc9b6835cc: Pull complete
765973b0f65f: Pull complete
3968771a7c3a: Pull complete
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:latest
1ecea934119bfd43c0f960740197db8410bcf317c9bcdb005a7c28d720de51f7
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1ecea934119b registry "/entrypoint.sh /etc…" 19 seconds ago Up 17 seconds 0.0.0.0:5000->5000/tcp infallible_bartik
6af5902d98c0 nginx "nginx -g 'daemon of…" 20 hours ago Up 20 hours 0.0.0.0:80->80/tcp nginx
4bc701965bca ansible/centos7-ansible "/bin/bash" 21 hours ago Up 21 hours ws
关系:注册服务器存放仓库的服务器,一个服务器上有多个仓库,仓库可分为公共仓库和私有仓库,一个仓库里可以有多个镜像,而容器是镜像的实例。 注册服务器(repository) 仓库(registry) 镜像(image) 容器(container)
2 使用dockerfile来创建自己的镜像 运行一个python程序,用于flask访问redis, dockerfile
[root@localhost dockerfile]# more Dockerfile
From python:2.7-slim
WORKDIR /app
ADD . /app
RUN pip install --trusted-host pypi.python.org -r requirements.txt
EXPOSE 80
ENV NAME World
CMD ["python","app.py"]
说明: dockerfile第一行必须指定基础的镜像,此处的dockerfile就是以python2.7-slim为基础镜像,当指定为基础镜像的时候使用着急字为FROM WORKDIR表示指定工作目录,主要是为了在使用RUN,CMD,ENTRYPOINT指定工作目录,在指定目录的时候,如果没有以/开头那么表示为相对路径,如果指定了是使用的绝对路径。 ADD表示复制指定的源文件到容器的目录路径之中,在使用COPY的时候也是复制,只是相对于dockerfile的相对路径。 RUN后面如果直接是命令,表示在shell中直接运行的命令,使用/bin/sh -c来直接运行这个命令;以上的RUN也可以修改为 RUN["executable","pip install --trusted-host pypi.python.org -r requirements.txt"],这步的主要目的就是安装相关的python模块文件redis和flask。
EXPOSE表示为容器对外的端口,在启动容器时,可使用-P参数来指定容器的端口隐射关系。
ENV表示设定环境变量,会被RUN使用到,并且在容器运行的时候保持。
CMD表示指定容器启动时的命令,表示容器运行之后,运行python app.py
dockerfile写完后,就需要创建一个app依赖的模块文件,requirements.txt.
[root@localhost dockerfile]# cat requirements.txt
Flask
Redis
flask的程序,监听端口80
from flask import Flask
from redis import Redis, RedisError
import os
import socket
redis = Redis(host="redis", db=0, socket_connect_timeout=2, socket_timeout=2)
app = Flask(__name__)
@app.route("/")
def hello():
try:
visits = redis.incr("counter")
except RedisError:
visits = "<i>cannot connect to Redis, counter disabled</i>"
html = "<h3>Hello {name}!</h3>" \
"<b>Hostname:</b> {hostname}<br/>" \
"<b>Visits:</b> {visits}"
return html.format(name=os.getenv("NAME", "world"), hostname=socket.gethostname(), visits=visits)
if __name__ == "__main__":
app.run(host='0.0.0.0', port=80)
开始编译镜像,使用参数未build, -t 表示为这个镜像打上标签。
[root@localhost dockerfile]# docker build -t kel/python .
