（八）Registry Server創建

# （八）Registry Server創建 ## 建置 ``` $ yum install -y podman ``` ``` $ vim /etc/containers/registries.conf ``` ```dockerfile= #執行結果(加入以下) [registries.insecure] registries = ['chuck.im.shu'] ``` ``` $ mkdir -p /opt/registry/{auth,certs,data} ``` ``` $ htpasswd -bBc /opt/registry/auth/htpasswd admin chuck ``` ``` $ openssl req -newkey rsa:4096 -nodes -sha256 \ -keyout /opt/registry/certs/domain.key -x509 -days 100 \ -out /opt/registry/certs/domain.crt \ -subj '/C=TW/ST=Taiwan/L=SHU/O=CHUCK/CN=chuck.im.shu' ``` ``` $ cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/ ``` ``` $ update-ca-trust ``` ``` $ trust list | grep chuck ``` ```dockerfile= #執行結果 label: chuck.im.shu ``` ## 啟用 ``` $ podman run --name registry0 \ -p 443:5000 \ -v /opt/registry/data:/var/lib/registry:z \ -v /opt/registry/auth:/auth:z \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -v /opt/registry/certs:/certs:z \ -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt" \ -e "REGISTRY_HTTP_TLS_KEY=/certs/domain.key" \ -e REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED=true \ -d docker.io/library/registry:latest ``` ``` $ firewall-cmd --permanent --add-service=http --add-service=https ``` ``` $ firewall-cmd --reload ``` ## 修改Container ``` $ podman run -d --name myrsyslog docker.io/voxxit/rsyslog ``` 進入容器 myrsyslog ``` $ podman exec -it myrsyslog /bin/bash ``` ```dockerfile= bash-4.4# ``` ``` $ vi /root/.bashrc ``` ```dockerfile= #執行結果 PS1="[\u@\h \W]\\$ " ``` ``` $ mkdir /var/log/journal ``` ``` $ vi /etc/rsyslog.conf ``` ```dockerfile= #加入以下 local3.* /var/log/journal/csie.cyut.log ``` ``` $ exit ``` ``` $ podman restart myrsyslog ``` ## 建立Container ``` $ podman commit -q --author "chuck" 73a6e9dc4b45 shursyslog ``` :::danger 打前一行跑出的結果 ::: ``` $ podman images ``` ## 上傳 ``` $ podman pull docker.io/library/hello-world ``` ``` $ podman images ``` ```dockerfile= #執行結果 REPOSITORY TAG IMAGE ID CREATED SIZE localhost/shursyslog latest 3afc64c11987 19 hours ago 20 MB docker.io/library/registry latest 1fd8e1b0bb7e 4 months ago 26.8 MB docker.io/library/hello-world latest d1165f221234 5 months ago 20.2 kB docker.io/voxxit/rsyslog latest 8411a1edd4bb 3 years ago 20 MB ``` ``` $ podman start registry0 ``` ```dockerfile= #執行結果 registry0 ``` ``` $ podman login chuck.im.shu ``` ```dockerfile= #執行結果 Username: admin Password: chuck Login Succeeded! ``` ``` $ podman push hello-world chuck.im.shu/hello ``` ``` $ curl -u admin:chuck https://chuck.im.shu/v2/_catalog ``` ```dockerfile= #執行結果 {"repositories":["hello"]} ``` ``` $ podman pull docker.io/voxxit/rsyslog ``` ``` $ podman push rsyslog chuck.im.shu/rsyslog ``` ``` $ curl -u admin:chuck https://chuck.im.shu/v2/_catalog ``` ```dockerfile= #執行結果 {"repositories":["hello","rsyslog"]} ``` ``` $ podman push localhost/shursyslog chuck.im.shu/shursyslog ``` ## 開機啟動容器 ``` $ podman generate systemd registry0 ``` 將執行結果內容複製 ```dockerfile= #執行結果 # container-878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736.service # autogenerated by Podman 3.3.0-dev # Mon Aug 30 18:24:37 CST 2021 [Unit] Description=Podman container-878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736.service Documentation=man:podman-generate-systemd(1) Wants=network-online.target After=network-online.target RequiresMountsFor=/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start 878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736 ExecStop=/usr/bin/podman stop -t 10 878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736 ExecStopPost=/usr/bin/podman stop -t 10 878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736 PIDFile=/run/containers/storage/overlay-containers/878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736/userdata/conmon.pid Type=forking [Install] WantedBy=multi-user.target default.target ``` ``` $ cd /usr/lib/systemd/system/ ``` ``` $ touch registry0.service ``` ``` $ vim registry0.service ``` 將剛剛複製的貼上並:wq儲存 ```dockerfile= # container-878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736.service # autogenerated by Podman 3.3.0-dev # Mon Aug 30 18:24:37 CST 2021 [Unit] Description=Podman container-878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736.service Documentation=man:podman-generate-systemd(1) Wants=network-online.target After=network-online.target RequiresMountsFor=/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start 878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736 ExecStop=/usr/bin/podman stop -t 10 878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736 ExecStopPost=/usr/bin/podman stop -t 10 878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736 PIDFile=/run/containers/storage/overlay-containers/878905aa25a3413be76c4995a25b8fc03f5a09fdef1c76ac4616e68c491ef736/userdata/conmon.pid Type=forking [Install] WantedBy=multi-user.target default.target ``` ``` $ systemctl enable registry0.service ``` ``` $ reboot ``` ``` $ podman ps ``` ```dockerfile= #執行結果 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 878905aa25a3 docker.io/library/registry:latest /etc/docker/regis... 7 days ago Up 46 seconds ago 0.0.0.0:443->5000/tcp registry0 ```