docker离线安装及私人仓库搭建
注意文中
IPPORT根据实际情况自行调整
1. 离线部署
安装目录结构
- install # 安装文件夹
- docker-19.03.9.tgz # docker安装文件压缩包 docker下载地址
- docker-compose-linux-x86_64 # docker-compose文件 docker-compose下载地址
- daemon.json # docker 配置文件
- docker.service # docker systemctl 服务的配置文件
- docker-installer.sh # 一键安装文件
- docker-uninstaller.sh # 一键卸载文件
- images # 镜像文件夹
- joxit_docker-registry-ui_main.tar # 中央仓库管理工具 ui registry-ui
- registry_2.8.2.tar # 中央仓库管理工具 registry
- nginx.tar # 测试镜像 nginx
- docker-compose.yml # 中央仓库管理工具的compose文件
- repotool_installer.sh # 中央仓库管理工具加载安装运行脚本
1.1 安装包下载
1.2 必要配置文件
- daemon.json
- docker.service
# daemon.json
{
"builder": {
"gc": {
"defaultKeepStorage": "20GB",
"enabled": true
}
},
"debug": false,
"experimental": false,
"features": {
"buildkit": true
},
# 私人中央仓库地址,没有设置成 []
"insecure-registries": [
"http://IP:PORT"
],
"registry-mirrors": []
}
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
[Service]
Type=notify
EnvironmentFile=-/run/flannel/docker
WorkingDirectory=/usr/local/bin
ExecStart=/usr/bin/dockerd \
-H tcp://0.0.0.0:4243 \
-H unix:///var/run/docker.sock \
--selinux-enabled=false \
--log-opt max-size=1g
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
1.3 一键安装脚本
#!/bin/sh
echo 'docker开始安装...'
echo '解压tar包...'
# ------------------------------------
tar -zxvf ./docker-19.03.9.tgz
# ------------------------------------
echo '将docker目录移到/usr/bin目录下...'
cp -p docker/* /usr/bin/
rm -rf docker
echo '将docker.service 移到/usr/lib/systemd/system/ 目录...'
cp ./docker.service /usr/lib/systemd/system/
echo '重新加载配置文件...'
mkdir /etc/docker/
cp daemon.json /etc/docker/
systemctl daemon-reload
echo '启动docker...'
systemctl start docker
echo '设置开机自启...'
systemctl enable docker.service
if ! docker -v; then
echo "docker 安装失败..."
exit -1
fi
echo 'docker安装成功...'
echo '安装docker-compose...'
# ---------------------------------------------------------------
cp -f ./docker-compose-linux-x86_64 /usr/local/bin/docker-compose
# ---------------------------------------------------------------
echo '添加文件执行权限...'
chmod +x /usr/local/bin/docker-compose
if ! docker-compose -v; then
echo "docker-compose 安装失败..."
exit -1
fi
echo 'docker-compose 安装成功...'
1.4 一键卸载脚本
#!/bin/sh
echo "停止所有容器服务"
docker stop $(docker ps -a -q)
echo "删除所有容器"
docker rm $(docker ps -a -q)
echo "删除docker所有镜像"
docker rmi -f $(docker images -q)
echo "停止docker服务"
systemctl stop docker
echo "删除docker.service..."
rm -rf /usr/lib/systemd/system/docker.service
echo "删除docker文件..."
rm -rf /usr/bin/docker*
echo "重新加载配置文件"
rm -rf /etc/docker
systemctl daemon-reload
echo "卸载成功..."
echo "删除docker-compose"
rm -rf /usr/local/bin/docker-compose
echo "卸载成功"一、docker离线安装
2. 私人仓库当搭建
2.1 docker-compose.yml
新建一个文件夹,将docker-compose.yml放在文件夹下
执行 docker-compose up -d
执行完后访问 http://IP:PORT/
version: '3.8'
services:
registry-ui:
image: joxit/docker-registry-ui:main
restart: always
ports:
- PORT:80
environment:
- SINGLE_REGISTRY=true
- REGISTRY_TITLE=国家前置软件仓库
- DELETE_IMAGES=true
- SHOW_CONTENT_DIGEST=true
- NGINX_PROXY_PASS_URL=http://registry-server:5000
- SHOW_CATALOG_NB_TAGS=true
- CATALOG_MIN_BRANCHES=1
- CATALOG_MAX_BRANCHES=1
- TAGLIST_PAGE_SIZE=100
- REGISTRY_SECURED=false
- CATALOG_ELEMENTS_LIMIT=1000
container_name: registry-ui
registry-server:
image: registry:2.8.2
restart: always
environment:
REGISTRY_HTTP_HEADERS_Access-Control-Origin: '[http://registry.example.com]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
REGISTRY_HTTP_HEADERS_Access-Control-Credentials: '[true]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'
REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
volumes:
- ./registry/data:/var/lib/registry
container_name: registry-server
2.2 docker设置
将自己的 IP:PORT添加到下面的数组中(没有的话需要自己的添加)以此允许本地推送镜像,如果是 Linux 的话,则需要找到 /etc/docker/daemon.json (没有需要自己创建)
"insecure-registries": [
"http://IP:PORT"
],
# daemon.json
{
"builder": {
"gc": {
"defaultKeepStorage": "20GB",
"enabled": true
}
},
"debug": false,
"experimental": false,
"features": {
"buildkit": true
},
# 私人中央仓库地址,没有设置成 []
"insecure-registries": [
"http://IP:PORT"
],
"registry-mirrors": []
}
2.3 测试镜像推送及拉取
docker tag nginx IP:PORT/nginx:1.0.0 # 给本地镜像打标签
docker images # 查看镜像列表
docker push IP:PORT/nginx:1.0.0 # 推送镜像到私有中央仓库
# 访问网址 http://IP:PORT, 查看镜像列表
docker rmi IP:PORT/nginx:1.0.0 # 删除镜像
docker images # 查看镜像列表
docker pull IP:PORT/nginx:1.0.0 # 拉取中央仓库镜像到本地
docker images # 查看镜像列表
2.4 其它机子推送与拉取
将自己的 IP:PORT添加到下面的数组中(没有的话需要自己的添加)以此允许本地推送镜像,如果是 Linux 的话,则需要找到 /etc/docker/daemon.json (没有需要自己创建)
"insecure-registries": [
"http://IP:PORT"
],
# daemon.json
{
"builder": {
"gc": {
"defaultKeepStorage": "20GB",
"enabled": true
}
},
"debug": false,
"experimental": false,
"features": {
"buildkit": true
},
# 私人中央仓库地址,没有设置成 []
"insecure-registries": [
"http://IP:PORT"
],
"registry-mirrors": []
}
docker pull IP:PORT/nginx:1.0.0 # 拉取中央仓库镜像到本地
docker images # 查看镜像列表
2.5. 镜像导出与导入
docker save -o nginx.tar nginx # 导出
docker load -i nginx.tar # 导入
2.6 离线一键安装脚本
echo '加载测试镜像 nginx'
docker load -i nginx.tar
echo '加载中央仓库管理工具ui镜像 registry-ui'
docker load -i joxit_docker-registry-ui_main.tar
echo '加载中央仓库管理工具镜像 registry'
docker load -i registry_2.8.2.tar
echo '运行中央仓库管理工具'
docker-compose up -d
3. 镜像制作
容器保存为镜像 https://blog.51cto.com/u_16213404/10234492