Sending build context to Docker daemon 4.608kB
Step 1/7 : From python:2.7-slim
---> 40792d8a2d6d
Step 2/7 : WORKDIR /app
---> Using cache
---> 9aa8427b4473
Step 3/7 : ADD . /app
---> b45825ac6286
Step 4/7 : RUN pip install --trusted-host pypi.python.org -r requirements.txt
---> Running in b5abce805944
Collecting Flask (from -r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/7f/e7/08578774ed4536d3242b14dacb4696386634607af824ea997202cd0edb4b/Flask-1.0.2-py2.py3-none-any.whl (91kB)
Collecting Redis (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/3b/f6/7a76333cf0b9251ecf49efff635015171843d9b977e4ffcf59f9c4428052/redis-2.10.6-py2.py3-none-any.whl (64kB)
Collecting itsdangerous>=0.24 (from Flask->-r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/dc/b4/a60bcdba945c00f6d608d8975131ab3f25b22f2bcfe1dab221165194b2d4/itsdangerous-0.24.tar.gz (46kB)
Collecting Jinja2>=2.10 (from Flask->-r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/7f/ff/ae64bacdfc95f27a016a7bed8e8686763ba4d277a78ca76f32659220a731/Jinja2-2.10-py2.py3-none-any.whl (126kB)
Collecting Werkzeug>=0.14 (from Flask->-r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl (322kB)
Collecting click>=5.1 (from Flask->-r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/34/c1/8806f99713ddb993c5366c362b2f908f18269f8d792aff1abfd700775a77/click-6.7-py2.py3-none-any.whl (71kB)
Collecting MarkupSafe>=0.23 (from Jinja2>=2.10->Flask->-r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/MarkupSafe-1.0.tar.gz
Building wheels for collected packages: itsdangerous, MarkupSafe
Running setup.py bdist_wheel for itsdangerous: started
Running setup.py bdist_wheel for itsdangerous: finished with status 'done'
Stored in directory: /root/.cache/pip/wheels/2c/4a/61/5599631c1554768c6290b08c02c72d7317910374ca602ff1e5
Running setup.py bdist_wheel for MarkupSafe: started
Running setup.py bdist_wheel for MarkupSafe: finished with status 'done'
Stored in directory: /root/.cache/pip/wheels/33/56/20/ebe49a5c612fffe1c5a632146b16596f9e64676768661e4e46
Successfully built itsdangerous MarkupSafe
Installing collected packages: itsdangerous, MarkupSafe, Jinja2, Werkzeug, click, Flask, Redis
Successfully installed Flask-1.0.2 Jinja2-2.10 MarkupSafe-1.0 Redis-2.10.6 Werkzeug-0.14.1 click-6.7 itsdangerous-0.24
Removing intermediate container b5abce805944
---> 02714dab17f4
Step 5/7 : EXPOSE 80
---> Running in f94efe4e46bd
Removing intermediate container f94efe4e46bd
---> e840cecd9caa
Step 6/7 : ENV NAME World
---> Running in 70b93f89f4c7
Removing intermediate container 70b93f89f4c7
---> 9c68b818afaa
Step 7/7 : CMD ["python","app.py"]
---> Running in d9da30b0b576
Removing intermediate container d9da30b0b576
---> a5195d8da32f
Successfully built a5195d8da32f
Successfully tagged kel/python:latest
[root@localhost dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kel/python latest a5195d8da32f 21 seconds ago 132MB
python 2.7-slim 40792d8a2d6d 27 hours ago 120MB
registry latest b2b03e9146e1 3 weeks ago 33.3MB
在进行push到私有仓库前,必须打tag,标记相关的ip和端口
[root@localhost dockerfile]# docker tag kel/python 192.168.10.138:5000/python
[root@localhost dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.10.138:5000/python latest a5195d8da32f 14 minutes ago 132MB
kel/python latest a5195d8da32f 14 minutes ago 132MB
python 2.7-slim 40792d8a2d6d 28 hours ago 120MB
