docker私有化倉庫是為了節約帶寬(外網速度慢或者干脆不能連外網),以及自己定制系統。
(1).環境
youxi1 192.168.5.101 docker私有化倉庫
youxi2 192.168.5.102 docker服務器
docker服務器會使用youxi1上的docker私有化倉庫來pull/push鏡像。
首先兩台服務器都搭建docker,具體可以看:Docker容器(一)——Docker的介紹與部署(使用方法一的阿里雲加速器地址,配置好即可)。
(2).使用docker-registry創建私有化倉庫
docker-registry是官方提供的工具,可以用於創建私有化鏡像倉庫。
思路:直接下載並使用registry鏡像啟動docker實例。
1)配置youxi1為docker私有化倉庫
關閉防火牆和SELinux
[root@youxi1 ~]# systemctl stop firewalld && systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@youxi1 ~]# cat /etc/sysconfig/selinux SELINUX=disabled //改為disabled SELINUXTYPE=targeted [root@youxi1 ~]# reboot //重啟系統
導入鏡像
//在線導入鏡像,使用該方法請一定要使用加速器地址 [root@youxi1 ~]# docker pull registry c87736221ed0: Pull complete 1cc8e0bb44df: Pull complete 54d33bcb37f5: Pull complete e8afc091c171: Pull complete b4541f6d3db6: Pull complete Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146 Status: Downloaded newer image for registry:latest docker.io/library/registry:latest [root@youxi1 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest f32a97de94e1 6 months ago 25.8MB //導入本地鏡像 [root@youxi1 ~]# docker load -i registry.tar
默認情況下,registry程序存放鏡像信息的目錄是鏡像的/var/lib/registry,如果容器被刪除,那么存放在容器中的鏡像也會丟失。所以一般情況下,會使用-v選項來指定宿主機(物理機)的一個目錄掛載到容器的/var/lib/registry下。另外該程序默認監聽端口5000,使用-p選項映射。
[root@youxi1 ~]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry:latest 33405dbe1d5435172aea0544449629ef16f18b58d9c2fdb06f8fcdad55867f5b [root@youxi1 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 33405dbe1d54 registry:latest "/entrypoint.sh /etc…" 11 seconds ago Up 10 seconds 0.0.0.0:5000->5000/tcp confident_kare [root@youxi1 ~]# yum -y install net-tools [root@youxi1 ~]# netstat -antup | grep 5000 tcp6 0 0 :::5000 :::* LISTEN 1744/docker-proxy
使用Windows瀏覽器查看,192.168.5.101:5000/v2/_catalog。
由於倉庫里沒有鏡像,所以后面的中括號[]中顯示為空。
2)在youxi2上使用私有倉庫
在使用前,先使用youxi2下載一份任意鏡像,如果有本地鏡像可以直接導入即可。這里我下載了一份centos和一份busybox,其中BusyBox是一個集成了三百多個最常見的Linux命令和工具的軟件,官網:https://busybox.net/。下載兩個是為了測試修改配置文件和服務文件,使得docker加速節點指向私有化倉庫
[root@youxi2 ~]# docker pull centos Using default tag: latest latest: Pulling from library/centos d8d02d457314: Pull complete Digest: sha256:307835c385f656ec2e2fec602cf093224173c51119bbebd602c53c3653a3d6eb Status: Downloaded newer image for centos:latest docker.io/library/centos:latest [root@youxi2 ~]# docker pull busybox Using default tag: latest latest: Pulling from library/busybox 7c9d20b9b6cd: Pull complete Digest: sha256:fe301db49df08c384001ed752dff6d52b4305a73a7f608f21528048e8a08b51e Status: Downloaded newer image for busybox:latest docker.io/library/busybox:latest [root@youxi2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 19485c79a9bb 2 weeks ago 1.22MB centos latest 67fa590cfc1c 4 weeks ago 202MB
修改配置文件或服務文件,以使得docker加速節點指向私有化倉庫
//修改配置文件
[root@youxi2 ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.5.101:5000"]
}
[root@youxi2 ~]# systemctl restart docker
//修改服務文件
[root@youxi2 ~]# vim /usr/lib/systemd/system/docker.service
//修改第14行
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
--insecure-registry 192.168.5.101:5000
[root@youxi2 ~]# systemctl daemon-reload
[root@youxi2 ~]# systemctl restart docker
對已有的鏡像重新打標簽
[root@youxi2 ~]# docker tag centos:latest 192.168.5.101:5000/centos:latest [root@youxi2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 19485c79a9bb 2 weeks ago 1.22MB 192.168.5.101:5000/centos latest 67fa590cfc1c 4 weeks ago 202MB centos latest 67fa590cfc1c 4 weeks ago 202MB
將打好標簽的鏡像上傳到私有化倉庫
[root@youxi2 ~]# docker push 192.168.5.101:5000/centos:latest The push refers to repository [192.168.5.101:5000/centos] 877b494a9f30: Pushed latest: digest: sha256:a36b9e68613d07eec4ef553da84d0012a5ca5ae4a830cf825bb68b929475c869 size: 529
