我正在服务器上设置gitlab注册表,因为我想开始在CI / CD管道中使用自定义映像。
当前状态
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
Gitlab-ctl版本12.9.0 Docker版本19.03.8
目标1
目标2
在服务器上执行的步骤
步骤1:测试注册表概念
user@my-server:/# sudo -i
root@my-server:/# export certsDir='/etc/gitlab/ssl/certs'
root@my-server:/# export myRegistry='localhost'
root@my-server:/# cd $certsDir
openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
# spin up a container (certs and ports configured)
root@my-server:/# docker run -d --restart=always --name registry -v $certsDir:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:4567 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$myRegistry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/$myRegistry.key -p 4567:4567 registry:2
# configure localhost for loopback
root@my-server:/# vim /etc/hosts
127.0.0.1 localhost
# get rid of any previous garbage
root@my-server:/# rm -rf /etc/docker/daemon.json
# pull, tag, and push image to local registry
root@my-server:/# docker pull ubuntu:16.04
docker tag ubuntu:16.04 localhost:4567/my-ubuntu
docker push localhost:4567/my-ubuntu
root@my-server:/etc/gitlab/ssl/certs# docker push localhost:4567/my-ubuntu
The push refers to repository [localhost:4567/my-ubuntu]
4ae3adcb66cb: Pushed
aa6685385151: Pushed
0040d8f00d7e: Pushed
9e6f810a2aab: Pushed
latest: digest: sha256:a98d9dcf3a34b2b78e78c61d003eb4d7a90d30fd54451686e2f0bd2ef5f602ac size: 1150
root@my-server:/etc/gitlab/ssl/certs# exit
user@my-server:/etc/gitlab/ssl/certs$ sudo docker pull python:latest
user@my-server:/etc/gitlab/ssl/certs$ sudo docker push localhost:4567/my-python
The push refers to repository [localhost:4567/my-python]
fbefc7d9db96: Pushed
bd436d37b328: Pushed
8b6dde37c5c4: Pushed
3dffd131f01f: Pushed
271910c4c150: Pushed
6670e930ed33: Pushed
c7f27a4eb870: Pushed
e70dfb4c3a48: Pushed
1c76bd0dc325: Pushed
latest: digest: sha256:d24b098d2b144adc02ed5c9917a17485b55a30f7ca55d8015b6df018b9337cde size: 2217
# View what curl says
user@my-server:/etc/gitlab/ssl/certs$ sudo curl -v localhost
* Rebuilt URL to: localhost/
* Trying 127.0.0.1...
* TCP_NODELAY set
* connect to 127.0.0.1 port 80 failed: Connection refused
* Failed to connect to localhost port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 80: Connection refused
user@my-server:/etc/gitlab/ssl/certs$ sudo curl -v localhost:4567
* Rebuilt URL to: localhost:4567/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4567 (#0)
> GET / HTTP/1.1
> Host: localhost:4567
> User-Agent: curl/7.58.0
> Accept: */*
>
Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
Warning: <FILE>" to save to a file.
* Failed writing body (0 != 7)
* stopped the pause stream!
* Closing connection 0
# shut-down the container
root@my-server:/# docker container rm registry
root@my-server:/# docker rmi <image number for registry>
步骤2:配置gitlab.rb
root@my-server:/ vim /etc/gitlab/gitlab.rb
registry_external_url 'http://localhost:4567'
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certs/localhost.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certs/localhost.key"
root@my-server:/# gitlab-ctl reconfigure
... no errors output ...
Running handlers:
Running handlers complete
Chef Client finished, 7/794 resources updated in 13 seconds
gitlab Reconfigured!
