文章目錄
- Docker倉庫
-
- 上傳
- 拉取
- registry
-
- 加密
- 遠端主機怎麼連接配接
- docker-compose
Docker倉庫
倉庫(Repository)是集中存放鏡像的地方。以下介紹一下 Docker Hub。當然不止 docker hub,隻是遠端的服務商不一樣,操作都是一樣的。
docker倉庫是用來儲存鏡像的位置,docker提供一個注冊伺服器(register)來儲存多個倉庫,每個倉庫又可以包含多個具備不同的tag的鏡像
docker運作中使用的預設倉庫是docker Hub 公共倉庫,使用公共registry
docker hub:是docker公司維護的公共倉庫,使用者可以免費使用,也可以購買私有倉庫。
#儲存和分發鏡像的最直接的方法就是使用DockerHub
1.在docker hub上注冊一個帳号
2.登陸
[[email protected] docker]# docker login -u dangdangwestos
Password: #密碼:dangdang
Login Succeeded
"""
[[email protected] ~]# docker login -u dangdangwestos
Password:
# 這個警告的意思是 密碼這樣存儲會有安全問題
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[[email protected] ~]# cat .docker/config.json
#做過一個認證後就把認證資訊放在檔案中
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "ZGFuZ2Rhbmd3ZXN0b3M6NjQ1MTkzMjM2"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.6 (linux)"
}
"""
#退出
docker logout
3.修改鏡像的名字 使之與Docker Hub帳号比對
docker hub為了區分不同使用者的鏡像名 鏡像的名字中要包含使用者名 完整格式為
[username]/xxx:tag
"""
我們可以通過以下指令搜尋docker官方倉庫中的鏡像
可以清楚的看到 除了官方鏡像外 其餘鏡像均要按照官方的要求更改鏡像的标簽
# 不同的人可以上傳不同的鏡像
"""
[[email protected] ~]# docker search busybox
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
busybox Busybox base image. 1658 [OK]
progrium/busybox 70 [OK]
radial/busyboxplus Full-chain, Internet enabled, busybox made f… 24 [OK]
arm32v7/busybox Busybox base image. 7
yauritux/busybox-curl Busybox with CURL 5
armhf/busybox Busybox base image. 5
arm64v8/busybox Busybox base image. 3
aarch64/busybox Busybox base image. 2
[[email protected] ~]# docker search dangdangwestos #搜尋自己的
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
dangdangwestos/rhel7-up 0
dangdangwestos/busybox 0
dangdangwestos/rhel7-addifconfig 0
dangdangwestos/httpd 0
上傳
[[email protected] ~]# docker tag busybox:latest dangdangwestos/busybox:latest
[[email protected] ~]# docker push dangdangwestos/busybox
dangdangwestos/busybox dangdangwestos/busybox:latest
[[email protected] ~]# docker push dangdangwestos/busybox:latest
The push refers to repository [docker.io/dangdangwestos/busybox]
0d315111b484: Mounted from library/busybox
latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527
拉取
# 拉取 會先檢索本地的鏡像 如果存在則不會被拉取
[[email protected] ~]# docker pull dangdangwestos/busybox:latest
latest: Pulling from dangdangwestos/busybox
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Image is up to date for dangdangwestos/busybox:latest
# 先删除之前的再拉取
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 b218a266197d 2 days ago 144MB
nginx v3 49349f668909 2 days ago 253MB
nginx v2 d21df066fe46 2 days ago 272MB
nginx v1 6baf2165c143 2 days ago 295MB
ubuntu latest 3556258649b2 3 weeks ago 64.2MB
busybox latest db8ee88ad75f 4 weeks ago 1.22MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
[[email protected] ~]# docker pull dangdangwestos/busybox:latest
latest: Pulling from dangdangwestos/busybox
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Downloaded newer image for dangdangwestos/busybox:latest
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 b218a266197d 2 days ago 144MB
nginx v3 49349f668909 2 days ago 253MB
