麻烦将映像推送到服务器上的本地gitlab注册表

时间:2020-03-27 01:12:38

标签: docker server gitlab registry

我正在服务器上设置gitlab注册表,因为我想开始在CI / CD管道中使用自定义映像。


当前状态

  • 在具有运行程序的本地服务器上设置了一个gitlab(存储和CI / CD管道有效)。
  • 可以在浏览器中在我的服务器的gitlab中查看软件包->注册表
  • 可以成功(在服务器上)“ docker登录”。
  • 无法在服务器上将图像推送到注册表 (我可以推送到 localhost / project / my-ubuntu ,但不能推送到 localhost:4567 / project / my-ubuntu ,并且在程序包->注册处看不到任何内容)
  • 已经安装了Omnibus GitLab(这就是为什么我有gitlab.rb文件的原因)
$ cat /etc/os-release

NAME="Ubuntu"
VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

Gitlab-ctl版本12.9.0 Docker版本19.03.8

目标1

  • 让docker登录在服务器上工作
  • 将图像推送到服务器上的注册表中
  • 在我的网络浏览器中查看“ packages->注册表”下的图像
  • 测试可捕获这些图像并运行简单管道的gitlab-ci管道

目标2

  • 从我的笔记本电脑登录docker
  • 将笔记本电脑中的图像推送到服务器的gitlab注册表中
  • 调整gitlab-ci.yml以使用新图像并运行管道。

在服务器上执行的步骤

  1. 测试注册表概念
  2. 配置gitlab.rb
  3. docker登录并推送到注册表

步骤1:测试注册表概念 

user@my-server:/# sudo -i
root@my-server:/# export certsDir='/etc/gitlab/ssl/certs'
root@my-server:/# export myRegistry='localhost'

root@my-server:/# cd $certsDir

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")


# spin up a container (certs and ports configured)
root@my-server:/# docker run -d --restart=always --name registry -v $certsDir:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:4567 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$myRegistry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/$myRegistry.key -p 4567:4567 registry:2

# configure localhost for loopback
root@my-server:/# vim /etc/hosts
127.0.0.1       localhost

# get rid of any previous garbage
root@my-server:/# rm -rf /etc/docker/daemon.json

# pull, tag, and push image to local registry
root@my-server:/# docker pull ubuntu:16.04
docker tag ubuntu:16.04 localhost:4567/my-ubuntu
docker push localhost:4567/my-ubuntu

root@my-server:/etc/gitlab/ssl/certs# docker push localhost:4567/my-ubuntu
The push refers to repository [localhost:4567/my-ubuntu]
4ae3adcb66cb: Pushed 
aa6685385151: Pushed 
0040d8f00d7e: Pushed 
9e6f810a2aab: Pushed 
latest: digest: sha256:a98d9dcf3a34b2b78e78c61d003eb4d7a90d30fd54451686e2f0bd2ef5f602ac size: 1150

root@my-server:/etc/gitlab/ssl/certs# exit
user@my-server:/etc/gitlab/ssl/certs$ sudo docker pull python:latest
user@my-server:/etc/gitlab/ssl/certs$ sudo docker push localhost:4567/my-python
The push refers to repository [localhost:4567/my-python]
fbefc7d9db96: Pushed 
bd436d37b328: Pushed 
8b6dde37c5c4: Pushed 
3dffd131f01f: Pushed 
271910c4c150: Pushed 
6670e930ed33: Pushed 
c7f27a4eb870: Pushed 
e70dfb4c3a48: Pushed 
1c76bd0dc325: Pushed 
latest: digest: sha256:d24b098d2b144adc02ed5c9917a17485b55a30f7ca55d8015b6df018b9337cde size: 2217


# View what curl says

user@my-server:/etc/gitlab/ssl/certs$ sudo curl -v localhost
* Rebuilt URL to: localhost/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* connect to 127.0.0.1 port 80 failed: Connection refused
* Failed to connect to localhost port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 80: Connection refused
user@my-server:/etc/gitlab/ssl/certs$ sudo curl -v localhost:4567
* Rebuilt URL to: localhost:4567/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4567 (#0)
> GET / HTTP/1.1
> Host: localhost:4567
> User-Agent: curl/7.58.0
> Accept: */*
> 
Warning: Binary output can mess up your terminal. Use "--output -" to tell 
Warning: curl to output it to your terminal anyway, or consider "--output 
Warning: <FILE>" to save to a file.
* Failed writing body (0 != 7)
* stopped the pause stream!
* Closing connection 0

# shut-down the container
root@my-server:/# docker container rm registry
root@my-server:/# docker rmi <image number for registry>

步骤2:配置gitlab.rb 

root@my-server:/ vim /etc/gitlab/gitlab.rb

registry_external_url 'http://localhost:4567'
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certs/localhost.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certs/localhost.key"

root@my-server:/# gitlab-ctl reconfigure
... no errors output ...

