registry搭建及镜像管理

registry 的搭建

docker pull registry:2

docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --name myregistry registry:2

Registry服务默认会将上传的镜像保存在容器的/var/lib/registry，我们将主机的/opt/registry目录挂载到该目录，即可实现将镜像保存到主机的/opt/registry目录了

##浏览器访问测试

http://127.0.0.1:5000/v2

出现 {} 为正常



##上传镜像测试

docker tag nginx:latest localhost:5000/nginx:latest  


docker push localhost:5000/nginx:latest


##查看上传的镜像
http://127.0.0.1:5000/v2/_catalog 查看私有仓库目录
{"repositories":["nginx"]}  

镜像操作

##推送一个镜像到registry

docker push <registry_ip>:<registry_port>/<image_name>:<image_tag>
docker push 192.168.37.100:5000/busybox:0.0.1


##从registry拉取一个镜像
docker pull <registry_ip>:<registry_port>/<image_name>:<image_tag>
docker pull 192.168.37.100:5000/busybox:0.0.1


##在registry中搜索一个镜像
通过Registry V2的REST API去查询,列出所有的镜像仓库（repositories):
curl -X GET http://<registry_ip>:<registry_port>/v2/_catalog
curl -X GET http://192.168.37.100:5000/v2/_catalog


[aipf@O2 nginx]$ curl  -X GET http://localhost:5000/v2/_catalog
{"repositories":["nginx","registry"]}

##列出指定镜像的所有标签

curl -X GET http://<registry_ip>:<registry_port>/v2/<image_name>/tags/list

[aipf@O2 nginx]$ curl  -X GET http://localhost:5000/v2/nginx/tags/list 
{"name":"nginx","tags":null}


[aipf@O2 nginx]$ curl  -X GET http://localhost:5000/v2/registry/tags/list
{"name":"registry","tags":["latest"]}



##删除registry中的镜像

删除registry比较复杂，需要先查到指定标签的镜像的digest (sha256校验和），再根据这个digest来删除.


curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET  http://localhost:5000/v2/registry/manifests/latest    >&1 | grep Docker-Content-Digest | awk '{print ($3)}'
curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET  http://localhost:5000/v2/registry/manifests/latest    >&1 | grep Docker-Content-Digest | awk '{print ($3)}'

*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 5000 (#0)
> GET /v2/registry/manifests/latest HTTP/1.1
> Host: localhost:5000
> User-Agent: curl/7.58.0
> Accept: application/vnd.docker.distribution.manifest.v2+json
> 
< HTTP/1.1 200 OK
< Content-Length: 1363
< Content-Type: application/vnd.docker.distribution.manifest.v2+json
< Docker-Content-Digest: sha256:b1165286043f2745f45ea637873d61939bff6d9a59f76539d6228abf79f87774
< Docker-Distribution-Api-Version: registry/2.0
< Etag: "sha256:b1165286043f2745f45ea637873d61939bff6d9a59f76539d6228abf79f87774"
< X-Content-Type-Options: nosniff
< Date: Sat, 26 Oct 2019 10:33:33 GMT
< 
{ [1363 bytes data]
* Connection #0 to host localhost left intact

###执行以下命令，根据digest删除镜像：
curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X DELETE http://localhost:5000/v2/registry/manifests/sha256:b1165286043f2745f45ea637873d61939bff6d9a59f76539d6228abf79f87774


##这里的删除镜像只是删除了一些元数据，需要执行下面的垃圾回收才能真正地从硬盘上删除镜像数据。因为缺省Docker private registry不允许删除镜像
进入容器，修改容器配置

vi /etc/docker/registry/config.yml

在storage下面添加

delete:
enabled: true


###完整示例
cat  /etc/docker/registry/config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
  delete: 
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3


#### 或使用
#查看默认配置
docker exec -it  registry sh -c 'cat /etc/docker/registry/config.yml'
#开启删除(添加  delete: enabled: true)
docker exec -it  registry sh -c "sed -i '/storage:/a\  delete:' /etc/docker/registry/config.yml"
docker exec -it  registry sh -c "sed -i '/delete:/a\    enabled: true' /etc/docker/registry/config.yml"
#重启
docker restart registry



##重启容器
docker  restart   容器id


##进入容器，运行垃圾回收机制
registry garbage-collect /etc/docker/registry/config.yml

查询镜像

curl <仓库地址> /v2/_catalog

查询镜像tag(版本)

curl <仓库地址> /v2/ <镜像名> /tags/list

删除镜像API

curl -I -X DELETE " <仓库地址> /v2/ <镜像名> /manifests/ <镜像digest_hash> "

获取镜像digest_hash

curl <仓库地址> /v2/ <镜像名> /manifests/ --header "Accept: application/vnd.docker.distribution.manifest.v2+json"

使用:
复制代码保存为 img_registry.sh
sh img_registry.sh -h #查看帮助

HUB=hub.test.com:5000 改为自己的地址

#!/bin/bash
#cnetos7,docker-ce v17.12.0,registry v2.6.2
#Docker registry 私有仓库镜像查询、删除、上传、下载

#Author  Elven <[email protected]>
#Blog    http://www.cnblogs.com/elvi/p/8384675.html