nginx v2 d21df066fe46 2 days ago 272MB
nginx v1 6baf2165c143 2 days ago 295MB
ubuntu latest 3556258649b2 3 weeks ago 64.2MB
dangdangwestos/busybox latest db8ee88ad75f 4 weeks ago 1.22MB
busybox latest db8ee88ad75f 4 weeks ago 1.22MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
# 可再次打标簽 #覺得使用者名太長太複雜的化
[[email protected] ~]# docker tag dangdangwestos/busybox:latest busybox:latest
# 删除docker hub上的鏡像
registry
一次docker pull或 push背後發生的事情
index伺服器主要提供鏡像索引以及使用者認證的功能,
當下載下傳一個鏡像的時候,首先回去index伺服器上做認證,
然後查找鏡像所在的registry的位址并回給docker用戶端,
docker用戶端再從registry下載下傳鏡像,在下載下傳的過程中registry會去
index校驗用戶端token的合法性,不同鏡像可以儲存在不同的
registry服務上,其檢索資訊都放在index伺服器上。
index:負責并維護有關賬戶,鏡像的校驗以及公共命名空間的資訊(并不會存放真正的鏡像層)
web UI
中繼資料存儲
認證服務
符号化
registry:是鏡像和圖表的倉庫,它不具有本地資料庫以及不提供使用者認證
registry client:docker充當registry用戶端來維護推送和拉取,以及用戶端的授權
"""
場景講解:
Docker Client ---> index ----> registry
A:使用者要擷取并下載下傳鏡像
B:使用者要推送鏡像到registry中(index會建立鏡像的命名空間)
C:使用者要從index或registry中删除鏡像
鏡像加速
搭建私有倉庫(搭建本地registry)
docker hub雖然友善 但還是有些限制,比如:
1.需要連接配接internet,下載下傳和上傳速度慢
2.上傳到docker hub的鏡像任何人都能通路
3.因安全原因很多組織不允許将鏡像放到外網
解決方案就是搭建本地的registry
docker已經将registry開源了,同時在docker hub上也有官方的鏡像registry
"""
```bash
[[email protected] ~]# docker search registry
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
registry The Docker Registry 2.0 implementation for s… 2655 [OK]
# 拉取鏡像
[[email protected] ~]# docker pull registry #拉取最新版
Using default tag: latest
latest: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Downloaded newer image for registry:latest
# 檢視
[[email protected] ~]# docker images
registry latest f32a97de94e1 5 months ago 25.8MB
[[email protected] ~]# docker history registry
IMAGE CREATED CREATED BY SIZE COMMENT
f32a97de94e1 5 months ago /bin/sh -c #(nop) CMD ["/etc/docker/registr… 0B
<missing> 5 months ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.… 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:507caa54f88c1f38… 155B
<missing> 5 months ago /bin/sh -c #(nop) EXPOSE 5000 0B
<missing> 5 months ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:4544cc1555469403… 295B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:21256ff7df5369f7… 20.1MB
<missing> 5 months ago /bin/sh -c set -ex && apk add --no-cache… 1.27MB
<missing> 5 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 5 months ago /bin/sh -c #(nop) ADD file:38bc6b51693b13d84… 4.41MB
# 運作 映射到本機的5000端口
[[email protected] ~]# docker run -d --name registry -p 5000:5000 registry #端口映射到本機 便于外部通路
4579de1e48406e35648ade8a29f3dc38855d3ad84edca050c099d7b6a744c9c5
# 檢視容器的資訊 可以看到與本地檔案系統發生的關聯
[[email protected] ~]# docker inspect 4579de1e48406e35648ade8a29f3dc38855d3ad84edca050c099d7b6a744c9c5
"Mounts": [
{
"Type": "volume",
"Name": "37e8aed215b0812c9ca3f3b6018a52bec0029844a2cd7dd4a505a6772fbc7e52",
"Source": "/var/lib/docker/volumes/37e8aed215b0812c9ca3f3b6018a52bec0029844a2cd7dd4a505a6772fbc7e52/_data",
"Destination": "/var/lib/registry",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4579de1e4840 registry "/entrypoint.sh /etc…" 54 seconds ago Up 53 seconds 0.0.0.0:5000->5000/tcp registry