registry latest b2b03e9146e1 3 weeks ago 33.3MB
[root@localhost dockerfile]# docker push 192.168.10.138:5000/python
The push refers to repository [192.168.10.138:5000/python]
Get https://192.168.10.138:5000/v2/: http: server gave HTTP response to HTTPS client
报错解决办法:
[root@localhost dockerfile]# more /etc/docker/daemon.json
{ "insecure-registries":["192.168.10.138:5000"]}
重启docker
[root@localhost dockerfile]# systemctl restart docker
再执行
[root@localhost dockerfile]# docker push 192.168.10.138:5000/python
The push refers to repository [192.168.10.138:5000/python]
b6c1f6c6568c: Pushed
0c70e341e949: Pushed
d3f4638c4576: Pushed
1ea4f6a807ba: Pushed
fda4dc055a55: Pushed
e8fc09a140cf: Pushed
cdb3f9544e4c: Pushed
latest: digest: sha256:8c4d21d7124ecdf3751aa3df52d40f213154cb439465f023f19b2e71ddf89d46 size: 1787
registry使用的是v2版本,从而和v1的api接口不一样,默认存储路径为:
[root@localhost dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
94cd1c5420cd registry "/entrypoint.sh /etc…" About a minute ago Up About a minute 0.0.0.0:5000->5000/tcp dreamy_sinoussi
[root@localhost dockerfile]# docker exec -it 94cd1c5420cd sh
/ # ls /var/lib/registry/docker/registry/v2/repositories/python/
_layers _manifests _uploads
/ # ls -l /var/lib/registry/docker/registry/v2/repositories/python/
total 0
drwxr-xr-x 3 root root 20 Aug 2 03:20 _layers
drwxr-xr-x 4 root root 35 Aug 2 03:20 _manifests
drwxr-xr-x 2 root root 6 Aug 2 03:20 _uploads
这个也就是刚刚上传的镜像文件,使用curl可以来进行检查查看(api文档路径https://docs.docker.com/registry/spec/api/):
[root@localhost dockerfile]# curl http://192.168.10.138:5000/v2
<a rel="nofollow" href="/v2/">Moved Permanently</a>.
[root@localhost dockerfile]# curl http://192.168.10.138:5000/v2/python/tags/list
{"name":"python","tags":["latest"]}
看以上的ip地址问本宿主机的ip地址, 查看本地的监听端口和容器的监听端口:
[root@localhost dockerfile]# netstat -ntlp | grep docker
tcp 0 0 192.168.10.138:10010 0.0.0.0:* LISTEN 12330/docker-contai
tcp6 0 0 :::5000 :::* LISTEN 12738/docker-proxy
[root@localhost dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
94cd1c5420cd registry "/entrypoint.sh /etc…" 2 hours ago Up 2 hours 0.0.0.0:5000->5000/tcp dreamy_sinoussi
[root@localhost dockerfile]# docker exec -it 94cd1c5420cd sh
/ # netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::5000 :::* LISTEN 1/registry
/ # ps -ef
PID USER TIME COMMAND
1 root 0:02 registry serve /etc/docker/registry/config.yml
44 root 0:00 sh
63 root 0:00 sh
71 root 0:00 ps -ef
/ #
docker的地址也可以直接访问
[root@localhost dockerfile]# docker exec -it 94cd1c5420cd sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4660 errors:0 dropped:0 overruns:0 frame:0
TX packets:3712 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:48628007 (46.3 MiB) TX bytes:264393 (258.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # exit
[root@localhost dockerfile]# curl http://172.17.0.2:5000/v2/python/tags/list
{"name":"python","tags":["latest"]}
创建容器
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.10.138:5000/python latest a5195d8da32f 4 hours ago 132MB
kel/python latest a5195d8da32f 4 hours ago 132MB
<none> <none> b23c1ee6391c 19 hours ago 120MB
python 2.7-slim 40792d8a2d6d 31 hours ago 120MB
registry latest b2b03e9146e1 3 weeks ago 33.3MB
[root@localhost ~]# docker run -itd -p 80:80 kel/python
cb49a91fc1af36d1231522d5655b1575f22707b488be991c603fc27be3b1ee9c
参考 https://mp.weixin.qq.com/s/Gr6YF6SzOP0hVacb4u0IBA