Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to build a private warehouse for docker. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Deployment of docker-registry

View docker-registry version information:

[root@docker-registry ~] # yum info docker-registryLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile * base: mirror.bit.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cnAvailable PackagesName: docker-registryArch: x86_64Version: 0.9.1Release: 7.el7Size: 123 kRepo: extras/7/x86_64Summary: Registry server for DockerURL: https://github. Com/docker/docker-registryLicense: ASL 2.0Description: Registry server for Docker (hosting/delivering of repositories and images).

Install docker-registry:

[root@docker-registry ~] # yum-y install docker-registry

View the configuration file location of docker-distribution after installation

[root@docker-registry ~] # rpm-ql docker-distribution/etc/docker-distribution/registry/config.yml/usr/bin/registry/usr/lib/systemd/system/docker-distribution.service/usr/share/doc/docker-distribution-2.6.2/usr/share/doc/docker-distribution-2.6.2/AUTHORS/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md/usr/share/doc/docker-distribution-2.6.2/LICENSE/ Usr/share/doc/docker-distribution-2.6.2/MAINTAINERS/usr/share/doc/docker-distribution-2.6.2/README.md/var/lib/registry # data is placed in this directory You can modify / etc/docker-distribution/registry/config.yml to change this path

View the configuration file:

[root@docker-registry ~] # cat / etc/docker-distribution/registry/config.ymlversion: 0.1log: fields: service: registrystorage: cache: layerinfo: inmemory filesystem: rootdirectory: / var/lib/registry # Image storage location, you can modify it to your own http: addr:: 5000 # listener port is 5000

Start the service:

[root@docker-registry] # systemctl start docker-distribution [root@docker-registry] # systemctl enable docker-distributionCreated symlink from / etc/systemd/system/multi-user.target.wants/docker-distribution.service to / usr/lib/systemd/system/docker-distribution.service.

So we installed the docker-registry.

Let's test it and push the image on the node3 machine to the docker-registry machine.

[root@k8s-node3 ~] # docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEmysql 5.7.22 6bb891430fb6 3 months ago 372MB

When we are going to push the mysql:5.7.22 image on node3 to the docker-registry machine, we need to tag the image mysql on the node3 machine:

[root@k8s-node3 ~] # docker tag mysql:5.7.22 docker-registry:5000/mysql:5.7.22 [root@k8s-node3 ~] # docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEdocker-registry.com:5000/mysql 5.7.22 6bb891430fb6 3 months ago 372MB

Note that docker-registry is the hostname and needs to be resolved to the corresponding registryip address using the hosts file.

[root@k8s-node3 ~] # docker push docker-registry:5000/mysql:5.7.22The push refers to a repository [docker-registry:5000/mysql] Get https://docker-registry:5000/v1/_ping: http: server gave HTTP response to HTTPS client

Note: if docker-registry:5000/mysql is written above, it means that all the mirrored versions under the top-level mysql repository are being pushed.

As we can see above, our docker push Times is wrong because the docker client uses the https form by default, but the dockr registry server is in the http form.

If we actually use http, then we need to make the following changes to the docker client:

[root@k8s-node3 ~] # vim / etc/docker/daemon.json {"registry-mirrors": ["https://registry.docker-cn.com"],"insecure-registries": [" docker-registry:5000 "]}

Notice that the dokcer-registry above is the hostname.

[root@k8s-node3 ~] # systemctl restart docker

Then push it again and you can push it up.

[root@k8s-node3 ~] # docker push docker-registry:5000/mysql:5.7.22The push refers to a repository [docker-registry:5000/mysql] a968f24d4187: Pushed f8cb294d5d80: Pushed 489bddb9c55e: Pushed 22b402e93939: Pushed 8aeebb3964c1: Pushed 94f8d8f5acbf: Pushed c0c26734fb83: Pushed 4801a487d51a: Pushed aae63f31dee9: Pushed 6f8d38b0e2b6: Pushed cdb3f9544e4c: Pushed 5.7.22: digest: sha256:1d3119703eb04855c971a9ec24646184444fa1bd889b201de3ce8904c35eb627 size: 2621

Then, we log in to the docker registry server and see the pushed image:

[root@docker-registry] # ll / var/lib/registry/docker/registry/v2/repositories/mysql/total 0drwxr-xr-x. 3 root root 20 Oct 25 05:13 _ layersdrwxr-xr-x. 4 root root 35 Oct 25 05:14 _ manifestsdrwxr-xr-x. 2 root root 6 Oct 25 05:14 _ uploads

Let's ask other servers to download the image from the docker-registry server.

First, you also need to change the docker configuration on other servers, adding a "insecure-registries" parameter, as follows:

[root@k8s-node1 ~] # cat / etc/docker/daemon.json {"registry-mirrors": ["https://registry.docker-cn.com"]," insecure-registries ": [" docker-registry:5000 "]} [root@k8s-node1 ~] # systemctl restart docker

Then download the image on the docker-registry machine on this machine:

[root@k8s-node1 ~] # docker pull docker-registry:5000/mysql:5.7.225.7.22: Pulling from mysql2da35ff30a7d: Pull complete 46459f75a599: Pull complete fe071c86fe94: Pull complete 75457c650197: Pull complete 6506db22c932: Pull complete a6e0a2acd728: Pull complete 3182738b1913: Pull complete ea75bfdf07be: Pull complete 6b85e8810885: Pull complete 5dca51ac89bd: Pull complete b3400d337f49: Pull complete Digest: sha256:1d3119703eb04855c971a9ec24646184444fa1bd889b201de3ce8904c35eb627Status: Downloaded newer image for docker-registry:5000/mysql:5.7.22 [root@k8s-node1 ~] # docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEtomcat latest 05af71dd9251 8 days ago 463 MBdocker-registry:5000/mysql 5.7.22 6bb891430fb6 3 months ago 372 MB

See that the downloaded image is from our private warehouse.