#root
[[ $UID -ne 0 ]] && { echo "Run in root user !";exit; }
#need jq ,get json data
[[ -f /usr/bin/jq ]] || { echo 'install jq';yum install -y jq &>/dev/null; }

#参数 variable
#registry容器名称,默认registry
RN=${RN:-registry}
#访问网址,默认localhost:5000
HUB=${HUB:-localhost:5000}
HUB=hub.test.com:5000

#检测 check
function Check_hub() {
[[ `curl -s $HUB/v2/_catalog` == "Failed connect" ]] && { echo -e "\033[31m$HUB 访问失败\033[0m";exit;  }
}

#查询images
function Select_img() {
IMG=$(curl -s $HUB/v2/_catalog |jq .repositories |awk -F'"' '{for(i=1;i<=NF;i+=2)$i=""}{print $0}')
[[ $IMG = "" ]] && { echo -e "\033[31m$HUB 没有docker镜像\033[0m";exit; }
#echo "$HUB Docker镜像："
for n in $IMG;
  do
  TAG=$(curl -s http://$HUB/v2/$n/tags/list |jq .tags |awk -F'"' '{for(i=1;i<=NF;i+=2)$i=""}{print $0}')
    for t in $TAG;
    do
      echo "$n:$t";
    done
done
}

#删除images
function Delete_img() {
for n in $IMGS;
do
  IMG=${n%%:*}
  TAG=${n##*:}
  i=1
  [[ "$IMG" == "$TAG" ]] && { TAG=latest; n="$n:latest"; }
  Digest=`curl  --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -Is  ${HUB}/v2/${IMG}/manifests/${TAG} |awk '/Digest/ {print $NF}'`
  [[ -z "$Digest" ]] && { echo -e "\033[31m$IMG:$TAG  镜像不存在\033[0m";} || { 
    URL="${HUB}/v2/${IMG}/manifests/${Digest}"
    Rs=$(curl -Is -X DELETE ${URL%?}|awk '/HTTP/ {print $2}')
    [[ $Rs -eq 202 ]] && { let i++;echo "$n  删除成功"; } || { echo -e "\033[31m$n  删除失败\033[0m"; } }
done
#registry垃圾回收 RN=registry
[[ "$i" -gt 1 ]] && { echo "Clean...";docker exec ${RN} /bin/registry garbage-collect /etc/docker/registry/config.yml &>/dev/null;docker restart ${RN} &>/dev/null; }
}

#删除镜像所在目录(清除所有 -dd .* )
#简单高效,删库跑路，必备技能
function Delete_img_a() {
[[ -f /usr/bin/docker ]] || echo 'No docker !'
[[ -z $(docker ps |awk '/'$RN'/ {print $NF}') ]] && { echo "$RN容器不存在!";exit; }
for n in $IMGS;
do
  IMG="${n%%:*}"
  docker exec $RN rm -rf /var/lib/registry/docker/registry/v2/repositories/$IMG
done
echo '清理 Clean ...'
docker exec $RN bin/registry garbage-collect /etc/docker/registry/config.yml &>/dev/null
docker restart $RN &>/dev/null
}

#上传 push
function Push() {
for IMG in $IMGS;
do
  echo -e "\033[33m docker push $IMG to $HUB \033[0m"
  docker tag $IMG $HUB/$IMG
  docker push $HUB/$IMG
  docker rmi $HUB/$IMG &>/dev/null
done
}

#下载 pull
function Pull() {
for IMG in $IMGS;
do
  echo -e "\033[33m dokcer pull $IMG from $HUB \033[0m"
  docker pull $HUB/$IMG
  docker tag $HUB/$IMG $IMG
  docker rmi $HUB/$IMG &>/dev/null
done
}

case "$1" in 
  "-h")
  echo  
  echo "#默认查询images"
  echo "sh $0 -h #帮助 -d #删除 -dd #清理空间"
  echo "    -pull img1 img2 #下载 -push #上传"
  echo 
  echo "#示例：删除 nginx:1.1 nginx:1.2 (镜像名:版本)"
  echo "sh $0 -d nginx:1.1 nginx:1.2 "
  echo "sh $0 -dd nginx #删除nginx所有版本"
  echo 
  echo "#定义仓库url地址hub.test.com:5000(默认 localhost:5000)"
  echo "env HUB=hub.test.com:5000 /bin/sh $0 -d nginx:1.1 "
  echo  
;;
  "-d")
  Check_hub
  IMGS=${*/-dd/}
  IMGS=${IMGS/-d/}
  Delete_img
;;
  "-dd")
  Check_hub
  IMGS=${*/-dd/}
  IMGS=${IMGS/-d/}
  Delete_img_a
;;
  "-pull")
  IMGS=${*/-pull/}
  Pull
;;
  "-push")
  IMGS=${*/-push/}
  Push
;;
  *)
  Check_hub
  Select_img
;;
esac

没配置https,非本机，需要配置安全地址才能使用

docker私有仓库设置(hub.test.com:5000替换为自己的地址)

SetOPTS=" --insecure-registry hub.test.com:5000"
sed  -i "s#^ExecStart.*#& $SetOPTS #" /usr/lib/systemd/system/docker.service
grep 'ExecStart' /usr/lib/systemd/system/docker.service



systemctl  daemon-reload 
systemctl    start  docker