https://github.com/docker/docker/issues/11432
아래는 docker_1.5 dev 버전 기준..( commit 52f6da223839a5ac1fc003b259b74f6a02fc2858 )
아래 디렉토리의 모든 디렉토리를 지운다.
/var/lib/docker/execdriver/native
컨테이너중 running 이라면 해당 컨테이너의 ID 폴더가 있는게 정상이지만,
모든 컨테이너가 중지 되어 있다면, 모두 삭제 되어야함.
port forwading
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html
http://serverfault.com/questions/342407/linux-how-to-port-forwarding-with-iptables-between-2-hosts-on-different-network
mysql server 실행
docker run --name chozo99 --rm -e MYSQL_ROOT_PASSWORD=**** mysql:5.5
docker inspect --format '{{ .NetworkSettings.IPAddress }}' chozo99
local 에서 mysql 접속...
mysql --host=`docker inspect --format '{{ .NetworkSettings.IPAddress }}' chozo99` -uroot -p'****' mysql
외부에서 접속시 포트개방
$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3306 -j DNAT \
--to `docker inspect --format '{{ .NetworkSettings.IPAddress }}' chozo99`:3306
$ iptables -t nat -A POSTROUTING -j MASQUERADE
reference
iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 3306 -j DNAT \
--to `docker inspect --format '{{ .NetworkSettings.IPAddress }}' chozo99`:3306
$ iptables -t nat -D POSTROUTING -j MASQUERADE
iptables -t nat -L PREROUTING -n --line-numbers
iptables -t nat -D PREROUTING 2
http://blog.docker.com/2013/07/how-to-use-your-own-registry/
https://github.com/docker/docker-registry
0. https://github.com/docker/docker-registry 설치
$ docker run -p 5000:5000 registry
or
$ docker run --name my_registry -p 5000:5000 -v /my_storage/registry:/tmp/registry registry
1. 해당 이미지의 IMAGE ID 확인
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
1234 latest 40e372dbf7a1 23 hours ago 780.6 MB
2. tag
ps. 푸시 할때 REPOSITORY 를 이용하므로 자신의 repository 주소를 포함한 이름으로 수정 해야함.
이름작성시 domain 구분자(.) 또는 port 구분자(:) 가 있어야함
일반적으로 REPOSITORY 는 username/imagename
따라서 REPOSITORY 를 보고 Public 인지 판단.
$ docker tag 40e372dbf7a1 192.168.20.211:5000/1234
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
1234 latest 40e372dbf7a1 22 hours ago 780.6 MB
192.168.20.211:5000/1234 latest 40e372dbf7a1 22 hours ago 780.6 MB
3. push
$ docker push 192.168.20.211:5000/1234
4. Search
$ docker search 192.168.20.211:5000/123
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
library/1234 0
or
$ curl -X GET http://192.168.20.211:5000/v1/search
{"num_results": 1, "query": "", "results": [{"description": "", "name": "library/1234"}]}
-----
$ curl -X GET http://192.168.20.211:5000/v1/search | python -m json.tool
{
"num_results": 1,
"query": "",
"results": [
{
"description": "",
"name": "library/1234"
}
]
}
5. Delete
namespace=library; repository=1234
$ curl -X DELETE http://192.168.20.211:5000/v1/repositories/1234/
Note.
docker pull/push 할때 아래 에러 발생시, 해당 머신의 docker 데몬 옵션 변경 필요 ( registry server 아님 )
ps. trusted 된 인증이 아니라면( by 인증기관 ) 간단히 아래 처럼 사용 ( self cert 안됨 : ... x509: certificate signed by unknown authority ... 에러 발생)
FATA[0004] Error: v1 ping attempt failed with error: Get https://192.168.20.211:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.20.211:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/192.168.20.211:5000/ca.crt
기본적으로 ssl을 사용하므로, 인증서가 필요함
간단히 사용하고자 한다면
/etc/default/docker 파일에 아래 추가
DOCKER_OPTS="$DOCKER_OPTS --insecure-registry=192.168.20.211:5000"
$ service docker restart