Shulou(Shulou.com)06/02 Report--

As docker uses more and more images, you need to have a place to keep the images, which is the repository. At present, there are two commonly used warehouses: public warehouse and private warehouse. The most convenient thing is to use the public warehouse to upload and download. You don't need to register to download the image of the public warehouse, but you need to register when uploading.

Registry and Harbor are the most commonly used private repositories, so how to create private repositories is described in detail next.

1. Building registry private warehouse 1) case description

Two docker servers, dockerA creates a private registry warehouse, and dockerB is used for testing!

2) case example (1) Operation of DockerA server [root@dockerA ~] # docker pull registry:2// download image of registry:2 [root@dockerA ~] # docker run-itd-- name registry-- restart=always-p 5000Ranger 5000-v / registry:/var/lib/registry registry:2// create a registry container to run registry service; / /-p: Port mapping (the host port in front: the port exposed in the back) / /-v: Mount the directory (the directory of the host in front and the directory of the container in the back) automatically create the directory of the host; / /-- restart=always: start with the startup of the docker service! [root@dockerA ~] # docker ps / / make sure the container is running CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESf98bf93f100e registry:2 "/ entrypoint.sh / etc …" 3 minutes ago Up 3 minutes 0.0.0.0 netstat 5000-> 5000/tcp registry [root@dockerA ~] # netstat-anpt | grep 5000 / / make sure that port 5000 is being monitored tcp6 00:: 5000: * LISTEN 2370/docker-proxy [root@dockerA ~] # docker tag centos:7 192.168.1.1 Vor5000 / centos:7// change the image name In order to comply with the specification of private warehouse name Note: naming rules of private warehouse image: 192.168.20.7:5000/XXX (IP:5000 port / image name of host) [root@dockerA ~] # vim / usr/lib/systemd/system/docker.service / / write the main configuration file of docker service 13 ExecStart=/usr/bin/dockerd-- insecure-registry 192.168.1.1root@dockerA 5000 ExecStart=/usr/bin/dockerd / modify the original configuration file Add unsafe warehouses (--insecure-registry) The address is the IP address of the host and port 5000 [root@dockerA ~] # systemctl daemon-reload [root@dockerA ~] # systemctl restart docker / / restart the docker service [root@dockerA ~] # docker push 192.168.1.1:5000/centos:7// to upload the renamed image to the registry private repository [root@dockerA ~] # curl 192.168.1.1:5000/v2/_catalog / / View the image {"repositories": ["centos"]} [root@dockerA ~] # curl 192.168.1.1:5000/v2/centos/tags/list / / View the details of the image {"name": "centos" in the private repository "tags": ["7"]} (2) Operation of DockerB server [root@dockerB ~] # vim / usr/lib/systemd/system/docker.service / / modify docker's main configuration file 13 ExecStart=/usr/bin/dockerd-- insecure-registry 192.168.1.1Groupe 5000 ExecStart=/usr/bin/dockerd / add content consistent with registry Specify the IP address and port of the registry private warehouse server [root@dockerB ~] # systemctl daemon-reload [root@dockerB ~] # systemctl restart docker / / restart the docker service [root@dockerB ~] # curl 192.168.1.1:5000/v2/_catalog / / View the image {"repositories": ["centos"]} [root@dockerB ~] # curl 192.168.1.1Vol 5000 / in the private warehouse V2/centos/tags/list / / View the image {"name": "centos" in the private repository "tags": ["7"]} [root@dockerB ~] # docker pull 192.168.1.1:5000/centos:7// download the image in the private repository [root@dockerB ~] # docker images / / confirm that the image has been downloaded to local REPOSITORY TAG IMAGE ID CREATED SIZE192.168.1.1:5000/centos 7 5e35e350aded 5 weeks ago 203MB

At this point, the registry private warehouse has been built!

Second, build a private warehouse for Harbor

Compared with Registry private warehouse, Harbor private warehouse is much more powerful and supports web graphical management, so it is very popular in enterprises!

1) case description

Two docker servers, dockerA creates a private Harbor warehouse, and dockerB is used for testing!

