本文收录在
(1)repository
(2)index
(1)拉取镜像
docker pull <registry>[:<port>]/[<namespace>/]<name>:<tag>
(2)上传镜像
docker push [options] name[:tag]
例:docker pull quay.io/coreos/flannel:v0.10.0-amd64
博主前面的文章已经详细介绍过,从第三方的registry 上传拉取镜像了;这篇就是详细讲解如果搭建私有registry ,并在私有registry上传拉取镜像了。
docker提供的开源registry,但是很简单,只能作为存储镜像的仓库,没有额外的功能;如管理页面等
两种方案安装,我采用的是方案2
[root@docker2 ~]# yum info docker-distribution
已加载插件:fastestmirror
loading mirror speeds from cached hostfile
可安装的软件包
名称 :docker-distribution
架构 :x86_64
版本 :2.6.2
发布 :2.git48294d9.el7
大小 :3.5 m
源 :extras/7/x86_64
简介 : docker toolset to pack, ship, store, and deliver content
网址 :https://github.com/docker/distribution
协议 : asl 2.0
描述 : docker toolset to pack, ship, store, and deliver content
[root@docker2 ~]# yum -y install docker-distribution
(1)拉取镜像
[root@docker2 ~]# docker pull registry:2.6.2
2.6.2: pulling from library/registry
d6a5679aa3cf: pull complete
ad0eac849f8f: pull complete
2261ba058a15: pull complete
f296fda86f10: pull complete
bcd4a541795b: pull complete
digest: sha256:5a156ff125e5a12ac7fdec2b90b7e2ae5120fa249cf62248337b6d04abc574c8
status: downloaded newer image for registry:2.6.2
(2)启动registry 容器
[root@docker2 ~]# docker run --name registry -p 5000:5000 -v /data/registry:/var/lib/registry -d registry:2.6.2
a43f802e737eba89879a4dc02562b38e0042db981f9bdb91782b453f0bac4119
[root@docker2 ~]# docker port registry
5000/tcp -> 0.0.0.0:5000
[root@docker2 ~]# ss -nutlp |grep 5000
tcp listen 0 128 :::5000 :::* users:(("docker-proxy",pid=4901,fd=4))
[root@docker2 ~]# docker inspect -f {{."mounts"}} registry
[{bind /data/registry /var/lib/registry true rprivate}]
注:
(1)先将本地仓库打上合适的标签
[root@docker1 ~]# docker tag busybox:latest 192.168.10.102:5000/busybox:v0.1
[root@docker1 ~]# docker image ls
repository tag image id created size
192.168.10.102:5000/busybox v0.1 758ec7f3a1ee 13 days ago 1.15 mb
busybox latest 758ec7f3a1ee 13 days ago 1.15 mb
(2)尝试删除镜像
[root@docker1 ~]# docker push 192.168.10.102:5000/busybox:v0.1
the push refers to a repository [192.168.10.102:5000/busybox]
get https://192.168.10.102:5000/v1/_ping: http: server gave http response to https client
上传镜像失败;原因:docker 上传下载默认只支持https协议,搭建的私有仓库是http协议。
(3)修改重启docker服务
[root@docker1 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["192.168.10.102:5000"]
}
[root@docker1 ~]# systemctl restart docker
注:就是将私有仓库认证为安全仓库:"insecure-registries": [""]
(4)再次上传镜像,成功
[root@docker1 ~]# docker push 192.168.10.102:5000/busybox:v0.1
the push refers to a repository [192.168.10.102:5000/busybox]
23bc2b70b201: pushed
v0.1: digest: sha256:cbcde3595079b1f7a6b046e96e7547fe786d5c2c8eba678bc260161bc01b8dbe size: 527
(5)在私有仓库的服务器上验证
[root@docker2 ~]# ls /data/registry/docker/registry/v2/
blobs repositories
(6)从私有仓库拉取镜像,先删除再拉取
[root@docker1 ~]# docker rmi 192.168.10.102:5000/busybox:v0.1
untagged: 192.168.10.102:5000/busybox:v0.1
untagged: 192.168.10.102:5000/busybox@sha256:cbcde3595079b1f7a6b046e96e7547fe786d5c2c8eba678bc260161bc01b8dbe
[root@docker1 ~]# docker image ls
repository tag image id created size
busybox latest 758ec7f3a1ee 2 weeks ago 1.15 mb
[root@docker1 ~]# docker pull 192.168.10.102:5000/busybox:v0.1
v0.1: pulling from busybox
digest: sha256:cbcde3595079b1f7a6b046e96e7547fe786d5c2c8eba678bc260161bc01b8dbe
status: downloaded newer image for 192.168.10.102:5000/busybox:v0.1
[root@docker1 ~]# docker image ls
repository tag image id created size
192.168.10.102:5000/busybox v0.1 758ec7f3a1ee 2 weeks ago 1.15 mb
(1)参数介绍
① 配置参数位于文件harbor.cfg中。
② 在harbor.cfg中有两类参数,必需参数和可选参数。
③ 注意:如果您选择通过portal设置这些参数,请务必在harbour启动后立即执行此操作。特别是,您必须在harbour中注册或创建任何新用户之前设置所需的auth_mode。当系统中有用户时(除默认管理员用户外), 无法更改auth_mode。
④ 请注意,至少需要更改hostname属性。
(2)必需参数
(3)可选参数
(4)配置存储后端(可选)
默认情况下,harbor将图像存储在本地文件系统中。在生产环境中,您可以考虑使用其他存储后端而不是本地文件系统,如s3,openstack swift,ceph等。这些参数是注册表的配置。
例如,如果使用openstack swift作为存储后端,则参数可能如下所示:
registry_storage_provider_name = swift