刷新瀏覽器,可以看到之前的網址顯示了上傳的鏡像。
已經可以上傳了,那么再試試下載功能
[root@youxi2 ~]# docker images //查看現有 REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.5.101:5000/busybox latest 19485c79a9bb 2 weeks ago 1.22MB busybox latest 19485c79a9bb 2 weeks ago 1.22MB 192.168.5.101:5000/centos latest 67fa590cfc1c 4 weeks ago 202MB centos latest 67fa590cfc1c 4 weeks ago 202MB [root@youxi2 ~]# docker rmi 192.168.5.101:5000/busybox:latest //刪除一個私有化鏡像 Untagged: 192.168.5.101:5000/busybox:latest Untagged: 192.168.5.101:5000/busybox@sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 [root@youxi2 ~]# docker images //再次查看 REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 19485c79a9bb 2 weeks ago 1.22MB 192.168.5.101:5000/centos latest 67fa590cfc1c 4 weeks ago 202MB centos latest 67fa590cfc1c 4 weeks ago 202MB [root@youxi2 ~]# docker pull 192.168.5.101:5000/busybox //下載鏡像 Using default tag: latest latest: Pulling from busybox Digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 Status: Downloaded newer image for 192.168.5.101:5000/busybox:latest 192.168.5.101:5000/busybox:latest [root@youxi2 ~]# docker images //查看 REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.5.101:5000/busybox latest 19485c79a9bb 2 weeks ago 1.22MB busybox latest 19485c79a9bb 2 weeks ago 1.22MB 192.168.5.101:5000/centos latest 67fa590cfc1c 4 weeks ago 202MB centos latest 67fa590cfc1c 4 weeks ago 202MB [root@youxi2 ~]# docker run 192.168.5.101:5000/busybox:latest echo "hello world" //測試 hello world
(3).使用harbor創建私有化倉庫
harbor是由VMware公司開源的企業級Docker Registry管理項目,它包括權限管理(RBAC)、LDAP、日志審核、管理界面、自我注冊、鏡像復制和中文支持等功能。官方網址:https://github.com/goharbor/harbor
注意:安裝harbar空間需要大於6G,內存大於2G。
1)在youxi1上班安裝harbor
安裝pip並更新,使用pip安裝docker-compose
[root@youxi1 ~]# yum -y install python-pip [root@youxi1 ~]# pip install --upgrade pip [root@youxi1 ~]# pip install -U -i https://pypi.tuna.tsinghua.edu.cn/simple docker-compose
前往GItHub上下載Harbor的安裝包,解壓安裝。下載地址:https://github.com/goharbor/harbor/releases
[root@youxi1 ~]# tar xf harbor-offline-installer-v1.9.0.tgz -C /usr/local/src/ [root@youxi1 ~]# cd /usr/local/src/harbor/ [root@youxi1 harbor]# vim harbor.yml hostname: 192.168.5.101 //第5行,改為IP地址 harbor_admin_password: 123456 //第27行,管理員UI登錄密碼,根據需求修改 data_volume: /data //第40行,默認存儲harbor數據位置,默認即可 [root@youxi1 harbor]# ./prepare//初始化安裝環境 [root@youxi1 harbor]# ./install.sh //默認安裝,沒有Notary/Clair ...... [Step 3]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating redis ... done Creating registry ... done Creating harbor-db ... done Creating registryctl ... done Creating harbor-portal ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://192.168.5.101. For more details, please visit https://github.com/goharbor/harbor . [root@youxi1 harbor]# docker images //查看一下 REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/prepare dev 265a282fa199 24 hours ago 147MB goharbor/chartmuseum-photon v0.9.0-v1.9.0 00c12627cbd7 10 days ago 131MB goharbor/harbor-migrator v1.9.0 75d4de5e0f16 10 days ago 362MB goharbor/redis-photon v1.9.0 3249afaa9965 10 days ago 109MB goharbor/clair-photon v2.0.9-v1.9.0 e54ad567c58f 10 days ago 165MB goharbor/notary-server-photon v0.6.1-v1.9.0 2cdecba59f38 10 days ago 138MB goharbor/notary-signer-photon v0.6.1-v1.9.0 973378593def 10 days ago 135MB goharbor/harbor-registryctl v1.9.0 30a01bf0f4df 10 days ago 99.6MB goharbor/registry-photon v2.7.1-patch-2819-v1.9.0 32571099a9fe 10 days ago 82.3MB goharbor/nginx-photon v1.9.0 f933d62f9952 10 days ago 43.9MB goharbor/harbor-log v1.9.0 28e27d511335 10 days ago 82.6MB goharbor/harbor-jobservice v1.9.0 f3cd0b181a89 10 days ago 141MB goharbor/harbor-core v1.9.0 f2814ed8aadd 10 days ago 155MB goharbor/harbor-portal v1.9.0 0778d4c5d27e 10 days ago 51.3MB goharbor/harbor-db v1.9.0 a809e14d2d49 10 days ago 147MB goharbor/prepare v1.9.0 aa594772c1e8 10 days ago 147MB