2) case example (1) download docker-compose tool

First, go to the official website of github, as shown in the figure:

Operation of DockerA server

[root@dockerA ~] # yum- y install yum-utils device-mapper-persistent-data lvm2// download the dependencies required by the docker-compose tool (when deploying a docker environment You can install) [root@dockerA ~] # curl-L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname-s`-`uname-m`-o / usr/local/bin/docker-compose// download the docker-compose tool [root@dockerA ~] # chmod + x / usr/local/bin/docker-compose [root@dockerA ~] # docker-compose-v docker-compose version 1.25.0 Build 0a186604// View docker-compose tool version Information Ensure that the installation has been successful (2) configure Harbor

It is also on the github official website search, find the corresponding version can, here do not do more screenshots!

Web site: https://github.com/goharbor/harbor/releases

As shown in the figure:

It also operates on the dockerA server.

[root@dockerA ~] # wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.1.tgz// download harbor package [root@dockerA ~] # tar zxf harbor-offline-installer-v1.9.1.tgz-C / usr/local [root@dockerA ~] # cd / usr/local/harbor/ [root@dockerA harbor] # vim harbor.yml / / write its configuration file. Other versions end with cfg by default. This version ends with yml, and the contents of the files are all the same hostname: 192.168.1.1 / / change it to the local IP address harbor_admin_password: Harbor12345 / / this line already exists, you don't need to fill in it yourself, just remember its user name and password If necessary, you can modify [root@dockerA harbor] # / install.sh / / execute the installation script [root@dockerA harbor] # vim / usr/lib/systemd/system/docker.service / / write the docker main configuration file 13 ExecStart=/usr/bin/dockerd-- insecure-registry 192.168.1.1 ExecStart=/usr/bin/dockerd / similar to registry. The port number is not entered in the main harbor configuration file. You can also add it here. Otherwise, there may be an error [root@dockerA harbor] # systemctl daemon-reload [root@dockerA harbor] # systemctl restart docker / / restart the docker service [root@dockerA harbor] # pwd/usr/local/harbor / / Note the directory under which [root@dockerA harbor] # docker-compose start// must start all containers using the docker-compose tool (because when restarting docker All containers have been closed) [root@dockerA harbor] # netstat-anpt | grep 80 / / confirm that port 80 is listening on tcp 00 172.18.0.1 tcp 33780 172.18.0.5 tcp 10514 ESTABLISHED 70076/docker-proxy tcp6 00:: 80: * LISTEN 72870/docker-proxy

Client accesses the web page:

(3) upload image

After the warehouse is built, upload the image on the dockerA (harbor) server!

[root@dockerA ~] # docker login-u admin-p Harbor12345 192.168.1.1 WARNING / specify user name, password and harbor server address to log in to WARNING! Using-- password via the CLI is insecure. Use-password-stdin.WARNING! Your password will be stored unencrypted in / root/.docker/config.json.Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded / / successfully logged in [root@dockerA ~] # docker tag centos:7 192.168.1.1/test/centos:7// needs to change the image name. Test is the repository name just created [root@dockerA ~] # docker push 192.168.1.1/test/centos:7// to upload the image to the test repository of the harbor server.

After the upload is completed, as shown below:

(4) Test and download the image [root@dockerB] # vim / usr/lib/systemd/system/docker.service / / write the main configuration file 13 ExecStart=/usr/bin/dockerd of docker on the dockerB server-- insecure-registry 192.168.1.1 IP / specify the IP address of the harbor server [root@dockerB ~] # systemctl daemon-reload [root@dockerB ~] # systemctl restart docker / / restart the docker service [root@dockerB ~] # docker Login-u admin-p Harbor12345 192.168.1.1 / log in to the harbor server WARNING! Using-- password via the CLI is insecure. Use-password-stdin.WARNING! Your password will be stored unencrypted in / root/.docker/config.json.Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded / / Log in successfully [root@dockerB ~] # docker pull 192.168.1.1/test/centos:7// download image to test [root@dockerB ~] # docker images / / make sure the image has been downloaded and completed REPOSITORY TAG IMAGE ID CREATED SIZE192.168.1.1/test/centos 7 5e35e350aded 5 weeks ago 203MB

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.