root@my-server:/# gitlab-ctl restart
ok: run: alertmanager: (pid 7262) 0s
ok: run: gitaly: (pid 7291) 1s
ok: run: gitlab-exporter: (pid 7308) 0s
ok: run: gitlab-workhorse: (pid 7312) 0s
ok: run: grafana: (pid 7326) 1s
ok: run: logrotate: (pid 7350) 0s
ok: run: nginx: (pid 7356) 1s
ok: run: node-exporter: (pid 7358) 0s
ok: run: postgres-exporter: (pid 7365) 1s
ok: run: postgresql: (pid 7373) 0s
ok: run: prometheus: (pid 7376) 0s
ok: run: redis: (pid 7473) 1s
ok: run: redis-exporter: (pid 7480) 0s
ok: run: registry: (pid 7488) 1s
ok: run: sidekiq: (pid 7498) 0s
ok: run: unicorn: (pid 7504) 0s
root@my-server:/etc/gitlab/ssl/certs# gitlab-ctl status
run: alertmanager: (pid 7262) 117s; run: log: (pid 1485) 4322901s
run: gitaly: (pid 7291) 117s; run: log: (pid 719) 4323118s
run: gitlab-exporter: (pid 7308) 116s; run: log: (pid 1395) 4322919s
run: gitlab-workhorse: (pid 7312) 116s; run: log: (pid 1288) 4322938s
run: grafana: (pid 7326) 116s; run: log: (pid 1778) 4322827s
run: logrotate: (pid 7350) 115s; run: log: (pid 1325) 4322931s
run: nginx: (pid 7821) 1s; run: log: (pid 1294) 4322937s
run: node-exporter: (pid 7358) 114s; run: log: (pid 1374) 4322925s
run: postgres-exporter: (pid 7365) 114s; run: log: (pid 1515) 4322893s
run: postgresql: (pid 7373) 113s; run: log: (pid 871) 4323112s
run: prometheus: (pid 7376) 113s; run: log: (pid 1443) 4322907s
run: redis: (pid 7473) 113s; run: log: (pid 675) 4323122s
run: redis-exporter: (pid 7480) 112s; run: log: (pid 1419) 4322911s
run: registry: (pid 7488) 112s; run: log: (pid 26387) 66209s
run: sidekiq: (pid 7498) 111s; run: log: (pid 1181) 4322944s
run: unicorn: (pid 7504) 111s; run: log: (pid 1129) 4322948s
步骤3:docker登录并推送到注册表
# wait for a minute, setup deploy token and docker login
- GO TO: http://my-server/my-project/container_registry
docker login localhost:4567
docker build -t localhost:4567/projectx/projectxy/projectxyz .
docker push localhost:4567/projectx/projectxy/projectxyz
- GO TO: http://my-server/my-project/~/settings/ci_cd
- create a deploy token
root@my-server:/# docker login localhost:4567
Username: <username from deploy token>
Password: <token>
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
# try to push to gitlab registry from the server
root@my-server:/# docker pull ubuntu:16.04
root@my-server:/# docker tag ubuntu:16.04 localhost:4567/projectx/projectxy/my-ubuntu
root@my-server:/# docker push localhost:4567/projectx/projectxy/my-ubuntu
The push refers to repository [localhost:4567/projectx/projectxy/my-ubuntu]
4ae3adcb66cb: Preparing
aa6685385151: Preparing
0040d8f00d7e: Preparing
9e6f810a2aab: Preparing
denied: requested access to the resource is denied
替代方法
root@my-server:/etc/gitlab/ssl/certs# export certsDir='/etc/gitlab/ssl/certs'
root@my-server:/etc/gitlab/ssl/certs# export myRegistry='localhost'
root@my-server:/etc/gitlab/ssl/certs# docker run -d --restart=always --name registry -v $certsDir:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$myRegistry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/$myRegistry.key -p 443:5000 registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
486039affc0a: Pull complete
ba51a3b098e6: Pull complete
8bb4c43d6c8e: Pull complete
6f5f453e5f2d: Pull complete
42bc10b72f42: Pull complete
Digest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7
Status: Downloaded newer image for registry:2
2968d5a32c01b53890881d56a582fdcce2bfad38a7a2f7b56060b75a1ebd817c
root@my-server:# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2968d5a32c01 registry:2 "/entrypoint.sh /etc…" 13 seconds ago Up 8 seconds 0.0.0.0:443->5000/tcp registry
root@my-server:/etc/gitlab/ssl/certs# docker push localhost:4567/projectx/projectxy/my-ubuntu
The push refers to repository [localhost:4567/projectx/projectxy/my-ubuntu]
4ae3adcb66cb: Preparing
aa6685385151: Preparing
0040d8f00d7e: Preparing
9e6f810a2aab: Preparing
denied: requested access to the resource is denied
替代方法
更改$ registryDir = Registry.me
将此添加到/ etc / hosts
127.0.0.1 localhost registry.me
问题
gitlab-ctl状态显示注册表已启动,为什么我不能推送它?
我将更改gitlab.rb
文件配置的哪些部分,以便连接到我的注册表映像。 gitlab是否创建自己的注册表?
创建我自己的注册表并将其推送到gitlab与注册表连接之间有什么区别?