: This article describes how to build a private dockerregistry on Ubuntu14.04. For more information about PHP tutorials, see. How to build a private docker registry on Ubuntu14.04
Address: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04
Author: Nik van der Ploeg
Translator: awenchen)
Introduction
Docker is a powerful tool for deploying servers. Docker. io provides free services for users to upload image resources to the official registry. However, this registry is open to anyone. Maybe you are reluctant to do this for a non-open source project.
This article describes how to build a private docker registry and ensure its security. At the end of this tutorial, you will upload a self-made docker image to the private registry and safely pull it down on different machines.
This tutorial does not cover how to containerize application services, but aims to guide you to create a registry to store the service resources you want to deploy. If you want to get started with docker, maybe this will help you.
Based on the Ubuntu single registry and single client mode, this tutorial has passed the test and may still run on other debian-based releases.
Docker concept
If you haven't touched docker before, it takes several minutes to familiarize yourself with the key concepts of docker. If you are comfortable with docker and want to know how to build a private registry, go to the next section.
For how a beginner can use docker, try the excellent docker notes here.
The core of docker is to separate the dependency on applications and applications from the operating system. To achieve the above purpose, docker adopts the container and image mechanism. A docker image is basically a file system template. When you run a docker image using the docker run command, an instance of the file system is activated and runs in the docker container in the system. By default, the container cannot touch the original image and the file system of the host where docker itself runs. This is an independent environment.
Any changes made to the container will be saved in the container, without affecting the original image. To retain these changes, you can use the docker commit command to save the container as an image. This means that you can use the original container to derive a new container without affecting the original container (or image. If you are familiargit
Then you will find this process very familiar: create a new branch from any container (here, the branch refers to the image in docker ). Running an image is similar to running git checkout.
Furthermore, running a private docker registry is like running a private docker image.git
Repository.
Step 1-install necessary software
On the docker registry server, you should createsudo
Permission user (if possible, also on the client ).
Docker registry ispython
Therefore, you must installpython
Development Environment and necessary libraries:
sudo apt-get updatesudo apt-get -y install build-essential python-dev libevent-dev python-pip liblzma-dev
Step 2 -- install and configure docker registry
We will usepython
Package management toolspip
:
sudo pip install docker-registry
docker-registry
The configuration file is required.
By default,pip
Place the configuration file in a remote location because the systempython
The installation location varies. Therefore, to find this path, we will try to runregistry
To view the relevant output:
gunicorn --access-logfile - --debug -k gevent -b 0.0.0.0:5000 -w 1 docker_registry.wsgi:application
Because the configuration file is not in the correct position, the above attempt will end with a failure and outputFileNotFoundError
Error message, as shown below [in some versions, the following information is not output, translator's note]:
FileNotFoundError: Heads-up! File is missing: /usr/local/lib/python2.7/dist-packages/docker_registry/lib/../../config/config.yml
registry
Contains an example configuration file in the same path. the file name isconfig_sample.yml
Therefore, we can use the path name given above to locate the sample configuration file.
Copy the path information from the error message (this is/usr/local/lib/python2.7/dist-packages/docker_registry/lib/../../config/config.yml
), And thenconfig.yml
Partially removed, so that we can switch to this path.
cd /usr/local/lib/python2.7/dist-packages/docker_registry/lib/../../config/
Setconfig_sample.yml
Copy file contentconfig.yml
Medium:
sudo cp config_sample.yml config.yml
By default,docker
Data files are stored in/tmp
Folder, but in many classesLinux
In the system, the folder is cleared when the system restarts, which is not what we want. Then, we create a permanent folder to store data:
sudo mkdir /var/docker-registry
Okay. let's Configureconfig.yml
File/tmp
To/var/docker-registry
. First, findsqlalchemy_index_database
First line near the first line of the file:
sqlalchemy_index_database:_env:SQLALCHEMY_INDEX_DATABASE:sqlite:////tmp/docker-registry.db
Direct the changes/var/docker-registry
, As shown below:
sqlalchemy_index_database:_env:SQLALCHEMY_INDEX_DATABASE:sqlite:////var/docker-registry/docker-registry.db
Down,local:
Part, repeat the above operation and change the following content:
local: &localstorage: localstorage_path: _env:STORAGE_PATH:/tmp/registry
Is:
local: &localstorage: localstorage_path: _env:STORAGE_PATH:/var/docker-registry/registry
Other default values in the sample configuration file do not need to be modified. 10 rows. However, if you want to make some complex configurations, such as using an extended storage device to store docker data, the file has this feature. Of course, this is beyond the scope of this tutorial. you can viewdocker-registry
Documentation for more help.
Now that the configuration file is in the correct position, try againdocker registry
Server:
gunicorn --access-logfile - --debug -k gevent -b 0.0.0.0:5000 -w 1 docker_registry.wsgi:application
You will see the following output:
2014-07-27 07:12:24 [29344] [INFO] Starting gunicorn 18.02014-07-27 07:12:24 [29344] [INFO] Listening at: http://0.0.0.0:5000 (29344)2014-07-27 07:12:24 [29344] [INFO] Using worker: gevent2014-07-27 07:12:24 [29349] [INFO] Booting worker with pid: 293492014-07-27 07:12:24,807 DEBUG: Will return docker-registry.drivers.file.Storage
Great! Now we have a runningdocker registry
. Run Ctrl + C to terminate the program.
So far,docker registry
It is not so useful. It will not start on its own unless we execute the abovegunicorn
Command. In addition,docker registry
No built-in authentication mechanism is introduced. Therefore, the current status is insecure and fully open to the outside.
Step 3 -- start docker registry as a Service
Create an Upstart script to setdocker registry
Start running in the system startup program.
First, create a log file directory:
sudo mkdir -p /var/log/docker-registry
Then, you can use a popular text editor to createUpstart
Script:
sudo nano /etc/init/docker-registry.conf
Write the following content to the above script:
description "Docker Registry"start on runlevel [2345]stop on runlevel [016]respawnrespawn limit 10 5script exec gunicorn --access-logfile /var/log/docker-registry/access.log --error-logfile /var/log/docker-registry/server.log -k gevent --max-requests 100 --graceful-timeout 3600 -t 3600 -b localhost:5000 -w 8 docker_registry.wsgi:applicationend script