LoginSignup
5
8

More than 5 years have passed since last update.

DockerAdvent Calendar 2016Day 19
@ftakao2007(san Fukui)

とにかくdocker registryを動かしたい

Posted at

概要

CentOS7のdockerホストで、生のIPアドレスとオレオレ証明書でとにかくdocker registryを動かしたい人のための設定手順です。本番で使う場合は適切な設定を入れてください。

事前作業・前提条件

  • 各ホストでdockerやdocker-composeが使える環境が構築されている
  • opensslやそのほか必要なパッケージが入っている
  • 作業ユーザは「vagrant」で各ホストにssh可能
ホスト IPアドレス 役割
docker ホスト1 192.168.33.11 docker registryコンテナが起動している
docker ホスト2 192.168.33.12 イメージをdocker registryにpushする
docker ホスト3 192.168.33.13 イメージをdocker registryからpullする

作業手順

dockerホスト1の設定

[vagrant@192.168.33.11]
### IPアドレスで接続するための設定をv3_caセクション内に入れる
$ sudo vi /etc/pki/tls/openssl.cnf
================================================
...
[ v3_ca ]
...
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
subjectAltName = IP:192.168.33.11                       ### <-これを追加
================================================

### イメージとサーバ証明書を保存するディレクトリを作成
$ mkdir -p /home/vagrant/containers/regitstry /home/vagrant/containers/certs
$ cd /home/vagrant/containers/certs

### サーバ証明書の作成。 Common Name以外は良しなに入れてください。
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key -x509 -days 36500 -out domain.crt
================================================
Generating a 4096 bit RSA private key
.......++
.........................................................................++
writing new private key to 'domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokushima
Locality Name (eg, city) [Default City]:Tokushima-shi
Organization Name (eg, company) [Default Company Ltd]:ftakao2007 company
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:192.168.33.11    ### <- dockerホストのIPを入れる
Email Address []:
================================================
$ sudo chown root:root domain*

### dockerホスト2,3にサーバ証明書を配布する
$ sudo scp domain.crt vagrant@192.168.33.12:
$ sudo scp domain.crt vagrant@192.168.33.13:

dockerホスト2,3でサーバ証明書を配置

[vagrant@192.168.33.12, 192.168.33.13]
$ sudo mkdir -p /etc/docker/certs.d/192.168.33.11:5000
$ sudo chown root:root domain.crt
$ sudo mv domain.crt /etc/docker/certs.d/192.168.33.11:5000/ca.crt

dockerホスト1でコンテナを立ち上げる

[vagrant@192.168.33.11]
$ cd ~
$ vi docker-compose_registry.yml
================================================
registry:
  restart: always
  image: registry:2
  ports:
    - 5000:5000
  environment:
    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
    REGISTRY_HTTP_TLS_KEY: /certs/domain.key
    REGISTRY_STORAGE_DELETE_ENABLED: 'True'
  volumes:
    - /home/vagrant/containers/registry:/var/lib/registry
    - /home/vagrant/containers/certs:/certs
================================================
$ docker-compose -f docker-compose_registry.yml up -d

dockerホスト2からイメージをpushする

[vagrant@192.168.33.12]
### イメージIDの確認
$ docker images
================================================
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos              7                   0584b3d2cf6d        4 days ago          196.5 MB
================================================

### イメージにpushするためtagをつける
$ docker tag 0584b3d2cf6d 192.168.33.11:5000/centos:7
$ docker images
================================================
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
192.168.33.11:5000/centos   7                   0584b3d2cf6d        4 days ago          196.5 MB
centos                      7                   0584b3d2cf6d        4 days ago          196.5 MB
================================================

### pushする
$ docker push 192.168.33.11:5000/centos:7
================================================
The push refers to a repository [192.168.33.11:5000/centos]
97ca462ad9ee: Pushed
7: digest: sha256:b2f9d1c0ff5f87a4743104d099a3d561002ac500db1b9bfa02a783a46e0d366c size: 529
================================================

dockerホスト3でイメージをpullする

[vagrant@192.168.33.13]
$ docker images
================================================
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
================================================

### イメージの確認
$ curl --insecure https://192.168.33.11:5000/v2/_catalog
================================================
{"repositories":["centos"]}
================================================

### タグの確認
$ curl --insecure https://192.168.33.11:5000/v2/centos/tags/list
================================================
{"name":"centos","tags":["7"]}
================================================

### イメージをpull
$ docker pull 192.168.33.11:5000/centos:7
================================================
7: Pulling from centos
08d48e6f1cff: Pull complete
Digest: sha256:b2f9d1c0ff5f87a4743104d099a3d561002ac500db1b9bfa02a783a46e0d366c
Status: Downloaded newer image for 192.168.33.11:5000/centos:7
================================================

$ docker images
================================================
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
192.168.33.11:5000/centos   7                   0584b3d2cf6d        4 days ago          196.5 MB
================================================

参考

5
8
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
5
8