网站建设第三方,广州企业网站哪家好,网页版微信怎么删除聊天记录,沈阳公司做网站简述#xff1a;
Docker 官方镜像仓库是用于管理公共镜像的地方#xff0c;大家可以在上面找到想要的镜像#xff0c;也可以把自己的镜像推送上去。但是有时候服务器无法访问互联网#xff0c;或者不希望将自己的镜像放到互联网上#xff0c;那么就需要用到 Docker Regis…简述
Docker 官方镜像仓库是用于管理公共镜像的地方大家可以在上面找到想要的镜像也可以把自己的镜像推送上去。但是有时候服务器无法访问互联网或者不希望将自己的镜像放到互联网上那么就需要用到 Docker Registry 私有仓库它可以用来存储和管理自己的镜像。最近公司将项目全部打包成镜像有部署私有仓库服务的需求经过几轮商讨最终选择 Docker HarborDocker Harbor 有可视化的 Web 管理界面可以方便管理Docker 镜像操作也很方便简单又提供了多个项目的镜像权限管理控制功能等。
Harbor 架构构成
ProxyHarbor 的 Registry、UI、token 等服务。通过一个前置的反向代理统一接收浏览器Docker 客户端的请求并将请求转发给后端不同的服务。Registry负责储存Docker镜像并处理 Docker push/pull 命令。由于要对用户进行访问控制即不同用户对Docker image有不同的读写权限Registry会指向一个 token服务强制用户的每次 Docker pull/push 请求都要携带一个合法的token,Registry会通过公钥对 token 进行解密验证。
环境
两台主机
192.168.50.66 master 服务端
192.168.50.53 lbin-nfs 客户端
两台主机同样操作
关闭防火墙 [rootlocalhost ~]# iptables -F [rootlocalhost ~]# setenforce 0 [rootlocalhost ~]# systemctl stop firewalld 更改主机名 [rootlocalhost ~]# hostname master [rootlocalhost ~]# bash 创建dockers rpm包目录 [rootmaster ~]# mkdir docker 导入docker -ce [rootmaster docker]# ll 总用量 97596 -rw-r--r--. 1 root root 30374084 9月 18 2020 containerd.io-1.3.7-3.1.el7.x86_64.rpm -rw-r--r--. 1 root root 40816 7月 6 2020 container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm -rw-r--r--. 1 root root 302564 5月 14 2020 device-mapper-1.02.164-7.el7_8.2.x86_64.rpm -rw-r--r--. 1 root root 195448 5月 14 2020 device-mapper-event-1.02.164-7.el7_8.2.x86_64.rpm -rw-r--r--. 1 root root 195004 5月 14 2020 device-mapper-event-libs-1.02.164-7.el7_8.2.x86_64.rpm -rw-r--r--. 1 root root 331908 5月 14 2020 device-mapper-libs-1.02.164-7.el7_8.2.x86_64.rpm -rw-r--r--. 1 root root 432624 4月 4 2020 device-mapper-persistent-data-0.8.5-2.el7.x86_64.rpm -rw-r--r--. 1 root root 25268380 9月 18 2020 docker-ce-19.03.13-3.el7.x86_64.rpm -rw-r--r--. 1 root root 40247476 10月 9 2020 docker-ce-cli-19.03.13-3.el7.x86_64.rpm -rw-r--r--. 1 root root 1384208 5月 14 2020 lvm2-2.02.186-7.el7_8.2.x86_64.rpm -rw-r--r--. 1 root root 1143916 5月 14 2020 lvm2-libs-2.02.186-7.el7_8.2.x86_64.rpm [rootlocalhost docker]# yum -y install *.rpm [rootlocalhost docker]# cd 重启 [rootlocalhost ~]# systemctl start docker [rootlocalhost ~]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. 配置阿里云镜像加速 [rootlocalhost ~]# cat END /etc/docker/daemon.json { registry-mirrors:[ https://nyakyfun.mirror.aliyuncs.com ] } END 重启服务 [rootlocalhost ~]# systemctl daemon-reload [rootlocalhost ~]# systemctl restart docker 获取Docker Compose容器的工具。 [rootlocalhost ~]# rz [rootlocalhost ~]# mv docker-compose /usr/bin [rootlocalhost ~]# chmod x /usr/bin/docker-compose [rootlocalhost ~]# docker-compose --version docker-compose version 1.21.1, build 5a3f1a3 Harbor配置 服务端 [rootmaster ~]# tar xf harbor-offline-installer-v1.6.1.tgz [rootmaster ~]# cd harbor [rootmaster harbor]# tree bash: tree: 未找到命令 [rootmaster harbor]# yum -y install tree [rootmaster harbor]# tree ha ha ├── docker-compose.clair.tpl ├── docker-compose.clair.yml ├── docker-compose.tpl ├── docker-compose.yml ├── initial-registry.sql └── sample ├── active_active │ ├── check.sh │ └── keepalived_active_active.conf └── active_standby ├── check_harbor.sh └── keepalived_active_standby.conf [rootmaster ]# vim /root/harbor/harbor.cfg 7 hostname 192.168.50.66 [rootmaster harbor]# sh install.sh 如果报错就更改下面文件 [rootmaster harbor]# cat ha/initial-registry.sql CREATE DATABASE IF NOT EXISTS registry CHARACTER SET utf8 COLLATE utf8_general_ci; 成功 查看 [rootmaster harbor]# docker-compose ps Name Command State Ports ---------------------------------------------------------------------------------------------------- harbor-adminserver /harbor/start.sh Up (healthy) harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514-10514/tcp harbor-ui /harbor/start.sh Up (healthy) nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443-443/tcp, 0.0.0.0:4443-4443/tcp, 0.0.0.0:80-80/tcp redis docker-entrypoint.sh redis ... Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp 浏览器访问