[[email protected] ~]# netstat -antlpe
tcp6 0 0 :::5000 :::*
# 預設上傳到docker hub中去
# 修改标簽 使其上傳的時候明白要往哪裡去
[[email protected] ~]# docker tag nginx:v1 localhost:5000/nginx:v1
# 檢視上傳成功
[[email protected] ~]# docker push localhost:5000/nginx
The push refers to repository [localhost:5000/nginx]
7d1f91d2183b: Pushed
44e042b8c4f1: Pushed
4ee9ed108b64: Pushed
faa0d2dbf883: Pushed
a5e52a0ea4d4: Pushed
38ab3572be9b: Pushed
e16686814e10: Pushed
18af9eb19b5f: Pushed
v1: digest: sha256:1f42e2af016eae42bf2db8dc0d4a522b4f44c88ef2e786bcd160886bc0fc1242 size: 2000
[[email protected] image]# cd /var/lib/docker/volumes/37e8aed215b0812c9ca3f3b6018a52bec0029844a2cd7dd4a505a6772fbc7e52/_data
[[email protected] _data]# ls
docker
[[email protected] _data]# cd docker/
[[email protected] _data]# tree .
[[email protected] docker]# ls
registry
[[email protected] docker]# cd registry/
[[email protected] registry]# ls
v2
[[email protected] registry]#
加密
# 以上操作有安全問題(沒有認證)和使用的問題(localhost 如果不是本機就使用不了localhost)
作為企業級的私有倉庫是遠遠不夠的
為docker倉庫添加證書加密功能
官方文檔
https://docs.docker.com/registry/insecure/
[[email protected] ~]# mkdir -p certs
# 使用一個自簽名證書
[[email protected] ~]# openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key \
> -x509 -days 365 -out certs/westos.org.crt
Generating a 4096 bit RSA private key
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:Westos
Organizational Unit Name (eg, section) []:Linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:[email protected]
[[email protected] ~]# ls certs/
westos.org.crt (證書) westos.org.key(私鑰)
# 删除之前運作的registry容器
[[email protected] ~]# docker rm -f registry
registry
[[email protected] ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# 怎麼樣進行部署
https://docs.docker.com/registry/deploying/#get-a-certificate
# 注意此處:REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 registry 不是:/root/...
[[email protected] ~]# docker run -d --restart=always --name registry -v "$(pwd)"/certs:/certs
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key
-p 443:443 registry
3ebba5226703e6a15df3301ebc12207a213f939fb92af861c7f64c6ca2fd107b
"""
docker run -d :啟動容器并打入背景
--restart=always --name registry #容器自啟動(docker引擎啟動的同時會啟動容器)
-v "$(pwd)"/certs:/certs #本地的certs目錄挂接到容器的certs目錄
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 #-e 編輯 監聽本機443的加密端口
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt #證書
-e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key #私鑰
-p 443:443 registry
"""
# 開啟了443端口
[[email protected] ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 649/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 852/master
tcp 0 0 172.25.0.3:22 172.25.0.250:54274 ESTABLISHED 2062/sshd: [email protected]
tcp 0 0 172.25.0.3:22 172.25.0.250:56174 ESTABLISHED 5189/sshd: [email protected]
tcp6 0 0 :::22 :::* LISTEN 649/sshd
tcp6 0 0 ::1:25 :::* LISTEN 852/master
tcp6 0 0 :::443 :::* LISTEN 7421/docker-proxy
# 注意:此時 docker的server端已經跑起來了 那麼們的本地要去做Tls連接配接的話也是需要加密證書的
# 因為我們所使用的域名是westos.org 是以主機名要有解析
[[email protected] ~]# ping westos.org
PING server3 (172.25.0.3) 56(84) bytes of data.