Running handlers:
Running handlers complete
Chef Client finished, 7/794 resources updated in 13 seconds
gitlab Reconfigured!



root@my-server:/# gitlab-ctl restart
ok: run: alertmanager: (pid 7262) 0s
ok: run: gitaly: (pid 7291) 1s
ok: run: gitlab-exporter: (pid 7308) 0s
ok: run: gitlab-workhorse: (pid 7312) 0s
ok: run: grafana: (pid 7326) 1s
ok: run: logrotate: (pid 7350) 0s
ok: run: nginx: (pid 7356) 1s
ok: run: node-exporter: (pid 7358) 0s
ok: run: postgres-exporter: (pid 7365) 1s
ok: run: postgresql: (pid 7373) 0s
ok: run: prometheus: (pid 7376) 0s
ok: run: redis: (pid 7473) 1s
ok: run: redis-exporter: (pid 7480) 0s
ok: run: registry: (pid 7488) 1s
ok: run: sidekiq: (pid 7498) 0s
ok: run: unicorn: (pid 7504) 0s



root@my-server:/etc/gitlab/ssl/certs# gitlab-ctl status
run: alertmanager: (pid 7262) 117s; run: log: (pid 1485) 4322901s
run: gitaly: (pid 7291) 117s; run: log: (pid 719) 4323118s
run: gitlab-exporter: (pid 7308) 116s; run: log: (pid 1395) 4322919s
run: gitlab-workhorse: (pid 7312) 116s; run: log: (pid 1288) 4322938s
run: grafana: (pid 7326) 116s; run: log: (pid 1778) 4322827s
run: logrotate: (pid 7350) 115s; run: log: (pid 1325) 4322931s
run: nginx: (pid 7821) 1s; run: log: (pid 1294) 4322937s
run: node-exporter: (pid 7358) 114s; run: log: (pid 1374) 4322925s
run: postgres-exporter: (pid 7365) 114s; run: log: (pid 1515) 4322893s
run: postgresql: (pid 7373) 113s; run: log: (pid 871) 4323112s
run: prometheus: (pid 7376) 113s; run: log: (pid 1443) 4322907s
run: redis: (pid 7473) 113s; run: log: (pid 675) 4323122s
run: redis-exporter: (pid 7480) 112s; run: log: (pid 1419) 4322911s
run: registry: (pid 7488) 112s; run: log: (pid 26387) 66209s
run: sidekiq: (pid 7498) 111s; run: log: (pid 1181) 4322944s
run: unicorn: (pid 7504) 111s; run: log: (pid 1129) 4322948s

步骤3:docker登录并推送到注册表 

# wait for a minute, setup deploy token and docker login
- GO TO: http://my-server/my-project/container_registry
    docker login localhost:4567
    docker build -t localhost:4567/projectx/projectxy/projectxyz .
    docker push localhost:4567/projectx/projectxy/projectxyz

- GO TO: http://my-server/my-project/~/settings/ci_cd
    - create a deploy token


root@my-server:/# docker login localhost:4567
Username: <username from deploy token>
Password: <token>
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


# try to push to gitlab registry from the server

root@my-server:/# docker pull ubuntu:16.04
root@my-server:/# docker tag ubuntu:16.04 localhost:4567/projectx/projectxy/my-ubuntu
root@my-server:/# docker push localhost:4567/projectx/projectxy/my-ubuntu
The push refers to repository [localhost:4567/projectx/projectxy/my-ubuntu]
4ae3adcb66cb: Preparing 
aa6685385151: Preparing 
0040d8f00d7e: Preparing 
9e6f810a2aab: Preparing 
denied: requested access to the resource is denied

替代方法

  • 使用上述命令后,我尝试创建注册表映像(因为docker ps,docker ps -a和docker images不存在)
root@my-server:/etc/gitlab/ssl/certs# export certsDir='/etc/gitlab/ssl/certs'
root@my-server:/etc/gitlab/ssl/certs# export myRegistry='localhost'
root@my-server:/etc/gitlab/ssl/certs# docker run -d --restart=always --name registry -v $certsDir:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$myRegistry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/$myRegistry.key -p 443:5000 registry:2

Unable to find image 'registry:2' locally
2: Pulling from library/registry
486039affc0a: Pull complete 
ba51a3b098e6: Pull complete 
8bb4c43d6c8e: Pull complete 
6f5f453e5f2d: Pull complete 
42bc10b72f42: Pull complete 
Digest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7
Status: Downloaded newer image for registry:2
2968d5a32c01b53890881d56a582fdcce2bfad38a7a2f7b56060b75a1ebd817c


root@my-server:# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
2968d5a32c01        registry:2          "/entrypoint.sh /etc…"   13 seconds ago      Up 8 seconds        0.0.0.0:443->5000/tcp   registry
root@my-server:/etc/gitlab/ssl/certs# docker push localhost:4567/projectx/projectxy/my-ubuntu
The push refers to repository [localhost:4567/projectx/projectxy/my-ubuntu]
4ae3adcb66cb: Preparing 
aa6685385151: Preparing 
0040d8f00d7e: Preparing 
9e6f810a2aab: Preparing 
denied: requested access to the resource is denied

替代方法

  • 更改$ registryDir = Registry.me

  • 将此添加到/ etc / hosts 

127.0.0.1 localhost registry.me
  • 重做所有步骤

问题

  1. gitlab-ctl状态显示注册表已启动,为什么我不能推送它?

  2. 我将更改gitlab.rb文件配置的哪些部分,以便连接到我的注册表映像。 gitlab是否创建自己的注册表?

  3. 创建我自己的注册表并将其推送到gitlab与注册表连接之间有什么区别?

0 个答案:

没有答案
相关问题
最新问题