search

lmquang / til

0 stars 0 forks source link

Docker registry #1

Open lmquang opened 8 years ago

lmquang commented 8 years ago

Summary

The Docker toolset to pack, ship, store, and deliver content.

This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-registry project with a new API design, focused around security and performance.

To be simple

Server

Simply, just run below command:

$ docker run -d -p 5000:5000 --restart=always --name registry registry:2

Client

Get any image from the hub and tag it to point to your registry:

$ docker pull ubuntu && docker tag ubuntu your-domain:5000/ubuntu

$ docker push your-domain/ubuntu

$ docker pull your-domain:5000/ubuntu

Running a domain registry

While running on localhost has its uses, most people want their registry to be more widely available. To do so, the Docker engine requires you to secure it using TLS, which is conceptually very similar to configuring your web server with SSL.

Server

Lets create a directory to save some items related to.

$ mkdir registry && cd registry && mkdir certs && mkdir data && mkdir auth

First of all, lets create htpasswd file so that client can login to this hub.

$ docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd

And now, lets copy or create your own domain.crt and domain.key and save it into certs/

$ openssl req \ -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ -x509 -days 365 -out certs/domain.crt

Then, we need to create docker-compose.yml:

registry:
  restart: always
  image: registry:2
  ports:
    - 443:5000
  environment:
    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
    REGISTRY_HTTP_TLS_KEY: /certs/domain.key
    REGISTRY_HTTP_SECRET: someRandomSecret
    REGISTRY_AUTH: htpasswd
    REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
  volumes:
    - ~/docker_registry_tls/data:/var/lib/registry
    - ~/docker_registry_tls/certs:/certs
    - ~/docker_registry_tls/auth:/auth

And run, $ docker-compose up -d

That's all, now you can login to your hub to push, pull

Client

You need to login

$ docker login your-domain/ubuntu

Issue

You may get some troubles like:

FATA[0000] Error response from daemon: v1 ping attempt failed with error:
Get https://myregistrydomain.com:5000/v1/_ping: tls: oversized record received with length 20527.
If this private registry supports only HTTP or HTTPS with an unknown CA certificate,please add
`--insecure-registry myregistrydomain.com:5000` to the daemon's arguments.
In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag;
simply place the CA certificate at /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt

Solution

$ cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt
update-ca-certificates
$ cp certs/domain.crt /etc/pki/ca-trust/source/anchors/myregistrydomain.com.crt
update-ca-trust
$ update-ca-trust enable

or You can open /etc/default/docker and add the following at the end:

DOCKER_OPTS="$DOCKER_OPTS --insecure-registry <your-domain>"

Note:

If you use boot2docker (Mac), you may do some steps below:

$ docker-machine ssh <your-machine>
$ cd /var/lib/boot2docker && sudo vi profile

and you need to add --insecure-registry=<your-domain> (dont need to include port if your hub server use port 443) inside EXTRA_ARGS like:

EXTRA_ARGS='
--label provider=virtualbox
--insecure-registry=<your-domain>
'

Exit and docker-machine restart <your-machine>.

Now you can login to your hub and pull-push your image.

kartikvvashishta commented 8 years ago

http://pastebin.com/VRamCN2G

lmquang commented 8 years ago

hi @kartikvvashishta , on your server test60 , you can try to config 1 more step:

You can open /etc/default/docker and add the following at the end:
DOCKER_OPTS="$DOCKER_OPTS --insecure-registry <your-domain>"

Then restart your docker:

service docker restart

And try to login again.

P/s: you need to login first, then you are able to push or pull from your docker registry server

kartikvvashishta commented 8 years ago

That seemed to have worked: [root@test60 ~]# docker push test223.kartikv.com:5000/ubuntu:latest The push refers to a repository [test223.kartikv.com:5000/ubuntu] eb33f051084b: Image successfully pushed 3e907de58acd: Image successfully pushed b04095771c04: Image successfully pushed 3d865816fc94: Already exists Pushing tag for rev [cf62323fa025] on {http://test223.kartikv.com:5000/v1/repositories/ubuntu/tags/latest}

But I cannot see it on test223 (private repository): [root@test223 registry]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hyper/docker-registry-web latest 4a563a6150b6 4 days ago 608.6 MB hello-world latest c54a2cc56cbb 2 weeks ago 1.848 kB registry 2 8ff6a4aae657 5 weeks ago 171.5 MB registry latest bca04f698ba8 5 months ago 422.8 MB

lmquang commented 8 years ago

hi @kartikvvashishta , docker registry save image which is pushed from another server to inside registry container, it doesn't save to docker engine, so that you can not check by command docker images.

But you can check image is pushed or not by using docker pull on other server.

kartikvvashishta commented 8 years ago

Makes sense and THANK YOU VERY MUCH, I pulled from another server and got this message: [root@test88 ~]# docker pull test223.kartikv.com:5000/ubuntu:latest Trying to pull repository test223.kartikv.com:5000/ubuntu ... Pulling repository test223.kartikv.com:5000/ubuntu cf62323fa025: Pull complete 3d865816fc94: Pull complete 85a95b54afff: Pull complete 7fa7239938e0: Pull complete Status: Downloaded newer image for test223.kartikv.com:5000/ubuntu:latest test223.kartikv.com:5000/ubuntu: this image was pulled from a legacy registry. Important: This registry version will not be supported in future versions of docker. [root@test88 ~]#

will this version of registry not be supported I am using the latest version though.

THANK YOU FOR ALL YOUR HELP

lmquang commented 8 years ago

Yes, no problem friend :)

kartikvvashishta commented 8 years ago

http://pastebin.com/ZinZL66p

lmquang commented 8 years ago

hi @kartikvvashishta , maybe this is command that you want:

docker run -d -p 8080:8080 --link <ur-container-registry-name>:docker-registry-v2 -e REGISTRY_HOST=docker-registry-v2  --name docker-registry-web --restart=always hyper/docker-registry-web
kartikvvashishta commented 8 years ago

@ivkean you are indeed correct, the answer you have provided is nothing but correct: https://hub.docker.com/r/hyper/docker-registry-web/