64 bytes from server3 (172.25.0.3): icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from server3 (172.25.0.3): icmp_seq=2 ttl=64 time=0.027 ms
[[email protected] ~]# cd /etc/docker/
[[email protected] docker]# ls
daemon.json key.json
[[email protected] docker]# mkdir certs.d
[[email protected] docker]# cd certs.d/
[[email protected] certs.d]# mkdir westos.org
[[email protected] certs.d]# cd westos.org/
[[email protected] westos.org]# ls
[[email protected] westos.org]# cp /root/certs/westos.org.crt ca.crt
[[email protected] westos.org]# ls
ca.crt
[[email protected] westos.org]# docker tag nginx:v3 westos.org/nginx:v3
[[email protected] westos.org]# docker push westos.org/nginx
The push refers to repository [westos.org/nginx]
7eb94711c590: Pushed
cdb9e6fdd1dd: Pushed
ac047a8a6c70: Pushed
e16686814e10: Pushed
18af9eb19b5f: Pushed
v3: digest: sha256:ad7f1eadc6268d111c7c1763dd76943e4c1f831f59bde82796bc351b894526b5 size: 1366
# 添加用戶端的push認證
# 在之前的443更改 不用官網的5000
[[email protected] ~]# mkdir auth
[[email protected] ~]# docker run --rm entrypoint htpasswd registry -Bbn admin westos >auth/htpasswd
"""
admin 使用者名
westos 密碼
多個使用者名可追加
docker run --rm entrypoint htpasswd registry -Bbn redhat redhat >>auth/htpasswd
"""
# 之前的registry要删除
[[email protected] ~]# docker rm -f registry
registry
#在加密的基礎上做認證 #一定是先加密再認證 要不是不安全的
[[email protected] ~]# docker run -d --restart=always --name registry
-v "$(pwd)"/certs:/certs
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key
-p 443:443 -v "$(pwd)"/auth:/auth
-e "REGISTRY_AUTH=htpasswd"
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
2fb465d2f79e4a547a72e8014fe80c25cfc0321948ac83da45532f166c29fe80
[[email protected] ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2fb465d2f79e registry "/entrypoint.sh /etc…" 5 seconds ago Up 5 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
[[email protected] ~]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[[email protected] ~]# docker logout westos.org #退出登陸
Removing login credentials for westos.org
# push提示報錯
[[email protected] ~]# docker push westos.org/nginx
westos.org/nginx westos.org/nginx:v3
The push refers to repository [westos.org/rhel7]
18af9eb19b5f: Preparing
no basic auth credentials
westos.org/nginx westos.org/nginx:v3
[[email protected] ~]# docker login westos.org
[[email protected] ~]# docker push westos.org/nginx:v3
The push refers to repository [westos.org/nginx]
7eb94711c590: Preparing
cdb9e6fdd1dd: Preparing
ac047a8a6c70: Preparing
e16686814e10: Preparing
18af9eb19b5f: Preparing
no basic auth credentials #提示我們沒有認證
[[email protected] ~]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[[email protected] ~]# docker push westos.org/nginx:v3
The push refers to repository [westos.org/nginx]
7eb94711c590: Pushed
cdb9e6fdd1dd: Pushed
ac047a8a6c70: Pushed
e16686814e10: Pushed
18af9eb19b5f: Pushed
v3: digest: sha256:ad7f1eadc6268d111c7c1763dd76943e4c1f831f59bde82796bc351b894526b5 size: 1366
遠端主機怎麼連接配接
再打開一台虛拟機,安裝docker并啟動
主機名要有解析
[[email protected] docker包]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.0.1 server1
172.25.0.2 server2
172.25.0.3 server3 westos.org
172.25.0.4 server4
172.25.0.5 server5
172.25.0.6 server6
172.25.0.7 server7
172.25.0.8 server8
[[email protected] docker包]# ping westos.org
PING server3 (172.25.0.3) 56(84) bytes of data.
