搭建個私有docker鏡像倉庫

公有倉庫和私有倉庫：

速度：公有倉庫走的公網，速度較慢；私有倉庫走的是内網，即區域網路；

安全性：公有倉庫存放在公共硬碟上；私有倉庫存在自己伺服器硬碟上。

公有倉：

最權威的，但速度比較慢：

https://hub.docker.com/

首先登陸：

$ docker login -usmallsoup 
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded           

打标簽，push鏡像到hub倉庫：

docker tag zookeeper:3.5 smallsoup/zookeeper:3.5
docker push smallsoup/zookeeper:3.5
           

已push成功，可以在hub上看到：

私有倉：

用docker提供的registry在本地搭建私有倉：

docker pull registry:2.5.2
docker run -d -p 5000:5000 registry:2.5.2
docker tag zookeeper:3.5 localhost:5000/zookeeper:3.5
docker push zookeeper:3.5 localhost:5000/zookeeper:3.5           

因沒有設定安全性，是以直接可以push上去。

由于是本地倉庫，是以pull的速度很快。

[root@localhost micro-service]# docker pull localhost:5000/zookeeper:3.5
3.5: Pulling from zookeeper
Digest: sha256:3474ec46da9db9dc27a431f9645a2df9c91d5b969f591fe0ccd4c40f2bfd1579
Status: Image is up to date for localhost:5000/zookeeper:3.5           

但是這個私有倉不能滿足我們的需求，生産線上萬一該私有倉伺服器故障，其他伺服器也無法接管。再者，也沒有頁面可以便于管理。

業内出現的harbor，主要提供 Dcoker Registry 管理UI，可基于角色通路控制, AD/LDAP 內建，日志稽核等功能，完全的支援中文，非常适用于生産環境。

harbor私有倉庫搭建

github位址：

https://github.com/goharbor/harbor/releases

下載下傳位址：

https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz

這個連結速度太慢，可以在這裡下載下傳：

http://harbor.orientsoft.cn/

以下使用的harbor版本是harbor-offline-installer-v1.5.0.tgz

首先解壓：

tar -zxf harbor-offline-installer-v1.5.0.tgz           

然後運作./install腳本進行安裝，如果需要特殊設定，可以先修改harbor.cfg和docker-compose.yml後在進行./install安裝操作

[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... 
Creating redis              ... error
Creating harbor-db          ... 
Creating registry           ... 
Creating harbor-adminserver ... done
ERROR: for redis  Cannot create container for service redis: b'Conflict. The container name "/redis" is already in use
Creating harbor-db          ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating nginx              ... done

ERROR: for redis  Cannot create container for service redis: b'Conflict. The container name "/redis" is already in use by container "c3813d66ccad284d3529227fabf3d5c19cb991237de8d3e72fc470ffd2cbfa99". You have to remove (or rename) that container to be able to reuse that name.'
ERROR: Encountered errors while bringing up the project.           

安裝過程中報以上錯誤，是因為伺服器上已經有了名為redis的容器名，和harbor将要安裝的redis容器名重名，需要rename伺服器上已有的redis容器名為micro-service-redis：

$ docker ps -a --filter name=redis
CONTAINER ID        IMAGE                              COMMAND             CREATED             STATUS              PORTS                    NAMES
c3813d66ccad        hub.c.163.com/public/redis:2.8.4   "/run.sh"           2 days ago          Up 42 hours         0.0.0.0:6379->6379/tcp   redis

$ docker rename redis micro-service-redis 
$ docker ps -aq --filter name=redis
c3813d66ccad

$ docker ps -a --filter name=redis
CONTAINER ID        IMAGE                              COMMAND             CREATED             STATUS              PORTS                    NAMES
c3813d66ccad        hub.c.163.com/public/redis:2.8.4   "/run.sh"           2 days ago          Up 42 hours         0.0.0.0:6379->6379/tcp   micro-service-redis           

然後重新執行./install

[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis              ... done
Creating harbor-db          ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... 
Creating nginx              ... 

ERROR: for harbor-jobservice  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

ERROR: for nginx  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

ERROR: for jobservice  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

ERROR: for proxy  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
If you encounter this issue regularly because of slow network conditions, consider setting COMPOSE_HTTP_TIMEOUT to a higher value (current value: 60).           

