Setup docker registry

You can setup docker registry simply by a single command

sudo docker run -d -p 5000:5000 -v `pwd`/data:/var/lib/registry --restart=always --name registry registry:latest

If you want to delete images pushed to registry, you’d better mapping the config.yml locally, because you can enable delete in config.yml.

After registry setup, you can curl to check the catalog and taglist of images.

Here’s a python3 script which can not only setup docker registry as a service but also access registry information / push image as a client.

docker registry script

http & https

If you setup docker registry on a server with https url, that would be easy to push image to registry. Otherwise you would got error message server gave HTTP response to HTTPS client when push image.

Then you should add registry ip:port to insecure-registries of docker client.

For linux, go to /etc/docker/ and create file daemon.json, add { "insecure-registries": ["ip:port"] }. Then service docker restart.

For Mac, open docker client preference, edit daemon as following figure.

Setup jenkins

If you want to use docker in jenkins, DO NOT use jenkins-docker. That means you either need to install docker in jenkins docker or mapping host docker to jenkins. But neither of them is good choice.

You should install jenkins without docker.

On ubuntu, several commands would be OK. install-jenkins-ubuntu

Then you can operate it simply like jenkins-service-op.

Give jenkins permission of host docker

Give permission of docker to jenkins user on host, or you’ll error like /var/run/docker.sock: connect: permission denied.

sudo usermod -aG docker jenkins
sudo service jenkins restart

CI Pipeline with docker registry

We have already setup docker-registry and jenkins, then we can setup a pipeline to clone project from github, build it on jenkins, push built image to registry.

Then we need to ssh to target machine, pull and run the image we just pushed.

Install ssh plugins

2 plugins need to be installed on jenkins first: SSH plugin & Publish Over SSH Plugin.

Give jenkins permission to ssh to target machine

  • On Jenkins host, sudo su -s /bin/bash jenkins, ssh-keygen, cat /var/lib/jenkins/.ssh/id_rsa.pub, we got jenkins ssh public key.

  • Add public key of jenkins to target machine’s ~/.ssh/authorized_keys.

  • Login jenkins with sudo su -s /bin/bash jenkins on jenkins host, ssh to target machine mannualy first time, type ‘yes’ then jenkins can ssh to target machine freely on pipeline.

Jenkins pipeline execute shell sample

docker build -t my-server .
docker tag my-server:latest docker-registry.domain.net/my-server-qa:${BUILD_NUMBER}
docker push docker-registry.domain.net/my-server-qa:${BUILD_NUMBER}
ssh ubuntu@ec2-00-11-22-33.us-west-1.compute.amazonaws.com "~/deploy-docker.sh qa ${BUILD_NUMBER}"

deploy script on target machine

Target machine should install docker first, otherwise it cannot pull image from docker registry.

This is a sample deploy script of target machine which matches above execute shell sample.

# param1: env (prod|stg|qa|local)
# param2: build_number (1|2|3...)

sudo docker pull docker-registry.domain.net/my-server-$1:$2
sudo docker container stop $(sudo docker ps -f name=my-server -q)

set -e

sudo docker run --name my-server --rm -d -p 8080:8080 docker-registry.domain.net/my-server-$1:$2 $1
sudo docker system prune -a # save disk volume for server

References

部署私有Docker Registry

docker registry script

Docker学习之Docker Registry

Private registry push fail: server gave HTTP response to HTTPS client

jenkins-docker

Using Docker-in-Docker for your CI or testing environment? Think twice

Jenkins在shell脚本运行docker权限报错解决

Jenkins - can the “Execute Shell” execute SSH commands

Jenkins Host key verification failed

清理Docker的container,image与volume