CentOS 7 이상
Docker version 18.02.0-ce, build fc4de44
한 번에 생성할 수 있는 스크립트 작성했다.
ssh 키가 있어야만 사용 가능 하기에 ID/PW 설정은 의미 없다.
그냥 사용할 수 있다는 정도의 의미만 두는 걸로..
아래의 스크립트들을 한 경로에 넣고 사용 가능
server_setting.sh
#!/bin/sh
SERVER_NAME=docker_server
SERVER_PORT=5000
REGISTRY_SERVER=$SERVER_NAME:$SERVER_PORT
ID=server
PW=server
create_registry.sh
#!/bin/sh
my_dir="$(dirname "$0")"
source $my_dir/server_setting.sh
echo "
[req]
prompt = no
distinguished_name = req_distinguished_name
[req_distinguished_name]
countryName = "'"KO"'"
#stateOrProvinceName = "'""'"
#localityName = "'""'"
organizationName = "'"COMPANY"'"
organizationalUnitName = "'"MY TEAM"'"
commonName = "'"'"$SERVER_NAME"'"'"
#emailAddress = "'""'"
" > ssl.conf
mkdir -p certs
# private key
openssl genrsa -out certs/server.key 2048
# Certificate Signing Request
openssl req -new -key certs/server.key -out certs/server.csr -config ssl.conf
# server certificates
openssl x509 -req -days 365 -in certs/server.csr -signkey certs/server.key -out certs/server.crt
cp -f certs/server.crt /usr/share/pki/ca-trust-source/anchors/
update-ca-trust enable
update-ca-trust extract
systemctl restart docker
mkdir -p auth
docker run --entrypoint htpasswd --rm registry:2 -Bbn $ID $PW > auth/htpasswd
docker stop registry
docker rm registry
docker run -d \
-p $SERVER_PORT:$SERVER_PORT \
--restart=always \
--name registry \
-v `pwd`/registry:/var/lib/registry \
-v `pwd`/auth:/auth \
-e REGISTRY_AUTH=htpasswd \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/server.key \
-e REGISTRY_STORAGE_DELETE_ENABLED=True \
registry:2
registry 서버에 저장된 목록 조회 - docker registry 의 HTTP API v2 참고(https://docs.docker.com/registry/spec/api/#detail)
get_images.sh
#!/bin/sh
my_dir="$(dirname "$0")"
source $my_dir/server_setting.sh
curl --cacert certs/server.crt -u "$ID:$PW" -XGET https://$REGISTRY_SERVER/v2/_catalog
get_tags.sh [image]
#!/bin/sh
my_dir="$(dirname "$0")"
source $my_dir/server_setting.sh
curl --cacert certs/server.crt -u "$ID:$PW" -XGET https://$REGISTRY_SERVER/v2/$1/tags/list
이미지 삭제
# ID/PW, REGISTRY_SERVER, IMAGE, TAG 입력
$ curl --cacert certs/server.crt -u "$ID:$PW" -I -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -XGET https://$REGISTRY_SERVER/v2/$IMAGE/manifests/$TAG
HTTP/1.1 200 OK
Content-Length: 1581
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:24b2d2acdc19c9cb88b84153ba0b7631b062798fe719253ffa0c01571e17d1c4
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:24b2d2acdc19c9cb88b84153ba0b7631b062798fe719253ffa0c01571e17d1c4"
X-Content-Type-Options: nosniff
Date: Tue, 29 May 2018 02:38:36 GMT
# Delete manifest, Docker-Content-Digest
$ curl --cacert certs/server.crt -u "$ID:$PW" -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -XDELETE https://$REGISTRY_SERVER/v2/$IMAGE/manifests/sha256:24b2d2acdc19c9cb88b84153ba0b7631b062798fe719253ffa0c01571e17d1c4
# Delete image data from file system
# registry server 에서 실행
$ docker exec -it registry bin/registry garbage-collect [--dry-run] /etc/docker/registry/config.yml
사용하는 클라이언트에서는 commonName 을 /etc/hosts 에 추가하고, certs/server.crt 를 등록하여 사용하면 된다.
login.sh
#!/bin/sh
my_dir="$(dirname "$0")"
source $my_dir/registry/server_setting.sh
docker login -u $ID -p $PW $REGISTRY_SERVER
이미지 push & pull
# REGISTRY_SERVER, IMAGE, TAG 입력
docker tag $IMAGE:$TAG $REGISTRY_SERVER/$IMAGE:$TAG
docker push $REGISTRY_SERVER/$IMAGE:$TAG
docker pull $REGISTRY_SERVER/$IMAGE:$TAG
'가상화 > docker' 카테고리의 다른 글
| docker Tree 확인 (0) | 2018.09.11 |
|---|---|
| docker 사용 (0) | 2018.09.11 |
| docker 한글 지원 (1) | 2018.09.11 |
| docker CUDA (0) | 2018.05.29 |
| docker alpine linux (0) | 2018.05.28 |