registry_storage_provider_config = “ username:admin,password:admin_pass,authurl:http:// keystone_addr:35357 / v3 / aut
注意:有关注册表存储后端的详细信息,请参阅“ 。
资源 | 容量 | 描述 |
---|---|---|
cpu | 最小2 cpu | 4 cpu是首选 |
内存 | 最小4gb | 8gb是首选 |
磁盘 | 最小40gb | 160gb是首选 |
软件 | 版 | 描述 |
---|---|---|
python | 2.7或更高版本 | 请注意,您可能必须在linux发行版(gentoo,arch)上安装python,默认情况下不安装python解释器 |
docker engine | 版本1.10或更高版本 | 有关安装说明,请参阅:: |
docker compose | 版本1.6.0或更高版本 | 有关安装说明,请参阅:: |
openssl | 最新的是首选 | 为harbor生成证书和密钥 |
端口 | 协议 | 描述 |
---|---|---|
443 | https | harbor门户和核心api将接受此端口上的https协议请求 |
4443 | https | 只有在启用“公证”时才需要连接到dock的docker content trust服务 |
80 | http | harbor端口和核心api将接受此端口上的http协议请求 |
博主也是太长时间没有进行硬盘添加的操作了,熟悉一遍
(1)查询添加的磁盘的名字
$ fdisk -l
disk /dev/sdb: 53.7 gb, 53687091200 bytes, 104857600 sectors
units = sectors of 1 * 512 = 512 bytes
sector size (logical/physical): 512 bytes / 512 bytes
i/o size (minimum/optimal): 512 bytes / 512 bytes
(2)对磁盘进行分区
$ fdisk /dev/sdb
command (m for help): m
command (m for help): n
partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
using default response p
partition number (1-4, default 1):
first sector (2048-104857599, default 2048):
using default value 2048
last sector, +sectors or +size{k,m,g} (2048-104857599, default 104857599):
using default value 104857599
partition 1 of type linux and of size 50 gib is set
command (m for help): w
the partition table has been altered!
calling ioctl() to re-read partition table.
syncing disks.
(3)磁盘文件格式化
$ [root@centos7-1 ~]# mkfs.ext3 /dev/sdb1
(4)挂载磁盘
$ vim /etc/fstab 设为开机自动挂载
/dev/sdb1 /data ext3 defaults 0 0
$ mount -a 挂载磁盘
(5)验证
[root@centos7-1 ~]# df -h /data
filesystem size used avail use% mounted on
/dev/sdb1 50g 52m 47g 1% /data
方案1:直接yum安装
[root@docker2 ~]# yum -y install docker-compose
方案2:在github上选择自己需要的版本下载安装
$ curl -l https://github.com/docker/compose/releases/download/1.23.2/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
$ chmod +x /usr/local/bin/docker-compose
$ docker-compose version
docker-compose version 1.23.2, build 1110ad01
docker-py version: 3.6.0
cpython version: 3.6.7
openssl version: openssl 1.1.0f 25 may 2017
资源可以下载的很慢,我已经将1.7.1版本放入我的网盘了,需要的私聊
[root@docker2 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
[root@docker2 ~]# tar -c /data/ -xvf harbor-offline-installer-v1.7.1.tgz
(1)修改harbor.cfg 配置文件
[root@docker2 ~]# cd /data/harbor/
[root@docker2 harbor]# grep "^[^#]" harbor.cfg
_version = 1.7.0
hostname = docker2
ui_url_protocol = http
max_job_workers = 2
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = na
log_rotate_count = 50
log_rotate_size = 200m
http_proxy =
https_proxy =
no_proxy = 127.0.0.1,localhost,core,registry
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
email_insecure = false
harbor_admin_password = harbor12345
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 2
ldap_timeout = 5
ldap_verify_cert = true
ldap_group_basedn = ou=group,dc=mydomain,dc=com
ldap_group_filter = objectclass=group
ldap_group_gid = cn
ldap_group_scope = 2
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
db_host = postgresql
db_password = along
db_port = 5432
db_user = postgres
redis_host = redis
redis_port = 6379
redis_password = along
redis_db_index = 1,2,3
clair_db_host = postgresql
clair_db_password = along
clair_db_port = 5432
clair_db_username = postgres
clair_db = postgres
clair_updaters_interval = 12
uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem
registry_storage_provider_name = filesystem
registry_storage_provider_config =
registry_custom_ca_bundle =
主要修改了:
hostname:主机名
max_job_workers:最大cpu数,小于等于自己服务器的硬件
(2)定义docker-compose.yml 文件(可省略)
docker-compose.yml 文件是docker 编排时,对容器的一些操作:
① 端口
ports:
- 80:80
- 443:443
- 4443:4443
② 众多存储器路径
如:volumes:
- /data/registry:/storage:z
在生产环境中,尽量将容器的存储卷定义在空间较为充足的磁盘;
自己根据实际情况进行修改;
[root@docker2 harbor]# ./install.sh
[step 0]: checking installation environment ...
