Shulou(Shulou.com)06/02 Report--

I. Classification of Docker Registry

Registry is used to save docker images, including the hierarchy and metadata of the images. Users can build their own Registry or use the official docker hub.

Sponsor Registry: third-party Registry for use by customers and the docker community

Mirror Registry: third-party Registry for customers only

Vendor Registry: Registry provided by the vendor that published the Docker image

Private Registry: Registry provided by private entities with firewalls and additional security layers

II. Docker Distribution

Docker distribution is a private repository package provided by docker, which can also be run in containers. Therefore, there is a mirror image of it in docker hub. However, docker distribution does not have a web interface, which does not support browsing and searching for images in web like docker hub, let alone using docker file to automatically build images in docker hub. To do this, you can use harbor

1. How to install docker distribution

Let it run in the container by downloading the docker distribution image on ducker hub. Because of the feature that the data will be deleted once the container is stopped, we also provide it with storage volumes and use the network file system to persist the mirrored data in the warehouse.

Yum installation. The docker distribution installation package is located in the Extras of the yum repository and can be installed directly.

2. Yum install docker distribution

2.1. Installation

[root@centos7-node2 ~] # yum info docker-distributionLoaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cnInstalled PackagesName: docker-distributionArch: x86_64Version: 2.6.2Release: 2.git48294d9.el7Size: 12 MRepo: installedFrom repo: extrasSummary: Docker toolset to pack, ship, store And deliver contentURL: https://github.com/docker/distributionLicense: ASL 2.0Description: Docker toolset to pack, ship, store And deliver content [root@centos7-node2 ~] # yum install docker-distribution [root@centos7-node2 ~] # rpm-ql docker-distribution/etc/docker-distribution/registry/config.yml/usr/bin/registry/usr/lib/systemd/system/docker-distribution.service/usr/share/doc/docker-distribution-2.6.2/usr/share/doc/docker-distribution-2.6.2/AUTHORS/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md/usr / share/doc/docker-distribution-2.6.2/LICENSE/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS/usr/share/doc/docker-distribution-2.6.2/README.md/var/lib/registry [root@centos7-node2 ~] # service docker-distribution startRedirecting to / bin/systemctl start docker-distribution.service [root@centos7-node2 ~] # netstat-tlunp | grep 5000tcp6 00: 5000:: : * LISTEN 2912/registry

2.2, configuration

The default profile is fine. Change it according to your own needs.

[root@centos7-node2 ~] # vim / etc/docker-distribution/registry/config.ymlversion: 0.1log: fields: service: cache: layerinfo: inmemory filesystem: rootdirectory: / var/lib/registryhttp: addr:: 5000

3. Create an image and upload it to docker-distribution

3.1. Create an image and upload it

[root@bogon ~] # docker tag httpd:1.1 centos7-node2.local:5000/httpd:1.1 [root@bogon ~] # docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEcentos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MBhttpd 1.1 Bbffcf779dd4 2 weeks ago 264MBnginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~] # docker pull centos7-node2.local:5000/httpd:1.1Error response from daemon: Get https://centos7-node2.local:5000/v2/: dial tcp 192.168.31.187 vim 5000: connect: no route to host [root@bogon ~] # vim / etc/docker/daemon.json "insecure-registries": ["centos7-node2.local:5000"] [root@bogon ~] # service docker restartRedirecting to / bin/systemctl restart docker.service [root@bogon ~] # docker push centos7-node2.local:5000/httpd:1.1The push refers to repository [centos7-node2.local:5000/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.1: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741

# docker client uses https and Registry to communicate by default. If the private repository is http protocol, you need to change the docker client configuration file.

3.2.Verification in docker distribution

[root@centos7-node2] # ll / var/lib/registry/docker/registry/v2/repositories/httpd/_layers/sha256/total 0drwxr-xr-x. 2 root root 18 Nov 20 17:15 bbffcf779dd42e070d52a4661dcd3eaba2bed898bed8bbfe41768506f063ad32drwxr-xr-x. 2 root root 18 Nov 20 17:15 f06537d9e799fdeca094e95d56295b96359d188988b5d78353f716de5856b5b1drwxr-xr-x. 2 root root 18 Nov 20 17:15 f9f73d801f0558b085ffa505240a065319269c4cefbe9c2e60103d58761edfa8

Delete the previous image in the docker client and retrieve it

[root@bogon] # docker image rm centos7-node2.local:5000/httpd:1.1Untagged: centos7-node2.local:5000/httpd:1.1Untagged: centos7-node2.local:5000/httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 [root@bogon] # [root@bogon] # docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEhttpd 1.1 bbffcf779dd4 2 Weeks ago 264MBnginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~] # docker pull centos7-node2.local:5000/httpd:1.11.1: Pulling from httpdDigest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5Status: Downloaded newer image for centos7-node2.local:5000/httpd:1.1 [root@bogon ~] # docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEcentos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MBhttpd 1.1 bbffcf779dd4 2 weeks ago 264MBnginx stable ecc98fc2f376 5 weeks ago 109MB

What is harbor?