又報以上的錯，可能是由于網絡問題，導緻失敗，重新./install試試：

[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis              ... done
Creating harbor-db          ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating nginx              ... done
Creating harbor-jobservice  ... done

 ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://hub.smallsoup.com. 
For more details, please visit https://github.com/vmware/harbor .           

成功了。

可以通路harbor部署伺服器IP:docker-compose.yml中80映射到主控端上的端口；

使用者名是admin，密碼是harbor.cfg中harbor_admin_password的值通路管理頁面：

可以建立一個私有倉庫micro-service：

在系統管理->使用者管理中添加使用者，然後點開上一步建立的項目-->>成員-->>建立成員，并設定權限。

項目管理者：有pull和push以及項目其他管理權限；

開發人員：有pull和push權限；

訪客：隻有pull權限。

将該項目的各個微服務image push到harbor的micro-service項目裡：

$ docker images |grep -v "vmware"
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
api-gateway-zuul                latest              8a814cf9bb65        23 hours ago        476MB
course-service                  latest              673d4501353e        23 hours ago        462MB
course-edge-service             latest              854d5d8bddaa        23 hours ago        484MB
message-thrift-python-service   latest              4317a76b387e        24 hours ago        926MB
user-edge-service               latest              ff07d54a02ba        25 hours ago        469MB
user-thrift-service             latest              02dd6fd0f239        26 hours ago        456MB
python-base                     latest              81ad8926a9d9        26 hours ago        926MB
zookeeper                       3.5                 c41e1dcd86e4        2 weeks ago         128MB
smallsoup/zookeeper             3.5                 c41e1dcd86e4        2 weeks ago         128MB
localhost:5000/zookeeper        3.5                 c41e1dcd86e4        2 weeks ago         128MB
elasticsearch                   latest              5acf0e8da90b        2 weeks ago         486MB
registry                        2.5.2               96ca477b7e56        3 weeks ago         37.8MB
registry                        2                   2e2f252f3c88        3 weeks ago         33.3MB
python                          3.6                 4f13b7f2138e        4 weeks ago         918MB
openjdk                         8-jre               66bf39162ea7        4 weeks ago         443MB
mysql                           latest              6a834f03bd02        4 weeks ago         484MB
hub.c.163.com/public/redis      2.8.4               4888527e1254        2 years ago         190MB           

打标簽：

docker tag openjdk:8-jre 192.168.1.103:80/micro-service/openjdk:8-jre           

檢視鏡像：

$ docker images |grep -v "vmware" | grep open
openjdk                                    7-jre               e4c851ec3393        4 weeks ago         329MB
192.168.1.103:80/micro-service/openjdk   8-jre               66bf39162ea7        4 weeks ago         443MB
openjdk                                    8-jre               66bf39162ea7        4 weeks ago         443MB           

push鏡像：

$ docker push 192.168.1.103:80/micro-service/openjdk:8-jre
The push refers to repository [192.168.1.103:80/micro-service/openjdk]
Get https://192.168.1.103:80/v2/: http: server gave HTTP response to HTTPS client           

push報錯。由于預設采用的是http協定，即harbor.cfg中的ui_url_protocol值。https的比較麻煩，需要生成證書等步驟，可以參考：

為Harbor設定Https

http://gapme.cn/2017/10/25/harbor-ui-https/

這裡暫且用http的方式。

以上報錯解決辦法：

在”/etc/docker/“目錄下，建立”daemon.json“檔案。在檔案中寫入：

{
  "insecure-registries": [
        "hub.smallsoup.com:80",
        "192.168.1.103:80"
  ]
}           

重新開機docker：

systemctl restart docker
           

docker重新開機後，./install或者docker-compose down;docker-compose up -d重新開機harbor即可。

将基礎鏡像和各個服務鏡像push到庫上：

題外話：

在安裝過程中，将80端口映射到主控端的8081端口，push的時候遇到很多問題（報錯80端口連接配接拒絕，大概就是這個issue

https://github.com/goharbor/harbor/issues/192），查找了很多資料，還是放棄了，最後映射到主控端80端口，push一切ok。

由于用域名的方式push得設定hosts以及端口轉發，比較麻煩，以上采用了IP:PORT方式：

删除用域名打的标簽：

docker rmi -f hub.smallsoup.com:80/micro-service/openjdk:8-jre           

原文釋出時間為：2018-10-06

本文作者： 小碗湯

本文來自雲栖社群合作夥伴“

我的小碗湯

”，了解相關資訊可以關注“

"