[关闭]
@maorongrong 2016-11-14T07:12:25.000000Z 字数 7783 阅读 1025

registry仓库删除镜像

docker

未解决时状态:删除Docker Registry里的镜像怎么那么难
早些时候删除时这样的:Docker Registry之删除镜像、垃圾回收
registry:2.5及之后这样删:docker registry 镜像删除

Docker仓库在2.1版本中支持了删除镜像的API,但这个删除操作只会删除镜像元数据,不会删除层数据。在2.4版本中对这一>问题进行了解决,增加了一个垃圾回收命令,删除未被引用的层数据。
——@线超博

那么如何正确删除仓库镜像呐

根据官方推荐版本来:

更改registry容器内/etc/docker/registry/config.yml文件

  1. storage:
  2.   delete:
  3.     enabled: true

找出你想要的镜像名称的tag

$ curl -I -X GET <protocol>://<registry_host>/v2/<镜像名>/tags/list

拿到digest_hash参数

$ curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET http://<仓库地址>/v2/<镜像名>/manifests/<tag>

如:

$ curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET http://10.109.252.221:5000/v2/wordpress/manifests/latest

复制digest_hash

Docker-Content-Digest: <digest_hash>

删除清单

$ curl -I -X DELETE <protocol>://<registry_host>/v2/<repo_name>/manifests/<digest_hash>

如:

$ curl -I -X DELETE http://10.109.252.221:5000/v2/wordpress/manifests/sha256:b3a15ef1a1fffb8066d0f0f6d259dc7f646367c0432e3a90062b6064f874f57c

删除文件系统内的镜像文件,注意2.4版本以上的registry才有此功能

$ docker exec -it <registry_container_id> bin/registry garbage-collect <path_to_registry_config>

如:

$ docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml

最万不得已的方法

进入仓库容器镜像存储目录,删除镜像文件夹

$ docker exec registry rm -rf /var/lib/registry/docker/registry/v2/repositories/<镜像名>

执行垃圾回收操作,注意2.4版本以上的registry才有此功能

$ docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml

举个例子

要删除/library/registry,先来查一下都有啥tags...

  1. cloud@cloud-m3-01:~$ curl http://202.117.16.167:5000/v2/_catalog
  2. {"repositories":["jupyter/notebook","library/busybox","library/registry","mongo","nginx","registry","ubuntu"]}
  4. cloud@cloud-m3-01:~$ curl -I -X GET http://202.117.16.167:5000/v2/library/busybox/tags/list
  5. HTTP/1.1 200 OK
  6. Content-Type: application/json; charset=utf-8
  7. Docker-Distribution-Api-Version: registry/2.0
  8. Date: Sun, 13 Nov 2016 13:45:19 GMT
  9. Content-Length: 544
  11. cloud@cloud-m3-01:~$ curl -X GET http://202.117.16.167:5000/v2/library/busybox/tags/list
  12. {"name":"library/busybox","tags":["1.24.1","1-musl","1.23.2","1.24-glibc","1","1-uclibc","1.25.0-musl","1.25.1","1.25-uclibc","ubuntu","1.25.0-glibc","1.24.1-uclibc","1-glibc","latest","1.25.0-uclibc","1.23","1.25.1-glibc","1.24.2-glibc","1.25","1.24-musl","1.25-musl","1.24","glibc","1-ubuntu","musl","1.24-uclibc","1.25.1-musl","1.24.1-glibc","1.24.2-musl","1.24.2","ubuntu-14.04","buildroot-2013.08.1","1.25-glibc","1.24.2-uclibc","1.24.0","1.25.1-uclibc","ubuntu-12.04","uclibc","buildroot-2014.02","1.21.0-ubuntu","1.24.1-musl","1.25.0"]}