64 bytes from server3 (172.25.0.3): icmp_seq=1 ttl=64 time=0.397 ms
要有認證檔案,這個檔案可以從server3這台主機獲得
# 現有證書才能完成認證
[[email protected] ~]# cd /etc/docker/
[[email protected] docker]# ls
certs.d daemon.json key.json
[[email protected] docker]# scp -r certs.d/ server2:/etc/docker/
The authenticity of host 'server2 (172.25.0.2)' can't be established.
ECDSA key fingerprint is 67:9d:41:df:c9:b5:0e:f3:e1:30:72:c7:c9:07:69:e0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2,172.25.0.2' (ECDSA) to the list of known hosts.
[email protected]'s password:
ca.crt 100% 2098 2.1KB/s 00:00
[[email protected] docker包]# cd /etc/docker/
[[email protected] docker]# ls
certs.d key.json
先認證再拉取
[[email protected] certs.d]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[[email protected] certs.d]# docker pull westos.org/nginx
Using default tag: latest
Error response from daemon: manifest for westos.org/nginx:latest not found
[[email protected] certs.d]# docker pull westos.org/nginx:v3
v3: Pulling from nginx
48f5bbc9baf5: Pull complete
15f1fc4f91e0: Pull complete
98331229c5fd: Pull complete
4c7f36e2f886: Pull complete
df58a187e237: Pull complete
Digest: sha256:ad7f1eadc6268d111c7c1763dd76943e4c1f831f59bde82796bc351b894526b5
Status: Downloaded newer image for westos.org/nginx:v3
測試運作成功
[[email protected] certs.d]# docker run -d --name nginx -p 80:80 westos.org/nginx:v3
299df76d6167d789883a1b7bdb9e338659f49be2e146bd4098e409a7f35d6a02
[[email protected] certs.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
299df76d6167 westos.org/nginx:v3 "/usr/local/nginx/sb…" 9 seconds ago Up 8 seconds 0.0.0.0:80->80/tcp nginx
[[email protected] certs.d]# curl localhost
我們需要一個web頁面
# 拉取一個鏡像
# 可以先search一下
[[email protected] docker]# docker pull hyper/docker-registry-web
Using default tag: latest
latest: Pulling from hyper/docker-registry-web
04c996abc244: Pull complete
d394d3da86fe: Pull complete
bac77aae22d4: Pull complete
b48b86b78e97: Pull complete
09b3dd842bf5: Pull complete
69f4c5394729: Pull complete
b012980650e9: Pull complete
7c7921c6fda1: Pull complete
e20331c175ea: Pull complete
40d5e82892a5: Pull complete
a414fa9c865a: Pull complete
0304ae3409f3: Pull complete
13effc1a664f: Pull complete
e5628d0e6f8c: Pull complete
0b0e130a3a52: Pull complete
d0c73ab65cd2: Pull complete
240c0b145309: Pull complete
f1fd6f874e5e: Pull complete
40b5e021928e: Pull complete
88a8c7267fbc: Pull complete
f9371a03010e: Pull complete
Digest: sha256:723ffa29aed2c51417d8bd32ac93a1cd0e7ef857a0099c1e1d7593c09f7910ae
Status: Downloaded newer image for hyper/docker-registry-web:latest
#去git hub搜尋 按照文檔做操作
https://github.com/mkuchin/docker-registry-web
[[email protected] ~]# cat .docker/config.json #檢視之前的認證資訊
{
"auths": {
"": {
"auth": "ZGFuZ2Rhbmd3ZXN0b3M6ZGFuZ2Rhbmc="
},
"https://index.docker.io/v1/": {
"auth": "ZGFuZ2Rhbmd3ZXN0b3M6ZGFuZ2Rhbmc="
},