如果一切都正常应该可以打开浏览器访问192.168.50.66的管理页面默认的管理员用户名和密码是 admin/Harbor12345 创建一个新项目
输入用户名和密码登录界面后可以创建一个新项目。点击“项目”按钮。 点击“确定”按钮成功创建 可以使用 Docker 命令在Harbor本地通过 127.0.0.1 来登录和推送镜像了。默认情况下 Register 服务器在端口 80 上
登陆 harbor [rootmaster harbor]# docker login -u admin -p Harbor12345 http://127.0.0.1 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded 下载镜像准备测试 [rootmaster harbor]# docker pull cirros Using default tag: latest latest: Pulling from library/cirros d0b405be7a32: Pull complete bd054094a037: Pull complete c6a00de1ec8a: Pull complete Digest: sha256:1e695eb2772a2b511ccab70091962d1efb9501fdca804eb1d52d21c0933e7f47 Status: Downloaded newer image for cirros:latest docker.io/library/cirros:latest 给镜像打tag [rootmaster harbor]# docker tag cirros 127.0.0.1/cccoooo/cirros:v1 上传到 harbor [rootmaster harbor]# docker push 127.0.0.1/cccoooo/cirros:v1 The push refers to repository [127.0.0.1/cccoooo/cirros] 984ad441ec3d: Pushed f0a496d92efa: Pushed e52d19c3bee2: Pushed v1: digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 size: 943 查看一下有没有 [rootmaster harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 127.0.0.1/cccoooo/cirros v1 f9cae1daf5f6 2 years ago 12.6MB 刷新查看 客户端上传镜像 修改配置文件 vim /usr/lib/systemd/system/docker.service 14 ExecStart/usr/bin/dockerd -H fd:// --containerd/run/containerd/containerd.sock --insecure-reg istry192.168.50.66 重启服务 [rootlocalhost ~]# systemctl daemon-reload [rootlocalhost ~]# systemctl restart docker 登陆访问
第一种 [rootlbin-nfs ~]# docker login -u admin -p Harbor12345 http://192.168.50.66 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded 第二种 [rootlbin-nfs ~]# docker login -u admin -p Harbor12345 192.168.50.66 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded 下载镜像准备测试 [rootlbin-nfs ~]# docker pull cirros Using default tag: latest latest: Pulling from library/cirros d0b405be7a32: Pull complete bd054094a037: Pull complete c6a00de1ec8a: Pull complete Digest: sha256:1e695eb2772a2b511ccab70091962d1efb9501fdca804eb1d52d21c0933e7f47 Status: Downloaded newer image for cirros:latest docker.io/library/cirros:latest 打标签
[rootlbin-nfs ~]# docker tag cirros 192.168.50.66/cccoooo/cirros:v22
上传 [rootlbin-nfs ~]# docker push 192.168.50.66/cccoooo/cirros:v22 The push refers to repository [192.168.50.66/cccoooo/cirros] 984ad441ec3d: Layer already exists f0a496d92efa: Layer already exists e52d19c3bee2: Layer already exists v22: digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 size: 943 浏览器查看 Harbor 日常操作管理
点击“项目”时按规范填写项目名称。项目级别私有即不勾选(勾选后会变为公开)。如果设置为公共仓库则所有人对此项目下的镜像拥有读权限命令行中不需要执行Docker login即可下载镜像镜像操作与Docker hub 一致。
创建用户 设置权限 首先退出当前用户然后使用上述创建的账户 登录。
退出 [rootlbin-nfs ~]# docker logout 192.168.50.66 Removing login credentials for 192.168.50.66 登陆 [rootlbin-nfs ~]# docker login 192.168.50.66 Username: asd Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded 下载v1镜像 [rootlbin-nfs ~]# docker pull 192.168.50.66/cccoooo/cirros:v1 Error response from daemon: pull access denied for 192.168.50.66/cccoooo/cirros, repository does not exist or may require docker login: denied: requested access to the resource is denied [rootlbin-nfs ~]# docker pull 192.168.50.66/cccoooo/cirros:v1 v1: Pulling from cccoooo/cirros Digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 Status: Downloaded newer image for 192.168.50.66/cccoooo/cirros:v1 192.168.50.66/cccoooo/cirros:v1 查看 [rootlbin-nfs ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE postgres latest 07e2ee723e2d 19 months ago 374MB mysql 5.6 dd3b2a5dcb48 19 months ago 303MB redis alpine 3900abf41552 20 months ago 32.4MB 192.168.50.66/cccoooo/cirros v1 f9cae1daf5f6 2 years ago 12.6MB 查看日志 管理 Harbor 可以使用 docker-compose来管理Harbor。一些有用的命令如下所示必须在与docker-compose.yml 相同的目录中运行。 停止/启动/重启 Harbor [rootmaster harbor]# docker-compose stop | start | restart
