Docker Private Regisrty2.0をさくっと動かす

概要

Macのboot2docker上でregistry2.0をさくっと動かす。
https://docs.docker.com/registry/deploying/ を参考に作業

ApacheやNginxを立ててBasic認証はここではしない。
Basic認証をする場合は下記を参考にする

• Apache HTTPd sample for Registry v1, v2 and mirror
• 認証付きのDocker Private registryを立てる

簡単に認証用意できるみたいなので書いた

reg.loというHostで準備していく

$ mkdir registry
$ cd registry
$ sudo vi /etc/hosts
192.168.59.103 reg.lo
$ boot2docker start
$ eval "$(boot2docker shellinit)"

鍵作成、CN=reg.loを設定する

$ mkdir -p certs && openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
    -x509 -days 365 -out certs/domain.crt

Generating a 4096 bit RSA private key
.....................................++
..................................................................................................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:reg.lo
Email Address []:

鍵を指定してregistry起動(Serverへの設定)

$ mkdir data
$ docker run -d -p 5000:5000 \
    -v `pwd`/certs:/certs \
    -v `pwd`/data:/var/lib/registry \
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
    -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
    --restart=always --name registry \
    registry:2.0

接続Test

$ curl -IL https://reg.lo:5000/v2/ --cacert certs/domain.crt
HTTP/1.1 200 OK
Content-Length: 2
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Date: Sat, 08 Aug 2015 21:50:11 GMT

鍵をboot2dockerに設置(クライアントのdockerへの設定)

$ boot2docker ssh
$ sudo vi /etc/hosts
192.168.59.103 reg.lo

// boot2dockerはUsersがMountされているのでそこから取得
$ sudo cp /Users/xxx/registry/certs/domain.crt /etc/ssl/certs/reg.lo.pem
$ sudo chmod 0600 /etc/ssl/certs/reg.lo.pem
$ exit
$ boot2docker ssh sudo /etc/init.d/docker restart

接続Test

$ docker pull hello-world
$ docker tag hello-world reg.lo:5000/hello-world
$ docker push reg.lo:5000/hello-world