"westos.org": {
"auth": "YWRtaW46d2VzdG9z" #-e REGISTRY_BASIC_AUTH="YWRtaW46d2VzdG9z"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.6 (linux)"
}
[[email protected] ~]# docker run -it -p 8080:8080
--name registry-web --link registry:westos.org
-e REGISTRY_URL=https://westos.org/v2
-e REGISTRY_TRUST_ANY_SSL=true
-e REGISTRY_BASIC_AUTH="YWRtaW46d2VzdG9z"
-e REGISTRY_NAME=westos.org:443 hyper/docker-registry-web
#v2:是一個版本
在浏覽器測試:http://172.25.0.3:8080/
docker-compose
推薦學習harbor
Compose 是用于定義和運作多容器 Docker 應用程式的工具。通過 Compose,您可以使用 YML 檔案來配置應用程式需要的所有服務。然後,使用一個指令,就可以從 YML 檔案配置中建立并啟動所有服務。
Compose 使用的三個步驟:
使用 Dockerfile 定義應用程式的環境。
使用 docker-compose.yml 定義構成應用程式的服務,這樣它們可以在隔離環境中一起運作。
最後,執行 docker-compose up 指令來啟動并運作整個應用程式。
Docker-Compose項目是Docker官方的開源項目,負責實作對Docker容器叢集的快速編排。
Docker-Compose将所管理的容器分為三層,分别是工程(project),服務(service)以及容器(container)。Docker-Compose運作目錄下的所有檔案(docker-compose.yml,extends檔案或環境變量檔案等)組成一個工程,若無特殊指定工程名即為目前目錄名。一個工程當中可包含多個服務,每個服務中定義了容器運作的鏡像,參數,依賴。一個服務當中可包括多個容器執行個體,Docker-Compose并沒有解決負載均衡的問題,是以需要借助其它工具實作服務發現及負載均衡。
Docker-Compose的工程配置檔案預設為docker-compose.yml,可通過環境變量COMPOSE_FILE或-f參數自定義配置檔案,其定義了多個有依賴關系的服務及每個服務運作的容器。
使用一個Dockerfile模闆檔案,可以讓使用者很友善的定義一個單獨的應用容器。在工作中,經常會碰到需要多個容器互相配合來完成某項任務的情況。例如要實作一個Web項目,除了Web服務容器本身,往往還需要再加上後端的資料庫服務容器,甚至還包括負載均衡容器等。
Compose允許使用者通過一個單獨的docker-compose.yml模闆檔案(YAML 格式)來定義一組相關聯的應用容器為一個項目(project)。
Docker-Compose項目由Python編寫,調用Docker服務提供的API來對容器進行管理。是以,隻要所操作的平台支援Docker API,就可以在其上利用Compose來進行編排管理。
docker-compose.yml 的配置案例如下(配置參數參考下文):
# yaml 配置執行個體
version: '3'
services:
web:
build: .
ports:
- "5000:5000"
volumes:
- .:/code
- logvolume01:/var/log
links:
- redis
redis:
image: redis
volumes:
logvolume01: {}
https://docs.docker.com/compose/install/
docker-compose的部署
下載下傳,授予執行權限
[[email protected] ~]# curl -L "https://github.com/docker
/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)"
-o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 617 0 617 0 0 109 0 --:--:-- 0:00:05 --:--:-- 172
100 15.4M 100 15.4M 0 0 100k 0 0:02:37 0:02:37 --:--:-- 117k
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
Harbor的搭建
tar zxf harbor-online-installer-v1.8.2.tgz
cd harbor/
# 修改配置檔案
vim harbor.yml
hostname: westos.org
13 https:
14 # # https port for harbor, default is 443
15 port: 443
16 # # The path of cert and key files for nginx
17 certificate: /root/certs/westos.org.crt
18 private_key: /root/certs/westos.org.key
27 harbor_admin_password: westos
28
29 # Harbor DB configuration
30 database:
31 # The password for the root user of Harbor DB. Change this be fore any production use.
32 password: westos
# 更新配置檔案
./prepare
# 安裝并啟動
./install.sh
檢視容器狀态
docker ps -a
docker-compose ps
在真機做好解析,浏覽器中通路https://westos.org/
docker login westos.org
docker tag rhel7:latest westos.org/library/rhel7
# 這裡一定要注意的是:tag的修改 必須加項目名稱 而這個項目名稱可以自己在網頁中建立
docker push westos.org/library/rhel7
compose學習