我们在上一篇文章中介绍了使用registry来创建企业私有仓库用于存储镜像,但是由于只有CUI的操作,一般拿来还要加工处理一下。
在以前曾经介绍过的Harbor其实也是基于Registry的这样一个企业级Registry的创建,在本文中将会介绍一下如何使用Harbor作简单的镜像推送等。
在写上一篇的文章时候,Harbor还是0.3.0版本,现在已经是0.4.1了。而且在dockerhub上也已经有了自己的镜像,安装也分为了online和offline两种tgz文件包了,现在已经是较为方便了,后期继续集成,是不是留下一个docker-compose.yml和可以配置的参数公开出来,这样的话安装就没有任何成本了,不过目前这个安装的成本也可以忽略不计,在非关键业务上作的改善都不是真正的改善,除非已经到了人神共愤的地步,否则可以无视。
事前准备
安装了docker1.12.2,具体安装方法参看如下
安装方法 | http://blog.csdn.net/liumiaocn/article/details/52130852 |
---|
[root@liumiaocn ~]# docker version
Client:
Version: .2
API version:
Go version: go1.6.3
Git commit: bb80604
Built:
OS/Arch: linux/amd64
Experimental: true
Server:
Version: .2
API version:
Go version: go1.6.3
Git commit: bb80604
Built:
OS/Arch: linux/amd64
Experimental: true
[root@liumiaocn ~]#
设定insecure-registry
事前确认
[root@liumiaocn ~]# docker info |tail -n3
WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
Experimental: true
Insecure Registries:
/
[root@liumiaocn ~]#
修改docker.service(/lib/systemd/system/docker.service)
修改前
修改后
daemon-reload & restart docker
[root@liumiaocn harbor]# systemctl daemon-reload
[root@liumiaocn harbor]# systemctl restart docker
[root@liumiaocn harbor]#
再确认:192.168.32.131已被加入到Insecure Registries中
[root@liumiaocn harbor]# docker info |tail -n3
WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
Insecure Registries:
/
[root@liumiaocn harbor]#
组件
Harbor 0.4.1用到的组件如下:
组件 | 版本 |
---|---|
Photon OS | 1.0 |
Docker Registry | 2.5 |
MySQL | 5.6 |
NGINX | 1.9 |
下载online安装包
命令:wget https://github.com/vmware/harbor/releases/download/./harbor-online-installer-..tgz
解压 & 修改Harbor.cfg文件
解压
修改Harbor.cfg文件(只修正hostname就能正常动作,其余请自行探索)
[root@liumiaocn ~]# cd harbor
[root@liumiaocn harbor]# cp harbor.cfg harbor.cfg.bak
[root@liumiaocn harbor]# vi harbor.cfg
[root@liumiaocn harbor]# diff harbor.cfg harbor.cfg.bak
c5
< hostname = .
---
> hostname = reg.mydomain.com
[root@liumiaocn harbor]#
执行./prepare脚本
[[email protected] harbor]# ./prepare
Generated configuration file: ./config/ui/env
Generated configuration file: ./config/ui/app.conf
Generated configuration file: ./config/registry/config.yml
Generated configuration file: ./config/db/env
Generated configuration file: ./config/jobservice/env
Clearing the configuration file: ./config/ui/private_key.pem
Clearing the configuration file: ./config/registry/root.crt
Generated configuration file: ./config/ui/private_key.pem
Generated configuration file: ./config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[[email protected] harbor]#
启动
在harbor的目录下,有docker-compose.yml文件,使用docker-compose 命令启动Harbor
命令: docker-compose up
第一次启动,本地没有相关的镜像的话,会自动直接从dockerhub上下载,所以online的安装包是需要联网的状态下使用的。
offline的安装包,展开后你会发现另外一个tgz文件,其实就是那些镜像所对应的文件,load进来就可以了。执行完毕之后,令起一个终端确认一下,可以看到下面5个镜像都被pull下来了。
[root@liumiaocn harbor]# docker images |egrep 'harbor|nginx|registry'
vmware/harbor-db . bb0d8181f36f weeks ago MB
vmware/harbor-jobservice . c9b6a weeks ago MB
vmware/harbor-ui . db965490f9b weeks ago MB
vmware/harbor-log . ae2612dfe5e weeks ago MB
registry . c6c14b3960bd weeks ago MB
nginx . e156d496c9f months ago MB
[root@liumiaocn harbor]#
缺省的Port被设定在80端口,需要改端口的自行修改docker-compose.yml
登陆harbor
输入前面设定的IP即可打开Harbor登陆界面,不能者请检查网络设定以及iptables等。
缺省的用户名和密码
缺省用户名 | 密码 |
---|---|
admin | Harbor12345 |
也可以自行再注册一个用户。
管理主界面
docker login
login的时候指定在docker.service中设定的IP。
[root@liumiaocn ~]# docker login 192.168.32.131
