Shulou(Shulou.com)06/03 Report--

Registry is used to hold docker images, including the hierarchy and metadata of the images. Users can build their own Registry or use the official Docker Hub.

Docker Registry classification:

Sponsor Registry: third-party registry for customers and the Docker community to use Mirror Registry: third-party registryy for customers to use only Vendor Registry: registryPrivate Registry provided by the vendor that publishes Docker images: registry private Registry provided by private entities with firewalls and additional security layers

Deploy the service to the server before using it.

YUM installation

It can be installed through yum:

Yum install docker-registryyum install docker-distribution

Both of the above commands install docker-distribution. Just execute one.

Information about the software package:

[root@Docker ~] # yum info docker-distribution loaded plug-in: fastestmirrorLoading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com installable package name: docker-distribution Architecture: x86 / 64 version: 2.6.2 release: 2.git48294d9.el7 size: 3.5m Source: extras/7/x86_64 introduction: Docker toolset to pack, ship, store And deliver content Web site: https://github.com/docker/distribution Protocol: ASL 2.0description: Docker toolset to pack, ship, store, and deliver content [root@Docker] #

This is not installed, because the service can also be installed and run in a container.

Container installation

Docker officially also provides containers and provides Registry services based on containers.

Download the image:

[root@Docker ~] # docker image pull registryUsing default tag: latestlatest: Pulling from library/registryc87736221ed0: Pull complete 1cc8e0bb44df: Pull complete 54d33bcb37f5: Pull complete e8afc091c171: Pull complete b4541f6d3db6: Pull complete Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146Status: Downloaded newer image for registry:latest [root@Docker ~] #

Start the container:

Docker run-d-p 5000UR 5000-restart always-name registry registry

Configuration file

View the configuration file for registry:

[root@Docker ~] # docker container exec-it registry cat / etc/docker/registry/config.ymlversion: 0.1log: fields: service: registrystorage: cache: blobdescriptor: inmemory filesystem: rootdirectory: / var/lib/registryhttp: addr:: 5000 headers: X-Content-Type-Options: [nosniff] health: storagedriver: enabled: true interval: 10s threshold: 3 [root@Docker ~] #

Here is the default configuration file. The configuration file is specified by the CMD command, and the default CMD directive for dockerfile is as follows:

CMD ["/ etc/docker/registry/config.yml"]

The location where the image is stored

There is a VOLUME instruction in the image Dockerfile, and this path is the path where the container stores the image:

VOLUME ["/ var/lib/registry"]

When starting the mirror, you can use the-v parameter to specify the directory of the host.

Upload image

Before uploading an image, mark the image:

[root@Docker ~] # docker push busybox loclhost:5000/busybox

Here you are ready to push the local busybox to the server loclhost:5000. The user name of the warehouse is omitted here, and without a user name is a top-level warehouse.

Push:

[root@Docker ~] # docker push localhost:5000/busyboxThe push refers to repository [localhost:5000/busybox] 0d315111b484: Pushed latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527 [root@Docker ~] #

Do not push to the native lo interface, that is, the server address does not use localhost or 127.0.0.1. Instead, it is pushed to the address of the local network card. Just like other hosts are going to push to the local registry. Then the following error occurs:

[root@Docker ~] # docker push 192.168.24.170:5000/busyboxThe push refers to repository [192.168.24.170:5000/busybox] Get https://192.168.24.170:5000/v2/: http: server gave HTTP response to HTTPS client [root@Docker ~] #

The problem here is that docker works by default using the https protocol, while the response of the registry server is the http protocol. There are two solutions.

The first method is to modify registry to adapt the docker,registry server to https protocol.

The second method is to modify docker to use registry and add the registry server address to the insecure-registries of docker

Configure insecure-registries

Modify the configuration file, then restart the load, and then push it up:

[root@Docker ~] # cat / etc/docker/daemon.json {"registry-mirrors": ["http://hub-mirror.c.163.com"," https://docker.mirrors.ustc.edu.cn"], "insecure-registries": ["192.168.24.170 systemctl reload docker 5000"]} [root@Docker ~] # systemctl reload docker [root@Docker ~] # docker push 192.168.24.170:5000/busyboxThe push refers to repository [192.168.24.170:5000/busybox] 0d315111b484: Layer already exists latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527 [root@Docker ~] # download image

Specify the image uploaded before Registry download:

[root@Docker ~] # docker pull 192.168.24.170:5000/busyboxUsing default tag: latestlatest: Pulling from busyboxee153a04d683: Pull complete Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649Status: Downloaded newer image for 192.168.24.170:5000/busybox:latest [root@Docker ~] # Harbor

Harbor is an enterprise-class Registry server for storing and distributing Docker images.

