gitlab 配置Container Registry

關于開啟Container Registry,官方文檔有做說明,emmm,一言難盡吧,特別簡潔,然后自己開啟的時候遇到了很多坑,算是記錄一下吧。

官方文檔:https://docs.gitlab.com/ee/user/packages/container_registry/

1、開啟 Container Registry

gitlab官方文檔有明確的說明,僅8.8版本及以上才有這個功能。

官方文檔上是在界面端配置的,然而,我并沒有看到這個配置,下面是我的版本號:

[root@localhost ssl]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
13.2.3

直接修改gitlab配置文件: vim /etc/gitlab/gitlab.rb

//外部訪問地址,此處被nginx代理,暴露給外部訪問
registry_external_url 'http://xxx.com'
//啟用
gitlab_rails['registry_enabled'] = true
//registry 服務ip
gitlab_rails['registry_host'] = "172.29.1.70"
//registry 服務真正端口
gitlab_rails['registry_port'] = "5000"

這里需要注意的是,registry_external_url是外部訪問的url,如docker需要pull和push,都是訪問該路徑。然后,刷新配置,重啟:

gitlab-ctl reconfigure
gitlab-ctl restart

這個時候,可以在瀏覽器訪問下registry_external_url:

70921f0bb0c52804ec2575cf0bc777f.png

可以看到,是一個空白頁面,別慌,正常現象。

2、Docker訪問

私有鏡像倉庫搭好了,該用docker測試訪問一下

[root@localhost mysql]# docker login http://xxx.com -u root -p xxx
Error response from daemon: Get https://xxx.com/v1/users/: http: server gave HTTP response to HTTPS client

訪問報錯,而且,指令中請求使用的是http協議,docker使用的卻是https。在這個地方,搜了一下,有很多人是修改/etc/docker/daemon.json文件,添加以下配置:

"insecure-registries":["ip:port"]

然而,啟動的時候報錯,可能只有我這里有這個問題:

[root@localhost mysql]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 二 2020-11-17 15:18:43 CST; 7s ago
     Docs: http://docs.docker.com
  Process: 18488 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
 Main PID: 18488 (code=exited, status=1/FAILURE)

11月 17 15:18:43 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
11月 17 15:18:43 localhost.localdomain dockerd-current[18488]: unable to configure the Docker daemon with file /etc/docker/daemon.json: the following direct...0:5050])
11月 17 15:18:43 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
11月 17 15:18:43 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
11月 17 15:18:43 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
11月 17 15:18:43 localhost.localdomain systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

于是修改刪除,重新啟動,找到啟動配置文件:/usr/lib/systemd/system/docker.service,這個文件(在systemctl status指令下能找到服務啟動的文件)里面包含docker的配置文件所在的位置:

Description=Docker Application Container Engine
  3 Documentation=http://docs.docker.com
  4 After=network.target
  5 Wants=docker-storage-setup.service
  6 Requires=docker-cleanup.timer
  7 
  8 [Service]
  9 Type=notify
 10 NotifyAccess=main
 //以下引入配置文件及環境變量
 11 EnvironmentFile=-/run/containers/registries.conf
 12 EnvironmentFile=-/etc/sysconfig/docker
 13 EnvironmentFile=-/etc/sysconfig/docker-storage
 14 EnvironmentFile=-/etc/sysconfig/docker-network
 15 Environment=GOTRACEBACK=crash
 16 Environment=DOCKER_HTTP_HOST_COMPAT=1
 17 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
 18 ExecStart=/usr/bin/dockerd-current \
 19           --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
 20           --default-runtime=docker-runc \
 21           --exec-opt native.cgroupdriver=systemd \
 22           --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
 23           --init-path=/usr/libexec/docker/docker-init-current \
 24           --seccomp-profile=/etc/docker/seccomp.json \
 25           $OPTIONS \
 26           $DOCKER_STORAGE_OPTIONS \
 27           $DOCKER_NETWORK_OPTIONS \
 28           $ADD_REGISTRY \
 29           $BLOCK_REGISTRY \
 30           $INSECURE_REGISTRY \
 31       $REGISTRIES
 32 ExecReload=/bin/kill -s HUP $MAINPID
 33 LimitNOFILE=1048576
 34 LimitNPROC=1048576
 35 LimitCORE=infinity
 36 TimeoutStartSec=0
 37 Restart=on-abnormal
 38 KillMode=process
 39

于是,我在/etc/sysconfig/docker文件中修改:

OPTIONS='--selinux-enabled=false --insecure-registry xxx.com --log-driver=journald'

設置私有庫,然后重啟:

[root@localhost mysql]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@localhost mysql]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since 二 2020-11-17 15:25:44 CST; 9s ago
     Docs: http://docs.docker.com
 Main PID: 23295 (dockerd-current)
   Memory: 22.9M
   CGroup: /system.slice/docker.service
           ├─23295 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupd...
           └─23303 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-...

11月 17 15:25:43 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:43.481151266+08:00" level=info msg="libcontainerd: new containerd proc...: 23303"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.492774158+08:00" level=info msg="Graph migration to content-address...seconds"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.493754865+08:00" level=info msg="Loading containers: start."
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.509437763+08:00" level=info msg="Firewalld running: false"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.567080971+08:00" level=info msg="Default bridge (docker0) is assign...address"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.595571883+08:00" level=info msg="Loading containers: done."
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.612819377+08:00" level=info msg="Daemon has completed initialization"
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.612848894+08:00" level=info msg="Docker daemon" commit="0be3e21/1.1...n=1.13.1
11月 17 15:25:44 localhost.localdomain dockerd-current[23295]: time="2020-11-17T15:25:44.618192007+08:00" level=info msg="API listen on /var/run/docker.sock"
11月 17 15:25:44 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.

啟動成功,然后再登錄:

[root@localhost mysql]# docker login http://xxx.com -u root -p xxx
Login Succeeded

登錄成功!

ps:官方文檔有說明,如果啟用了雙重驗證(Two-Factor Authentication)則不應該輸入密碼,而是token:

 docker login xxx.com -u <username> -p <token>
?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。

推薦閱讀更多精彩內容