Skip to main content

Docker

本文内容

  • 通过binary方式安装docker,并注册成服务
  • 搭建docker私有镜像仓库

背景描述

  • 所在的服务器是一个内网,无法访问到外网环境。
  • 服务器OS版本是 CentOS 7.9

安装docker

获取所需版本的docker binary包,官方链接在 https://download.docker.com/linux/static/stable/x86_64/. 在这里我选择了最新版本的 docker-24.0.7.tgz

将压缩包上传到目标服务器。

解压压缩包,并把文件放在/usr/bin/

$ tar zxvf docker-24.0.7.tgz 
docker/
docker/docker
docker/docker-init
docker/dockerd
docker/runc
docker/ctr
docker/containerd-shim-runc-v2
docker/containerd
docker/docker-proxy
$ sudo cp docker/* /usr/bin/

编写service文件

$ vim /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
## the default is not to use systemd for cgroups because the delegate issues still
## exists and systemd currently does not support the cgroup feature set required
## for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
## Having non-zero Limit*s causes performance problems due to accounting overhead
## in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
## Uncomment TasksMax if your systemd version supports it.
## Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
## set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
## kill only the docker process, not all processes in the cgroup
KillMode=process
## restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

新增用户组 docker。其他用户需要有docker的执行权限,只需将用户加入docker用户组即可

$ sudo groupadd docker
$ sudo usermod -aG docker $USER

启动docker service,并设置开机自启动

$ sudo chmod +x /etc/systemd/system/docker.service
$ sudo systemctl daemon-reload
$ sudo systemctl start docker
$ sudo systemctl enable docker

验证

$ systemctl status docker                                                         
● docker.service - Docker Application Container Engine
Loaded: loaded (/etc/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2023-12-24 02:13:06 EST; 1min 1s ago
Docs: https://docs.docker.com
Main PID: 1764 (dockerd)
CGroup: /system.slice/docker.service
├─1764 /usr/bin/dockerd
└─1771 containerd --config /var/run/docker/containerd/containerd.toml
$ docker -v
Docker version 24.0.7, build afdd53b

搭建docker私有镜像仓库

在一台可以访问到外网的服务器上面准备registry镜像包

$ docker pull registry
Using default tag: latest
latest: Pulling from library/registry
c926b61bad3b: Pull complete
5501dced60f8: Pull complete
e875fe5e6b9c: Pull complete
21f4bf2f86f9: Pull complete
98513cca25bb: Pull complete
Digest: sha256:0a182cb82c93939407967d6d71d6caf11dcef0e5689c6afe2d60518e3b34ab86
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
$ docker save -o registry.tar registry
$ gzip registry.tar

上传镜像包registry.tar.gz到目标服务器

解压加载镜像

$ gunzip registry.tar.gz 
$ docker load < registry.tar
4693057ce236: Loading layer [==================================================>] 7.626MB/7.626MB
f4285c491509: Loading layer [==================================================>] 771.6kB/771.6kB
90d6ca1e837f: Loading layer [==================================================>] 16.2MB/16.2MB
f79c4d8837b6: Loading layer [==================================================>] 4.096kB/4.096kB
85f82aceeda3: Loading layer [==================================================>] 2.048kB/2.048kB
Loaded image: registry:2.8.2
9fe9a137fd00: Loading layer [==================================================>] 7.63MB/7.63MB
d9bce47b357e: Loading layer [==================================================>] 771.6kB/771.6kB
afcdb1715fb3: Loading layer [==================================================>] 17.55MB/17.55MB
9f383ae4f64d: Loading layer [==================================================>] 4.096kB/4.096kB
645ddea72735: Loading layer [==================================================>] 2.048kB/2.048kB
Loaded image: registry:latest

启动私有镜像仓库容器

$ sudo mkdir -p /data/registry
$ docker run -itd -v /data/registry/:/docker/registry -p 5000:5000 --restart=always --name private-registry registry:latest
98cb5c25871b94420418094efb19f36c45c7fbe18274229e9f8c4b00328ec180

参数说明

-itd:在容器中打开一个伪终端进行交互操作,并在后台运行
-v:映射目录, 将宿主机的/data/registry 映射到容器的/dcoker/registry
-p:映射端口, 将宿主机的5000端口映射到容器的5000端口

测试上传镜像到private-registry

$ docker tag registry 127.0.0.1:5000/registry
$ docker push 127.0.0.1:5000/registry
Using default tag: latest
The push refers to repository [127.0.0.1:5000/registry]
645ddea72735: Pushed
9f383ae4f64d: Pushed
afcdb1715fb3: Pushed
d9bce47b357e: Pushed
9fe9a137fd00: Pushed
latest: digest: sha256:860f379a011eddfab604d9acfe3cf50b2d6e958026fb0f977132b0b083b1a3d7 size: 1363

测试下载镜像

$ docker rmi 127.0.0.1:5000/registry
Untagged: 127.0.0.1:5000/registry:latest
Untagged: 127.0.0.1:5000/registry@sha256:860f379a011eddfab604d9acfe3cf50b2d6e958026fb0f977132b0b083b1a3d7
$ docker pull 127.0.0.1:5000/registry
Using default tag: latest
latest: Pulling from registry
Digest: sha256:860f379a011eddfab604d9acfe3cf50b2d6e958026fb0f977132b0b083b1a3d7
Status: Downloaded newer image for 127.0.0.1:5000/registry:latest
127.0.0.1:5000/registry:latest

查看私有仓库镜像

$ curl http://localhost:5000/v2/_catalog
{"repositories":["registry"]}