BUG:各种tags对应的清单manifests找不到了。。。。。。。。。。。

  1. cloud@cloud-m3-01:~$ curl -I -X GET http://202.117.16.167:5000/v2/library/busybox/manifests/latest
  2. HTTP/1.1 404 Not Found
  3. Content-Type: application/json; charset=utf-8
  4. Docker-Distribution-Api-Version: registry/2.0
  5. Date: Sun, 13 Nov 2016 13:42:38 GMT
  6. Content-Length: 191
  8. cloud@cloud-m3-01:~$ curl -I -X GET http://202.117.16.167:5000/v2/library/busybox/manifests/tags/
  9. HTTP/1.1 301 Moved Permanently
  10. Docker-Distribution-Api-Version: registry/2.0
  11. Location: /v2/library/busybox/manifests/tags
  12. Date: Sun, 13 Nov 2016 13:42:55 GMT
  13. Content-Length: 69
  14. Content-Type: text/html; charset=utf-8
  16. cloud@cloud-m3-01:~$ curl -I -X GET http://202.117.16.167:5000/v2/library/busybox/manifests/tags/list
  17. HTTP/1.1 404 Not Found
  18. Content-Type: application/json; charset=utf-8
  19. Docker-Distribution-Api-Version: registry/2.0
  20. Date: Sun, 13 Nov 2016 13:43:00 GMT
  21. Content-Length: 133
  23. cloud@cloud-m3-01:~$ curl -I -X GET http://202.117.16.167:5000/v2/library/busybox/manifests/tags/lists
  24. HTTP/1.1 404 Not Found
  25. Content-Type: text/plain; charset=utf-8
  26. Docker-Distribution-Api-Version: registry/2.0
  27. X-Content-Type-Options: nosniff
  28. Date: Sun, 13 Nov 2016 13:43:03 GMT
  29. Content-Length: 19
  32. cloud@cloud-m3-01:~$ curl  --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET http://202.117.16.167:5000/v2/library/busybox/manifests/glibc
  33. HTTP/1.1 404 Not Found
  34. Content-Type: application/json; charset=utf-8
  35. Docker-Distribution-Api-Version: registry/2.0
  36. Date: Sun, 13 Nov 2016 13:47:35 GMT
  37. Content-Length: 191
  39. cloud@cloud-m3-01:~$ curl  --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET http://202.117.16.167:5000/v2/library/busybox/manifests/1.24.1
  40. HTTP/1.1 404 Not Found
  41. Content-Type: application/json; charset=utf-8
  42. Docker-Distribution-Api-Version: registry/2.0
  43. Date: Sun, 13 Nov 2016 13:48:04 GMT
  44. Content-Length: 191

加个头再找。。。。还是不行。。。

  1. cloud@cloud-m3-01:~$ curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET http://202.117.16.167:5000/v2/library/busybox/manifests/1.24.1
  2. HTTP/1.1 404 Not Found
  3. Content-Type: application/json; charset=utf-8
  4. Docker-Distribution-Api-Version: registry/2.0
  5. Date: Sun, 13 Nov 2016 13:48:28 GMT
  6. Content-Length: 191
  8. cloud@cloud-m3-01:~$ curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET http://202.117.16.167:5000/v2/library/busybox/manifests/1.24.1
  9. {"errors":[{"code":"MANIFEST_UNKNOWN","message":"manifest unknown","detail":{"Name":"library/busybox","Revision":"sha256:c345d0402778a9e05e5e19961ff77eda820cf3a8ecf30117ec0451575b398877"}}]}

不管了,直接根据"Revision":"sha256:c345d0402778a9e05e5e19961ff77eda820cf3a8ecf30117ec0451575b398877" 修正版的清单hash校验进行删除。。。

  1. cloud@cloud-m3-01:~$ curl -I -X DELETE http://202.117.16.167:5000/v2/library/busybox/manifests/sha256:c345d0402778a9e05e5e19961ff77eda820cf3a8ecf30117ec0451575b398877
  2. HTTP/1.1 404 Not Found
  3. Content-Type: application/json; charset=utf-8
  4. Docker-Distribution-Api-Version: registry/2.0
  5. Date: Sun, 13 Nov 2016 13:49:52 GMT
  6. Content-Length: 70
  8. cloud@cloud-m3-01:~$ curl -X DELETE http://202.117.16.167:5000/v2/library/busybox/manifests/sha256:c345d0402778a9e05e5e19961ff77eda820cf3a8ecf30117ec0451575b398877
  9. {"errors":[{"code":"MANIFEST_UNKNOWN","message":"manifest unknown"}]}

还是没有找到。。。。只能进行不推荐的删除方法了,把这个镜像仓库直接删除,再用垃圾回收脚本直接回收吧!!!