Harbor characteristics

Role-based access control: users and Docker image repositories are organized and managed through a "project". A user can have different permissions for multiple image repositories in the same namespace (project).

Mirror replication: mirrors can be replicated (synchronized) in multiple Registry instances. It is especially suitable for load balancing, high availability, hybrid cloud and cloudy scenarios.

Graphical user interface: users can browse through the browser, retrieve the current Docker image repository, and manage projects and namespaces.

AD/LDAP support: Harbor can integrate the existing AD/LDAP within the enterprise for authentication and authentication management.

Audit management: all operations against the image warehouse can be recorded and traced for audit management.

Internationalization: there are localized versions in English, Chinese, German, Japanese and Russian. More languages will be added.

RESTful API:RESTful API provides administrators with more control over Harbor, making it easier to integrate with other management software.

Easy to deploy: provide both online and offline installation tools, or install to virtual devices on the vSphere platform (OVA mode).

Installation preparation

Github project address:

Https://github.com/vmware/harbor

This is an open source project for vmware, which will actually jump to the following address:

Https://github.com/goharbor/harbor

Download harbor

Check the content of the README,Features of the project mentioned above, here mainly look at the content of the Install & Run section.

The first is to download

Harbor release:

Https://github.com/goharbor/harbor/releases

$wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2-rc1.tgz

Install configuration Wizard

Installation & Configuration Guide:

Https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

Hardware requirements:

ResourceCapacityDescriptionCPUminimal 2 CPU4 CPU is preferredMemminimal 4GB8GB is preferredDiskminimal 40GB160GB is preferred

Software requirements:

SoftwareVersionDescriptionDocker engineversion 17.06.0 please refer to + or higherFor installation instructions, please refer to: docker engine docDocker Composeversion 1.18.0 or higherFor installation instructions, please refer to: docker compose docOpenssllatest is preferredGenerate certificate and keys for Harbor

Installation steps:

Download the installer;Configure harbor.yml;Run install.sh to install and start Harbor

After downloading, decompress:

[root@Harbor] # tar xvf harbor-offline-installer-v1.8.1.tar-C / optharbor/harbor.v1.8.1.tar.gzharbor/prepareharbor/LICENSEharbor/install.shharbor/harbor.yml [root@Harbor ~] #

Downloaded files are no longer needed after they are unzipped. The unzipped files are not needed after installation. So it doesn't matter where you download it or where you extract it. It is suggested that you can unzip it into / opt or / usr/local.

The image in the installation package

In the unzipped file, there is a file harbor.v1.8.1.tar.gz. This is the exported docker image. Remember the docker save command, you can package and export multiple images and complete compression:

$docker save myimg/httpd:v1 myimg/httpd:v2 | gzip > myimage_latest.tar.gz

That's how this file should come from. In the subsequent installation process, all the images in this file will be imported in a batch:

$docker load-I myimage_latest.tar.gz

The install.sh script executed during installation contains statements to extract and import the image:

If [- f harbor*.tar.gz] then h3 "[Step $item]: loading Harbor images..."; let item+=1 docker load-I. / harbor*.tar.gzfi

Dependencies and procedures for installation

The installation of Harbor is to install a lot of containers for the current host and start them all. To start Harbor is to start these containers with docker-compose, and to close harbor is to close the containers at once through docker-compose. Docker-compose is needed because harbor is coordinated by many containers and dependencies between containers, all of which need to be coordinated by docker-compose, a stand-alone orchestration tool.

So before installing harbor, you need to install docker-compose in order to achieve the local container orchestration. Docker needs to be installed to start the local image. The image is in the downloaded and unzipped file. You also need to start docker in order to run the container.

After the preparation is completed, the install.sh script prepared by harbor is executed, the images are loaded locally, and the images are started in turn through docker-compose, and run on the local docker.