Deployment of harbor

We see that the docker private repository built above is a command-line interface and is ugly. However, the good news is that there is an open source project called harbor, which is based on docker registry, with a beautiful web interface, redundancy and so on. It's a very good project. In addition, CNCF is also very favored by harbor, which shows that the prospect of harbor is very good.

However, the deployment of harbor is very troublesome. Fortunately, you can now use docker compose (stand-alone orchestration tool) to install harbor.

Next we are going to install harbor for a try.

The official project address is: https://github.com/goharbor/harbor

Official installation documentation: https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

The official harbor requirements are as follows:

SoftwareVersionDescriptionPythonversion 2.7or higherNote that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by defaultDocker engineversion 1.10 or higherFor installation instructions, please refer to: https://docs.docker.com/engine/installation/Docker Composeversion 1.6.0 or higherFor installation instructions, please refer to: https://docs.docker.com/compose/install/Openssllatest is preferredGenerate certificate and keys for Harbor

Install the epel source first.

[root@harbor yum.repos.d] # cd / etc/yum.repos.d/ [root@harbor yum.repos.d] # wget-O / etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

Check the docker-compose version in epel:

[root@docker-registry yum.repos.d] # yum info docker-composeepel 12742/12742Available PackagesName: docker-composeArch: noarchVersion: 1.18.0Release: 1.el7Size: 226 kRepo: Epel/x86_64Summary: Multi-container orchestration for DockerURL: https://github.com/docker/composeLicense: ASL 2.0

Log in to https://github.com/goharbor/harbor/releases to download harbor.

We download the binary installation package:

[root@harbor ~] # wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz[root@harbor ~] # tar-xvf harbor-offline-installer-v1.6.1.tgz-C / usr/local/

Edit the configuration file:

[root@harbor ~] # cd / usr/local/harbor/ [root@docker-registry harbor] # vim harbor.cfghostname = 172.16.22.196 # the name of the harbor server, which can be an IP address (native ip) or a complete domain name. Do not use localhost or 127.0.0.1, because the service needs to be accessed by other machines ui_url_protocol = http max_job_workers = 10 # less than the number of cpu of the operating system harbor_admin_password = Harbor12345 # admin password

Stop the docker-distribution we installed earlier

[root@harbor harbor] # systemctl stop docker-distribution

Install docker-compose

[root@docker-registry harbor] # yum install docker-compose

Install docker:

[root@harbor harbor] # yum intall docker-ce [root@harbor harbor] # systemctl start docker

Install harbor:

[root@harbor harbor] #. / prepare [root@harbor harbor] #. / install.sh [Step 0]: checking installation environment... Note: docker version: 18.06.1Note: docker-compose version: 1.18.0

The installation process takes a long time because it needs to deploy the harbor.v1.6.1.tar.gz images and install them.

After logging in, we create a normal user:

Create a project:

Note: the replication management above is used to make master-slave replication for harbor.

Then log in as a normal user and create a project:

We log in to another machine, node03, as the client, and then modify the client on this machine to access harbor server by http (in my case, ip is 172.16.22.196):

[root@k8s-node3 ~] # vim / etc/docker/daemon.json {"registry-mirrors": ["https://registry.docker-cn.com"],"insecure-registries": [" 172.16.22.196 "]} [root@k8s-node3 ~] # systemctl daemon-reload [root@k8s-node3 ~] # systemctl restart docker

Then tag the node3 image in the form of harbor hostname:

[root@k8s-node3 ~] # docker tag mysql:5.7.22 172.16.22.196/dev/mysql:5.7.22

On the node3 machine, log in to docker-registry (172.16.22.196)

[root@k8s-node3 ~] # docker login 172.16.22.196Username: chenzhixinPassword: Login Succeeded

Push the image on node3 to harbor server172.16.22.196:

[root@k8s-node3 ~] # docker push 172.16.22.196/dev/mysql # push images of all tags under mysql to harbor without tagging [172.16.22.196/dev/mysql] a968f24d4187: Pushed 489bddb9c55e: Pushed 22b402e93939: Pushed 8aeebb3964c1: Pushed 94f8d8f5acbf: Pushed c0c26734fb83: Pushed 4801a487d51a: Pushed aae63f31dee9: Pushed 6f8d38b0e2b6: Pushed cdb3f9544e4c: Pushed 5.7.22: digest: sha256:1d3119703eb04855c971a9ec24646184444fa1bd889b201de3ce8904c35eb627 size: 2621

Then we can see the image we pushed on harbor server:

Stop and start of the Harbor container:

Go to the Harbor directory and execute the following command: cd / usr/local/harbordocker-compose stop/start

Other supplementary knowledge:

/ usr/local/harbor/docker-compose.yml: the directory where the data is stored is defined in this file: / data

[root@harbor harbor] # ls / data/ca_download config database job_logs psc redis registry secretkey this is the end of the article on "how to build a docker private warehouse". I hope the above content can be helpful to you so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.