使用Windows瀏覽器訪問192.168.5.101,賬號是admin,密碼是上面設置的123456。
自帶一個項目,也可以自己新建
2)在youxi2上使用私有化倉庫
下載兩個測試鏡像
[root@youxi2 ~]# docker pull centos Using default tag: latest latest: Pulling from library/centos d8d02d457314: Pull complete Digest: sha256:307835c385f656ec2e2fec602cf093224173c51119bbebd602c53c3653a3d6eb Status: Downloaded newer image for centos:latest docker.io/library/centos:latest [root@youxi2 ~]# docker pull busybox Using default tag: latest latest: Pulling from library/busybox 7c9d20b9b6cd: Pull complete Digest: sha256:fe301db49df08c384001ed752dff6d52b4305a73a7f608f21528048e8a08b51e Status: Downloaded newer image for busybox:latest docker.io/library/busybox:latest [root@youxi2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 19485c79a9bb 2 weeks ago 1.22MB centos latest 67fa590cfc1c 4 weeks ago 202MB
修改配置文件或服務文件,以使得docker加速節點指向私有化倉庫
//修改配置文件
[root@youxi2 ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.5.101"]
}
[root@youxi2 ~]# systemctl restart docker
//修改服務器文件
[root@youxi2 ~]# vim /usr/lib/systemd/system/docker.service
//修改第14行
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
--insecure-registry 192.168.5.101
[root@youxi2 ~]# systemctl daemon-reload
[root@youxi2 ~]# systemctl restart docker
對已有的鏡像打上標簽
[root@youxi2 ~]# docker login 192.168.5.101 //登錄私有化倉庫 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@youxi2 ~]# docker tag centos:latest 192.168.5.101/library/centos:latest [root@youxi2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 19485c79a9bb 2 weeks ago 1.22MB 192.168.5.101/library/centos latest 67fa590cfc1c 4 weeks ago 202MB centos latest 67fa590cfc1c 4 weeks ago 202MB
將打好標簽的鏡像上傳至私有化倉庫
[root@youxi2 ~]# docker push 192.168.5.101/library/centos:latest The push refers to repository [192.168.5.101/library/centos] 877b494a9f30: Pushed latest: digest: sha256:a36b9e68613d07eec4ef553da84d0012a5ca5ae4a830cf825bb68b929475c869 size: 529
刷新瀏覽器,可以看到倉庫鏡像數變為了2
試完上傳,再試試下載
[root@youxi2 ~]# docker images //查看現有鏡像 REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.5.101/library/busybox latest 19485c79a9bb 2 weeks ago 1.22MB busybox latest 19485c79a9bb 2 weeks ago 1.22MB centos latest 67fa590cfc1c 4 weeks ago 202MB 192.168.5.101/library/centos latest 67fa590cfc1c 4 weeks ago 202MB [root@youxi2 ~]# docker rmi 192.168.5.101/library/busybox:latest //刪除鏡像 Untagged: 192.168.5.101/library/busybox:latest Untagged: 192.168.5.101/library/busybox@sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 [root@youxi2 ~]# docker images //再次查看 REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 19485c79a9bb 2 weeks ago 1.22MB 192.168.5.101/library/centos latest 67fa590cfc1c 4 weeks ago 202MB centos latest 67fa590cfc1c 4 weeks ago 202MB [root@youxi2 ~]# docker pull 192.168.5.101/library/busybox:latest //拉取 latest: Pulling from library/busybox Digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 Status: Downloaded newer image for 192.168.5.101/library/busybox:latest 192.168.5.101/library/busybox:latest [root@youxi2 ~]# docker images //查看 REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.5.101/library/busybox latest 19485c79a9bb 2 weeks ago 1.22MB busybox latest 19485c79a9bb 2 weeks ago 1.22MB 192.168.5.101/library/centos latest 67fa590cfc1c 4 weeks ago 202MB centos latest 67fa590cfc1c 4 weeks ago 202MB