Modify the harbor.yml configuration file, the host name must be changed, it is best to use the local domain name, if there is no domain name, then use the local IP address. If there is no change, there will be the following error prompt:

[root@Harbor harbor] #. / install.sh ➜Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.Please set-- with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https. Please set-with-clair if needs enable Clair in HarborPlease set-with-chartmuseum if needs enable Chartmuseum in Harbor [root@Harbor harbor] #

Check and find that docker is not installed:

[root@Harbor harbor] # / install.sh [Step 0]: checking installation environment... ✖ Need to install docker (17.06.0 +) first and run this script again. [root@Harbor harbor] #

Check and find that docker-compose is not installed:

[root@Harbor harbor] # / install.sh [Step 0]: checking installation environment... Note: docker version: 19.03.1 ✖ Need to install docker-compose (1.18.0 +) by yourself first and run this script again. [root@Harbor harbor] #

Check and find that docker is not started:

[root@Harbor harbor] #. / install.sh [Step 0]: checking installation environment... Note: docker version: 19.03.1Note: docker-compose version: 1.18.0 [Step 1]: loading Harbor images... Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? [root@Harbor harbor] # Docker Compose

Docker stand-alone orchestration tool. Official documents:

Https://docs.docker.com/compose/

In order to simplify the installation and deployment of harbor, harbor makes applications that run in containers. But the operation of harbor also depends on many other applications, so several containers need to be orchestrated to work together. Therefore, the deployment and use of harbor requires the help of Docker's stand-alone orchestration tool Docker Compose.

Install docker-compose, located in the epel source:

Yum install docker-compose

Compose template file

Template file is the core of using Compose, and there are many instruction keywords designed. The default template file name is docker-compose.yml and the format is YAML format.

This is not the point, it would be nice to install and use harbor, but take a look at it briefly.

To use docker-compose, you have to write an orchestration script, which, like dockerfile, has a lot of instructions. Define each container to start, indicating the dependency, so that the dependent container needs to be started first. When you close the container, you should also be symmetrical, first close the containers that are not dependent.

By the way, take a look at harbor's docker-compose.yml file:

[root@Harbor harbor] # cat docker-compose.yml version: version of '2.3' # docker-compose services: # defines the name of a service log: # service, which is provided through a container, specifically by setting image: goharbor/harbor-log:v1.8.1 # to specify the image of the container You can also use the build instruction to create the name of the container generated by container_name: harbor-log # through dockerfile. Restart: always # container automatically restarts dns_search:. Cap_drop:-ALL cap_add:-CHOWN-DAC_OVERRIDE-SETGID-SETUID volumes: # Definitions volume-/ var/log/harbor/:/var/log/docker/:z -. / common/config/log/:/etc/logrotate.d/:z ports:-127.0.0.1 A network joined by 1514 DAC_OVERRIDE 10514 networks: # -harbor registry: image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1 container_name: registry restart: always cap_drop:-ALL cap_add:-CHOWN-SETGID-SETUID volumes:-/ data/registry:/storage:z -. / common/config/registry/:/etc/registry/:z-type: bind source : / data/secret/registry/root.crt target: / etc/registry/root.crt networks:-harbor dns_search:. Depends_on: # dependent container name-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" registryctl: image: goharbor/harbor-registryctl:v1.8.1 container_name: registryctl env_file: -. / common/config/registryctl/env restart: always cap _ drop:-ALL cap_add:-CHOWN-SETGID-SETUID volumes:-/ data/registry:/storage:z -. / common/config/registry/:/etc/registry/:z-type: bind source:. / common/config/registryctl/config.yml target: / etc/registryctl/config.yml networks:-harbor dns_search:. Depends_on:-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registryctl" postgresql: image: goharbor/harbor-db:v1.8.1 container_name: harbor-db restart: always cap_drop:-ALL cap_add:-CHOWN-DAC_OVERRIDE -SETGID-SETUID volumes:-/ data/database:/var/lib/postgresql/data:z networks: harbor: dns_search: Env_file: -. / common/config/db/env depends_on:-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "postgresql" core: image: goharbor/harbor-core:v1.8.1 container_name: harbor-core env_file: -. / common/ Config/core/env restart: always cap_drop:-ALL cap_add:-SETGID-SETUID volumes:-/ data/ca_download/:/etc/core/ca/:z-/ data/psc/:/etc/core/token/:z-/ data/:/data/:z -. / common/config/core/certificates/:/etc/core/certificates/:z -type: bind source:. / common/config/core/app.conf target: / etc/core/app.conf-type: bind source: / data/secret/core/private_key.pem target: / etc/core/private_key.pem-type: bind source: / data/secret/keys/secretkey target: / etc/core/key networks: harbor: dns_search:. Depends_on:-log- registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "core" portal: image: goharbor/harbor-portal:v1.8.1 container_name: harbor-portal restart: always cap_drop:-ALL cap_add:-CHOWN- SETGID-SETUID-NET_BIND_SERVICE networks:-harbor dns_search:. Depends_on:-log- core logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "portal" jobservice: image: goharbor/harbor-jobservice:v1.8.1 container_name: harbor-jobservice env_file: -. / common/config/jobservice/env restart: always cap_drop: -ALL cap_add:-CHOWN-SETGID-SETUID volumes:-/ data/job_logs:/var/log/jobs:z-type: bind source:. / common/config/jobservice/config.yml target: / etc/jobservice/config.yml networks:-harbor dns_search:. Depends_on:-redis- core logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis: image: goharbor/redis-photon:v1.8.1 container_name: redis restart: always cap_drop:-ALL cap_add:-CHOWN-SETGID -SETUID volumes:-/ data/redis:/var/lib/redis networks: harbor: dns_search: Depends_on:-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: goharbor/nginx-photon:v1.8.1 container_name: nginx restart: always cap_drop:-ALL cap_add:-CHOWN-SETGID-SETUID -NET_BIND_SERVICE volumes: -. / common/config/nginx:/etc/nginx:z networks:-harbor dns_search:. Ports:-80:80 depends_on:-postgresql-registry-core-portal-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" networks: harbor: external: false [root@Harbor harbor] # install Harbor

