Build a private Docker Registry tutorial _docker

Why is it necessary to build a private registry? Well, for starters, the Docker Hub (a docker public warehouse) only allows you to have a free private version of the library (repo). Other companies are starting to offer similar services, but the price is not cheap. In addition, if you need to deploy an application for a production environment with Docker, I'm afraid you don't want to put these mirrors on the open Docker hub!

This article provides a very practical way to deal with the intricacies of building private Docker registry. We will use a very compact 512MB VPS instance running in Digitalocean (hereafter called do). And I would assume that you already know the basic concepts of Docker, because I have to concentrate on complex things!

Local Build

First you need to install Boot2docker and Docker CLI. If you have built a basic Docker environment, you can skip this step directly.

Run the following command from the terminal (I assume that you use OS X, use HomeBrew to install the software, you can install it according to your environment using different package management software):

If all goes well (for a complete guide to building a docker environment, see http://boot2docker.io/), you can now start a virtual machine in which Docker runs by using the following command:

Follow the on-screen instructions to copy and paste the Book2docker command in the terminal output. If you run docker ps the command now, the terminal will have the following display.

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

Well, Docker is ready, that's enough, let's go back and build registry.

Creating a server

Log in to your do account, select a docker mirror file, and create a new drople. (This article was written with Image > Applications > Docker 1.4.1 on 14.04)

You will receive a root user credential in the form of a mail message. Log in, and then run the docker ps command to view the system state.

Build AWS S3

We will now use the Amazo simple Storage Service (S3) as our registry/repository storage layer. We will need to create a bucket (bucket) as well as user credentials (username credentials) to allow our Docker container to access it.

Log in to our AWS account (if not, apply for a http://aws.amazon.com/) and select S3 (simpole Storage Service) at the console.

Click Create Bucket, enter a name for your bucket (write it down, we'll need it for a while), and click Create.

Ok! We've built the storage section.

Set up AWS Access credentials

We are now going to create a new user. Return to the AWS console and select IAM (Identity & Access Management).

On dashboard the left, click Users. Then select Create New Users .

As shown in the figure:

Enter a username (for example, Docker-registry) and click Create. Write down (or download a CSV file) your access key and secret access key. Go back to your user list and select the user you just created.

Under Permission section, click Attach User Policy. After the next screen, select Custom Policy.

The contents of custom policy are as follows:

{
 "Version": "2012-10-17", "
 Statement": [
  {
   "Sid": "Somestatement",
   "Effect": "Allow",
   "" Action: [
    "s3:*"
   ],
   "Resource": [
    "ARN:AWS:S3:::d ocker-registry-bucket-name/*",    
    "ARN: AWS:S3:::d ocker-registry-bucket-name "
   ]
  }
 ]
}

This configuration will allow the user (i.e. regitstry) to manipulate (read/write) the contents of the bucket (make sure to use the bucket name that you used to create the AWS S3). To sum up: when you want to push your docker image from your native computer to the warehouse, the server uploads them to the S3.

Install registry

Now look back at our do server, SSH login on it. We are going to use an official Docker registry mirror.

Enter the following command to open registry.

Docker run \ 
     e settings_flavor=s3 \
     e aws_bucket=bucket-name \
     e storage_path=/registry \
     e aws_key =your_aws_key \
     e aws_secret=your_aws_secret \
     e search_backend=sqlalchemy \
     p 5000:5000 \
     --name Registry \
     d \
     Registry

Docker will pull the required file system hierarchy (fs layers) from the Docker hub and start the daemon container (daemonised container).

Test registry

If the above works, you can ping the command, or find its contents to test the registry (although the container is still empty).

Our registry are very basic and do not provide any "The Ming" approach. Because it's not easy to add authentication (at least I don't think a deployment method is simple, like to prove you tried), I think the easiest way to "query/pull/push" The contents of a warehouse is through an unencrypted connection via an SSH channel (via HTTP).

Opening the SSH channel is simple:

Ssh-n-L 5000:localhost:5000 root@your_registry.com

This command establishes an SSH pipe connection between Port No. 5000 from the registry server (which we saw before executing the Docker Run command) to Port No. 5000 on this machine.

If you use the browser to access http://localhost:5000/v1/_ping Now, you will see a very brief reply below.

{}

This means that registry is working properly. You can also view the contents of the registry by logging in Http://localhost:5000/v1/search, similar to the following:

{
 "num_results": 2, "
 query": "",
 "results": [
  {
   "description": "",
   "name": "username/ First-repo "
  },
  {
   " description ":" ",
   " name ":" Username/second-repo "
  }
 ]
}

Create a mirror

We now create a very simple Docker mirror to test our new registry. On our computer, create a dockerfile with the following: Here's a little code, and I'll show you how to bind a rails application into a Docker container in the next article. ）：

# Ruby 2.2.0 base mirror from
ruby:2.2.0

and create it:

localhost:5000This section is very important: the first part of the Docker mirror name will tell docker push us where we are going to push our mirrors. In our case, because we want to connect the remote private registry,localhost:5000 through the SSH pipeline, we are pointing precisely to our registry.

If all goes well, you can enter docker images commands to list newly created mirrors when the command execution is returned. Execute it and see what happens?

Push to Warehouse

The next part is a better play. It took me a little time to implement what I described, so be patient if you read it for the first time, and follow me. I know that the next thing is going to be very complicated (if you don't automate the process this will be the case), but I promise you will understand it in the end. In the next article I will use a large wave of shell scripts and rake tasks to automate and deploy rails applications with simple commands.

The Docker command you run on the terminal actually uses the Boot2docker virtual machine to run the container and all sorts of things. So when you execute a docker push some_repo command like this, it's the boot2docker virtual machine that interacts with the registry, not our own machine.

Next is a very important point: to push the Docker mirror to a remote private warehouse, the SSH pipeline needs to be configured on the Boot2docker virtual machine, not on your local machine.

There are a number of ways to implement it. I'll show you the shortest one (probably not the easiest to understand, but it will help you automate)

Before that, we need to do a final bit of work on SSH.

Set SSH

Let's add Boot2docker SSH key to the "known host" of the remote server. We can do this with the Ssh-copy-id tool, and we can install it by using the following command:

And then run:

Ssh-copy-id-i/users/username/.ssh/id_boot2docker root@your-registry.com

Replace/users/username/.ssh/id_boot2docker with the real path of your SSH key.

This allows us to password-free login ssh.

Now let's test the following:

Separate elaboration:

Boot2docker SSH allows you to pass the command to a boot2docker virtual machine in the form of a parameter;

The last & indicates that the command will be executed in the background;
Ssh-o ' stricthostkeychecking no '-i/users/michelangelo/.ssh/id_boot2docker-n-l 5000:localhost:5000 Root@registry.touchwa.re & is the actual operation of the boot2docker virtual Machine command;

-O ' stricthostkeychecking no '--does not prompt for security issues;
-i/users/michelangelo/.ssh/id_boot2docker indicates which SSH key is used by the virtual machine for authentication. (Note that the key here should be the one you added to the remote warehouse before)

Finally, we will open a port 5000 map to the localhost:5000 SSH channel.

Pull from another server

You will now be able to push your image to the remote warehouse using the following simple commands:

Copy Code code as follows:

Docker Push Localhost:5000/username/repo_name

In the next article, we'll learn how to automate these transactions and actually container a rails application. Please continue listening!

If there is any mistake, please do not hesitate to point out. I wish you docker the road is smooth!

via:http://cocoahunter.com/2015/01/23/docker-2/

Author: Michelangelo Chasseur Translator: Dongshuaike proofreading: Wxy