How to build a private dockerregistry on Ubuntu14.04

: This article describes how to build a private dockerregistry on Ubuntu14.04. For more information about PHP tutorials, see. How to build a private docker registry on Ubuntu14.04

Address: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04

Author: Nik van der Ploeg

Translator: awenchen)

Introduction

Docker is a powerful tool for deploying servers. Docker. io provides free services for users to upload image resources to the official registry. However, this registry is open to anyone. Maybe you are reluctant to do this for a non-open source project.

This article describes how to build a private docker registry and ensure its security. At the end of this tutorial, you will upload a self-made docker image to the private registry and safely pull it down on different machines.

This tutorial does not cover how to containerize application services, but aims to guide you to create a registry to store the service resources you want to deploy. If you want to get started with docker, maybe this will help you.

Based on the Ubuntu single registry and single client mode, this tutorial has passed the test and may still run on other debian-based releases.

Docker concept

If you haven't touched docker before, it takes several minutes to familiarize yourself with the key concepts of docker. If you are comfortable with docker and want to know how to build a private registry, go to the next section.

For how a beginner can use docker, try the excellent docker notes here.

The core of docker is to separate the dependency on applications and applications from the operating system. To achieve the above purpose, docker adopts the container and image mechanism. A docker image is basically a file system template. When you run a docker image using the docker run command, an instance of the file system is activated and runs in the docker container in the system. By default, the container cannot touch the original image and the file system of the host where docker itself runs. This is an independent environment.

Any changes made to the container will be saved in the container, without affecting the original image. To retain these changes, you can use the docker commit command to save the container as an image. This means that you can use the original container to derive a new container without affecting the original container (or image. If you are familiargitThen you will find this process very familiar: create a new branch from any container (here, the branch refers to the image in docker ). Running an image is similar to running git checkout.

Furthermore, running a private docker registry is like running a private docker image.gitRepository.

Step 1-install necessary software

On the docker registry server, you should createsudoPermission user (if possible, also on the client ).

Docker registry ispythonTherefore, you must installpythonDevelopment Environment and necessary libraries:

sudo apt-get updatesudo apt-get -y install build-essential python-dev libevent-dev python-pip liblzma-dev

Step 2 -- install and configure docker registry

We will usepythonPackage management toolspip:

sudo pip install docker-registry

docker-registryThe configuration file is required.

By default,pipPlace the configuration file in a remote location because the systempythonThe installation location varies. Therefore, to find this path, we will try to runregistryTo view the relevant output:

gunicorn --access-logfile - --debug -k gevent -b 0.0.0.0:5000 -w 1 docker_registry.wsgi:application

Because the configuration file is not in the correct position, the above attempt will end with a failure and outputFileNotFoundErrorError message, as shown below [in some versions, the following information is not output, translator's note]:

FileNotFoundError: Heads-up! File is missing: /usr/local/lib/python2.7/dist-packages/docker_registry/lib/../../config/config.yml

registryContains an example configuration file in the same path. the file name isconfig_sample.ymlTherefore, we can use the path name given above to locate the sample configuration file.

Copy the path information from the error message (this is/usr/local/lib/python2.7/dist-packages/docker_registry/lib/../../config/config.yml), And thenconfig.ymlPartially removed, so that we can switch to this path.

cd /usr/local/lib/python2.7/dist-packages/docker_registry/lib/../../config/

Setconfig_sample.ymlCopy file contentconfig.ymlMedium:

sudo cp config_sample.yml config.yml

By default,dockerData files are stored in/tmpFolder, but in many classesLinuxIn the system, the folder is cleared when the system restarts, which is not what we want. Then, we create a permanent folder to store data:

sudo mkdir /var/docker-registry

Okay. let's Configureconfig.ymlFile/tmpTo/var/docker-registry. First, findsqlalchemy_index_databaseFirst line near the first line of the file:

sqlalchemy_index_database:_env:SQLALCHEMY_INDEX_DATABASE:sqlite:////tmp/docker-registry.db

Direct the changes/var/docker-registry, As shown below:

sqlalchemy_index_database:_env:SQLALCHEMY_INDEX_DATABASE:sqlite:////var/docker-registry/docker-registry.db

Down,local:Part, repeat the above operation and change the following content:

local: &localstorage: localstorage_path: _env:STORAGE_PATH:/tmp/registry

Is:

local: &localstorage: localstorage_path: _env:STORAGE_PATH:/var/docker-registry/registry

Other default values in the sample configuration file do not need to be modified. 10 rows. However, if you want to make some complex configurations, such as using an extended storage device to store docker data, the file has this feature. Of course, this is beyond the scope of this tutorial. you can viewdocker-registryDocumentation for more help.

Now that the configuration file is in the correct position, try againdocker registryServer:

gunicorn --access-logfile - --debug -k gevent -b 0.0.0.0:5000 -w 1 docker_registry.wsgi:application

You will see the following output:

2014-07-27 07:12:24 [29344] [INFO] Starting gunicorn 18.02014-07-27 07:12:24 [29344] [INFO] Listening at: http://0.0.0.0:5000 (29344)2014-07-27 07:12:24 [29344] [INFO] Using worker: gevent2014-07-27 07:12:24 [29349] [INFO] Booting worker with pid: 293492014-07-27 07:12:24,807 DEBUG: Will return docker-registry.drivers.file.Storage

Great! Now we have a runningdocker registry. Run Ctrl + C to terminate the program.

So far,docker registryIt is not so useful. It will not start on its own unless we execute the abovegunicornCommand. In addition,docker registryNo built-in authentication mechanism is introduced. Therefore, the current status is insecure and fully open to the outside.

Step 3 -- start docker registry as a Service

Create an Upstart script to setdocker registryStart running in the system startup program.

First, create a log file directory:

sudo mkdir -p /var/log/docker-registry

Then, you can use a popular text editor to createUpstartScript:

sudo nano /etc/init/docker-registry.conf

Write the following content to the above script:

description "Docker Registry"start on runlevel [2345]stop on runlevel [016]respawnrespawn limit 10 5script    exec gunicorn --access-logfile /var/log/docker-registry/access.log --error-logfile /var/log/docker-registry/server.log -k gevent --max-requests 100 --graceful-timeout 3600 -t 3600 -b localhost:5000 -w 8 docker_registry.wsgi:applicationend script