Before installation, you need to modify the configuration of the harbor.yml file, or at least change the host name, as mentioned before. Other configurations are modified as needed and can be installed without modification.

As long as everything is ready, you can install:

[root@Harbor harbor] #. / install.sh [Step 0]: checking installation environment... Note: docker version: 19.03.1Note: docker-compose version: 1.18.0 [Step 1]: loading Harbor images... ba58b7bb3f17: Loading layer 33.32MB/33.32MB. Skip. Loaded image: goharbor/clair-photon:v2.0.8-v1.8.1 [Step 2]: preparing environment. Prepare base dir is set to / opt/harborGenerated configuration file: / config/log/logrotate.conf. Skip. Generated certificate, key file: / secret/core/private_key.pem, cert file: / secreCreating harbor-log. DoneGenerated configuration file: / compose_location/docker-compose.ymlClean up the input dirCreating registry... DoneCreating harbor-core... Done [Step 3]: starting Harbor... Creating harbor-portal... DoneCreating nginx... DoneCreating harbor-db... Creating redis... Creating registryctl... Creating registry... Creating harbor-core... Creating harbor-portal... Creating harbor-jobservice... Creating nginx... ✔-Harbor has been installed and started successfully.----Now you should be able to visit the admin portal at http://HarborStudy. For more details, please visit https://github.com/goharbor/harbor. [root@Harbor harbor] #

If the installation is successful, you can take a look at the listening port, which images are installed, and which containers are started:

$ss-tnl$ docker images$ docker ps login to Harbor

The default password is set in harbor.yml:

Harbor_admin_password: Harbor12345

The user name is admin. If the password is not changed, it is the default. You can log in.

Using a browser to visit the Web page, you can see some administrative interfaces.

In addition, to upload or download an image, you need to use the docker command to execute the command. Before that, you also need to log in to Harbor, and use the docker login command to complete the login:

[root@Harbor harbor] # docker login localhostUsername: adminPassword: WARNING! Your password will be stored unencrypted in / root/.docker/config.json.Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded [root@Harbor harbor] #

The image cannot be pushed until the login is successful.

Stop Harbor

To stop or start harbor, you need to use the docker-compose command.

Before operating, it is best to change the directory to the directory where the docker-compose.yml you want to operate is located, so that docker-compose can automatically find the template file and operate.

Stop harbor:

[root@Harbor harbor] # cd / opt/harbor/ [root@Harbor harbor] # docker-compose stopStopping nginx... DoneStopping harbor-portal... DoneStopping harbor-jobservice... DoneStopping harbor-core... DoneStopping registryctl... DoneStopping harbor-db... DoneStopping registry... DoneStopping redis... DoneStopping harbor-log... Done [root@Harbor harbor] #

Then start it again:

[root@Harbor harbor] # docker-compose startStarting log... DoneStarting registry... DoneStarting registryctl... DoneStarting postgresql... DoneStarting core... DoneStarting portal... DoneStarting redis... DoneStarting jobservice... DoneStarting proxy... Done [root@Harbor harbor] #

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.