gitlab 配置Container Registry

關(guān)于開啟Container Registry,官方文檔有做說(shuō)明,emmm,一言難盡吧,特別簡(jiǎn)潔,然后自己開啟的時(shí)候遇到了很多坑,算是記錄一下吧。

官方文檔:https://docs.gitlab.com/ee/user/packages/container_registry/

1、開啟 Container Registry

gitlab官方文檔有明確的說(shuō)明,僅8.8版本及以上才有這個(gè)功能。

官方文檔上是在界面端配置的,然而,我并沒(méi)有看到這個(gè)配置,下面是我的版本號(hào):

[root@localhost ssl]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
13.2.3

直接修改gitlab配置文件: vim /etc/gitlab/gitlab.rb

//外部訪問(wèn)地址,此處被nginx代理,暴露給外部訪問(wèn)
registry_external_url 'http://xxx.com'
//啟用
gitlab_rails['registry_enabled'] = true
//registry 服務(wù)ip
gitlab_rails['registry_host'] = "172.29.1.70"
//registry 服務(wù)真正端口
gitlab_rails['registry_port'] = "5000"

這里需要注意的是,registry_external_url是外部訪問(wèn)的url,如docker需要pull和push,都是訪問(wèn)該路徑。然后,刷新配置,重啟:

gitlab-ctl reconfigure
gitlab-ctl restart

這個(gè)時(shí)候,可以在瀏覽器訪問(wèn)下registry_external_url:

70921f0bb0c52804ec2575cf0bc777f.png

可以看到,是一個(gè)空白頁(yè)面,別慌,正常現(xiàn)象。

2、Docker訪問(wèn)

私有鏡像倉(cāng)庫(kù)搭好了,該用docker測(cè)試訪問(wèn)一下

[root@localhost mysql]# docker login http://xxx.com -u root -p xxx
Error response from daemon: Get https://xxx.com/v1/users/: http: server gave HTTP response to HTTPS client

訪問(wèn)報(bào)錯(cuò),而且,指令中請(qǐng)求使用的是http協(xié)議,docker使用的卻是https。在這個(gè)地方,搜了一下,有很多人是修改/etc/docker/daemon.json文件,添加以下配置:

"insecure-registries":["ip:port"]

然而,啟動(dòng)的時(shí)候報(bào)錯(cuò),可能只有我這里有這個(gè)問(wèn)題:

[root@localhost mysql]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 二 2020-11-17 15:18:43 CST; 7s ago
     Docs: http://docs.docker.com
  Process: 18488 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
 Main PID: 18488 (code=exited, status=1/FAILURE)

11月 17 15:18:43 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
11月 17 15:18:43 localhost.localdomain dockerd-current[18488]: unable to configure the Docker daemon with file /etc/docker/daemon.json: the following direct...0:5050])
11月 17 15:18:43 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
11月 17 15:18:43 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
11月 17 15:18:43 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
11月 17 15:18:43 localhost.localdomain systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

于是修改刪除,重新啟動(dòng),找到啟動(dòng)配置文件:/usr/lib/systemd/system/docker.service,這個(gè)文件(在systemctl status指令下能找到服務(wù)啟動(dòng)的文件)里面包含docker的配置文件所在的位置:

Description=Docker Application Container Engine
  3 Documentation=http://docs.docker.com
  4 After=network.target
  5 Wants=docker-storage-setup.service
  6 Requires=docker-cleanup.timer
  7 
  8 [Service]
  9 Type=notify
 10 NotifyAccess=main
 //以下引入配置文件及環(huán)境變量
 11 EnvironmentFile=-/run/containers/registries.conf
 12 EnvironmentFile=-/etc/sysconfig/docker
 13 EnvironmentFile=-/etc/sysconfig/docker-storage
 14 EnvironmentFile=-/etc/sysconfig/docker-network
 15 Environment=GOTRACEBACK=crash
 16 Environment=DOCKER_HTTP_HOST_COMPAT=1
 17 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
 18 ExecStart=/usr/bin/dockerd-current \
 19           --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
 20           --default-runtime=docker-runc \
 21           --exec-opt native.cgroupdriver=systemd \
 22           --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
 23           --init-path=/usr/libexec/docker/docker-init-current \
 24           --seccomp-profile=/etc/docker/seccomp.json \
 25           $OPTIONS \
 26           $DOCKER_STORAGE_OPTIONS \
 27           $DOCKER_NETWORK_OPTIONS \
 28           $ADD_REGISTRY \
 29           $BLOCK_REGISTRY \
 30           $INSECURE_REGISTRY \
 31       $REGISTRIES
 32 ExecReload=/bin/kill -s HUP $MAINPID
 33 LimitNOFILE=1048576
 34 LimitNPROC=1048576
 35 LimitCORE=infinity
 36 TimeoutStartSec=0
 37 Restart=on-abnormal
 38 KillMode=process
 39

于是,我在/etc/sysconfig/docker文件中修改:

OPTIONS='--selinux-enabled=false --insecure-registry xxx.com --log-driver=journald'

設(shè)置私有庫(kù),然后重啟:

[root@localhost mysql]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@localhost mysql]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since 二 2020-11-17 15:25:44 CST; 9s ago
     Docs: http://docs.docker.com
 Main PID: 23295 (dockerd-current)
   Memory: 22.9M
   CGroup: /system.slice/docker.service
           ├─23295 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupd...
           └─23303 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-...

11月 17 15:25:43 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:43.481151266+08:00" level=info msg="libcontainerd: new containerd proc...: 23303"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.492774158+08:00" level=info msg="Graph migration to content-address...seconds"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.493754865+08:00" level=info msg="Loading containers: start."
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.509437763+08:00" level=info msg="Firewalld running: false"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.567080971+08:00" level=info msg="Default bridge (docker0) is assign...address"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.595571883+08:00" level=info msg="Loading containers: done."
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.612819377+08:00" level=info msg="Daemon has completed initialization"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.612848894+08:00" level=info msg="Docker daemon" commit="0be3e21/1.1...n=1.13.1
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.618192007+08:00" level=info msg="API listen on /var/run/docker.sock"
11月 17 15:25:44 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.

啟動(dòng)成功,然后再登錄:

[root@localhost mysql]# docker login http://xxx.com -u root -p xxx
Login Succeeded

登錄成功!

ps:官方文檔有說(shuō)明,如果啟用了雙重驗(yàn)證(Two-Factor Authentication)則不應(yīng)該輸入密碼,而是token:

 docker login xxx.com -u <username> -p <token>
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

推薦閱讀更多精彩內(nèi)容