note: docker version: 18.03.1
note: docker-compose version: 1.23.2
[step 1]: loading harbor images ...
loaded image: goharbor/registry-photon:v2.6.2-v1.7.1
loaded image: goharbor/harbor-migrator:v1.7.1
loaded image: goharbor/harbor-adminserver:v1.7.1
loaded image: goharbor/harbor-core:v1.7.1
loaded image: goharbor/harbor-log:v1.7.1
loaded image: goharbor/harbor-jobservice:v1.7.1
loaded image: goharbor/notary-server-photon:v0.6.1-v1.7.1
loaded image: goharbor/clair-photon:v2.0.7-v1.7.1
loaded image: goharbor/harbor-portal:v1.7.1
loaded image: goharbor/harbor-db:v1.7.1
loaded image: goharbor/redis-photon:v1.7.1
loaded image: goharbor/nginx-photon:v1.7.1
loaded image: goharbor/harbor-registryctl:v1.7.1
loaded image: goharbor/notary-signer-photon:v0.6.1-v1.7.1
loaded image: goharbor/chartmuseum-photon:v0.7.1-v1.7.1
[step 2]: preparing environment ...
generated and saved secret to file: /data/secretkey
generated configuration file: ./common/config/nginx/nginx.conf
generated configuration file: ./common/config/adminserver/env
generated configuration file: ./common/config/core/env
generated configuration file: ./common/config/registry/config.yml
generated configuration file: ./common/config/db/env
generated configuration file: ./common/config/jobservice/env
generated configuration file: ./common/config/jobservice/config.yml
generated configuration file: ./common/config/log/logrotate.conf
generated configuration file: ./common/config/registryctl/env
generated configuration file: ./common/config/core/app.conf
generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
the configuration files are ready, please use docker-compose to start the service.
[step 3]: checking existing instance of harbor ...
[step 4]: starting harbor ...
creating network "harbor_harbor" with the default driver
creating harbor-log ... done
creating registry ... done
creating harbor-db ... done
creating registryctl ... done
creating harbor-adminserver ... done
creating redis ... done
creating harbor-core ... done
creating harbor-portal ... done
creating harbor-jobservice ... done
creating nginx ... done
✔ ----harbor has been installed and started successfully.----
now you should be able to visit the admin portal at http://docker2.
for more details, please visit https://github.com/goharbor/harbor .
(1)打开了一些端口
[root@docker2 harbor]# ss -nutlp |grep docker
tcp listen 0 128 127.0.0.1:1514 *:* users:(("docker-proxy",pid=1440,fd=4))
tcp listen 0 128 :::80 :::* users:(("docker-proxy",pid=2204,fd=4))
tcp listen 0 128 :::443 :::* users:(("docker-proxy",pid=2192,fd=4))
tcp listen 0 128 :::4443 :::* users:(("docker-proxy",pid=2181,fd=4))
(2)harbor实际就是启动了一些docker服务
[root@docker2 ~]# docker ps
container id image command created status ports names
def22a8eeb9a goharbor/nginx-photon:v1.7.1 "nginx -g 'daemon of…" 2 hours ago up 2 hours (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
a410a38479fa goharbor/harbor-portal:v1.7.1 "nginx -g 'daemon of…" 2 hours ago up 2 hours (healthy) 80/tcp harbor-portal
e25f87eb80db goharbor/harbor-jobservice:v1.7.1 "/harbor/start.sh" 2 hours ago up 2 hours harbor-jobservice
2be7211535a2 goharbor/harbor-core:v1.7.1 "/harbor/start.sh" 2 hours ago up 2 hours (healthy)
-
您可能感兴趣的文章:
如对本文有疑问,
点击进行留言回复!!
linux下文本编辑器vim的使用方法(复制、粘贴、替换、行号、撤销、多文件操作)
网友评论