我只能强删除

  1. cloud@cloud-m3-01:~$ docker exec registry rm -rf /var/lib/registry/docker/registry/v2/repositories/library/busybox
  2. cloud@cloud-m3-01:~$ docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml
  4. cloud@cloud-m3-01:~$ docker exec -ti dcb04d57d093 du -sch /var/lib/registry
  5. 255.1M  /var/lib/registry
  6. 255.1M  total

为什么会这么复杂呐

看镜像的数据结构:一个docker镜像包含了3个概念:标签(tag)、清单(manifest)和层(layer)。标签被关联到清单上,而清单则被关联到层上,就像下图一样:
uiy2uqZ.jpg!web未知大小

其实单说删除本身其实是比较容易的事情,就像现在的垃圾收集算法一样。
1. 一个是根搜索法,从根节点开始计算,若某对象不可达,则表明不被用到,可删之。
在docker镜像中并没有“根层”的概念,所以需要循环所有的清单来看是否有哪些层不被用到
2. 还有一个是引用计数法,它为每一个对象添加一个引用计数器,为0则表明不被用到。实现起来比较简单,但是很难删除掉循环引用。在docker镜像中,因为它是一个 有向无环图(DAG) ,所以并不会有“循环引用”,正是解决这个问题的极佳方案之一。那么这个大坑在哪里呢?问题在于并发。想象一下,如果在删除某层的过程中,有另外一个push的线程误认为此层已经存在,就会在删除之后导致第二个线程push的镜像不能正常工作。

删除示例

查看仓库镜像

  1. cloud@cloud-m3-01:~$ curl -k -X GET https://mydockerhub.com:5000/v2/library/registry/tags/list
  2. {"name":"library/registry","tags":["0.5.9","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.2","0.7.3","0.8.0","0.8.1","0.9.0","0.9.1","2.0.0","2.0.1","2.0","2.1.1","2.1","2.2.0","2.2.1","2.2","2.3.0","2.3.1","2.3","2.4.0","2.4.1","2.4","2.5.0-rc.1","2.5.0-rc.2","2.5.0","2.5.1","2.5","2","latest"]}

查看镜像标签的digest_hash参数

  1. cloud@cloud-m3-01:~$ curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -k -I -X GET https://mydockerhub.com:5000/v2/library/registry/manifests/0.5.9
  2. HTTP/1.1 200 OK
  3. Content-Length: 21873
  4. Content-Type: application/vnd.docker.distribution.manifest.v1+prettyjws
  5. Docker-Content-Digest: sha256:879af967e32a44f0ed03c7473d3809b944debc500f526bdf8b47ad5157e32653
  6. Docker-Distribution-Api-Version: registry/2.0
  7. Etag: "sha256:879af967e32a44f0ed03c7473d3809b944debc500f526bdf8b47ad5157e32653"
  8. X-Content-Type-Options: nosniff
  9. Date: Fri, 04 Nov 2016 02:42:28 GMT

删除清单

  1. cloud@cloud-m3-01:~$ curl -I -k -X DELETE https://mydockerhub.com:5000/v2/library/registry/manifests/sha256:879af967e32a44f0ed03c7473d3809b944debc500f526bdf8b47ad5157e32653
  2. HTTP/1.1 405 Method Not Allowed
  3. Content-Type: application/json; charset=utf-8
  4. Docker-Distribution-Api-Version: registry/2.0
  5. X-Content-Type-Options: nosniff
  6. Date: Fri, 04 Nov 2016 06:57:56 GMT
  7. Content-Length: 78

HTTP/1.1 405 Method Not Allowed主要因为启动registry的config.yml文件没有配置下面的字段:

  1. storage:
  2.     delete:
  3.         enabled: true

python写删除脚本(还没写)

如何部署一个 docker registry

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注