Username: admin
Password:
Login Succeeded
[root@liumiaocn ~]#
pull busybox
在本地pull一个busybox用于之后向Harbor进行push
[[email protected] ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
bec22e3559: Pull complete
Digest: sha256:f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912
Status: Downloaded newer image for busybox:latest
[[email protected] ~]#
确认Harbor的library项目
Harbor缺省会创建一个library项目,可以看出当前的镜像数目是0
docker tag
[root@liumiaocn ~]# docker tag busybox:latest 192.168.32.131/library/busybox:latest
[root@liumiaocn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest e02e811dd08f days ago MB
./library/busybox latest e02e811dd08f days ago MB
vmware/harbor-db . bb0d8181f36f weeks ago MB
vmware/harbor-jobservice . c9b6a weeks ago MB
vmware/harbor-ui . db965490f9b weeks ago MB
vmware/harbor-log . ae2612dfe5e weeks ago MB
registry . c6c14b3960bd weeks ago MB
nginx . e156d496c9f months ago MB
[root@liumiaocn ~]#
docker push
[root@liumiaocn ~]# docker push 192.168.32.131/library/busybox:latest
The push refers to a repository [./library/busybox]
e88b3f82283b: Pushed
latest: digest: sha256:f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 size:
[root@liumiaocn ~]#
在Harbor上确认结果
library项目中的镜像数目已经从0变成了1
library项目的镜像仓库详细信息
docker pull
事前准备,清除本地的busybox的所有信息
[root@liumiaocn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
./library/busybox latest e02e811dd08f days ago MB
busybox latest e02e811dd08f days ago MB
vmware/harbor-db . bb0d8181f36f weeks ago MB
vmware/harbor-jobservice . c9b6a weeks ago MB
vmware/harbor-ui . db965490f9b weeks ago MB
vmware/harbor-log . ae2612dfe5e weeks ago MB
registry . c6c14b3960bd weeks ago MB
nginx . e156d496c9f months ago MB
[root@liumiaocn ~]# docker rmi 192.168.32.131/library/busybox busybox
Untagged: ./library/busybox:latest
Untagged: ./library/busybox@sha256:f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912
Untagged: busybox:latest
Untagged: busybox@sha256:f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912
Deleted: sha256:e02e811dd08fd49e7f6032625495118e63f597eb150403d02e3238af1df240ba
Deleted: sha256:e88b3f82283bc59d5e0df427c824e9f95557e661fcb0ea15fb0fb6f97760f9d9
[root@liumiaocn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-db . bb0d8181f36f weeks ago MB
vmware/harbor-jobservice . c9b6a weeks ago MB
vmware/harbor-ui . db965490f9b weeks ago MB
vmware/harbor-log . ae2612dfe5e weeks ago MB
registry . c6c14b3960bd weeks ago MB
nginx . e156d496c9f months ago MB
[root@liumiaocn ~]#
docker pull
从Harbor的library项目中pull一个busybox的镜像
[root@liumiaocn ~]# docker pull 192.168.32.131/library/busybox:latest
latest: Pulling from library/busybox
bec22e3559: Pull complete
Digest: sha256:f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912
Status: Downloaded newer image for ./library/busybox:latest
[root@liumiaocn ~]#
成功pull到本地
[root@liumiaocn ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
./library/busybox latest e02e811dd08f days ago MB
vmware/harbor-db . bb0d8181f36f weeks ago MB
vmware/harbor-jobservice . c9b6a weeks ago MB
vmware/harbor-ui . db965490f9b weeks ago MB
vmware/harbor-log . ae2612dfe5e weeks ago MB
registry . c6c14b3960bd weeks ago MB
nginx . e156d496c9f months ago MB
[root@liumiaocn ~]#
总结
本文是通过设定insecure-registry的方式,快速实现了在Harbor上管理镜像,可pull可push,但是Harbor如果只能做到这些,也不会有那么多追随者,比如多仓库的管理,策略的设定等等均可简单实现,在仓库管理的最佳实践方面还有很多东西可以自行探索。