Harbor is a CNCF (Cloud Native Computing Foundation) jointly established by Google, IBM and Microsoft, a third-party organization that specializes in maintaining projects such as K8s. It maintains projects such as K8s, prometheus, etc., including the harbor (private warehouse server software) project that has just been joined. Harbor is now an enterprise-class warehouse application. The secondary development project done by VMWare on the basis of docker distribution adds a lot of additional programs, including a web interface. Therefore, we can use harbor to build a complete local private repository.

Project Harbor is an open source trusted cloud native Registry project that stores, signs, adn scans content .

Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security,identity and management

Harbor supports advanced features such as user management,access control,activity monitoring, and replication between instances

1. Characteristics of harbor

Support for multi-tenancy, and a harbor allows many users to register to manage their own warehouses.

Support security, risk analysis

Support for audit logs

Role-based access control

Support for replication between multiple harbor

Extensible api,ui graphical interface

Internationalized, currently supports english and chinese

2. Installation of harbor

Harbor officially made harbor an application that runs in containers in order to simplify its installation, because harbor relies on many storage systems, such as mysql, redis, and so on. So multiple containers are needed to work together. Therefore, vmware's harbor needs to be deployed and used with the help of docker's stand-alone disk changer tool, compose.

Download address: https://github.com/goharbor/harbor/releases

Installation documentation: https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

[root@centos7-node2 src] # wget [root@centos7-node2 src] # tar-zxvf harbor-offline-installer-v1.5.4.tgz-C / usr/local/ [root@centos7-node2 src] # cd / usr/local/harbor/ [root@centos7-node2 harbor] # sed-I 's/hostname = reg.mydomain.com/hostname = centos7-node2.local/g'. / harbor.cfg [root@centos7-node2 harbor] # yum install docker-compose [root@centos7-node2 harbor ] # yum install epel-release [root@centos7-node2 harbor] # yum install docker-compose [root@centos7-node2 harbor] #. / install.sh?.----Harbor has been installed and started successfully.----Now you should be able to visit the admin portal at http://centos7-node2.local. For more details Please visit https://github.com/vmware/harbor. [root@centos7-node2 harbor] # docker container ls-aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES2ecc079867c6 vmware/nginx-photon : v1.5.4 "nginx-g 'daemon of?? 14 seconds ago Up 12 seconds (health: starting) 0.0.0.0 seconds ago Up 80-> 80/tcp 0.0.0.0UR 443-> 443/tcp 0.0.0.0 seconds ago Up 4443-> 4443/tcp nginxa1b51d6d296a vmware/harbor-jobservice:v1.5.4 "/ harbor/start.sh" 14 seconds ago Up 12 seconds harbor-jobservice0ffb3f2a442e vmware/harbor-ui:v1.5.4 "/ harbor/start.sh" 16 seconds ago Up 14 seconds (health: starting) harbor-ui1c5e3590ac25 vmware/registry-photon:v2.6.2-v1.5.4 "/ entrypoint.sh serv?? 19 seconds ago Up 16 seconds (health: starting) 5000/tcp Registryfd09682ac89a vmware/harbor-adminserver:v1.5.4 "/ harbor/start.sh" 19 seconds ago Up 16 seconds (health: starting) harbor-adminserver054710b41aa2 vmware/harbor-db:v1.5.4 "/ usr/local/bin/dock?? 19 seconds ago Up 16 seconds (health: starting) 3306/tcp harbor-dbc03daf7e3bb1 vmware/redis-photon:v1.5.4" docker-entrypoint.s?? 19 seconds ago Up 17 seconds 6379/tcp Redisb1fcf0c916a1 vmware/harbor-log:v1.5.4 "/ bin/sh-c / usr/loc?? 22 seconds ago Up 18 seconds (health: starting) 127.0.0.1 usr/loc?? 1514-> 10514/tcp harbor-log [root@centos7-node2 harbor] #

After the harbor installation is successful, eight containers will be started.

Note: since the network of harbor is nat, it is necessary to turn on the firewall service, otherwise it will not be installed.

Finally, the successful installation of the web interface

3. Use the harbor web interface

3.1. Create a new project

3.2. Click on the newly created project. There is no image yet.

3.3.Use docker client to create an image and upload it

[root@bogon ~] # docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.2 [root@bogon ~] # docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.3 [root@bogon ~] # docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.4 [root@bogon ~] # docker login centos7-node2.localUsername: gouyacaiPassword: WARNING! Your password will be stored unencrypted in / root/.docker/config.json. [root@bogon ~] # docker push centos7-node2.local/development/httpd:1.2The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.2: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~] # docker push centos7-node2.local/development/httpd:1.3The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1 .3: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~] # docker push centos7-node2.local/development/httpd:1.4The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1.4: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741

Pull the image from harbor to the docker client

[root@bogon ~] # docker image rm centos7-node2.local/development/httpd:1.2Untagged: centos7-node2.local/development/httpd:1.2 [root@bogon ~] # docker image rm centos7-node2.local/development/httpd:1.3Untagged: centos7-node2.local/development/httpd:1.3 [root@bogon ~] # docker image rm centos7-node2.local/development/httpd:1.4Untagged: centos7-node2.local/development/httpd:1.4Untagged: centos7-node2.local/development/ Httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 [root@bogon ~] # [root@bogon ~] # docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEcentos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MBhttpd 1.1 bbffcf779dd4 2 weeks Ago 264MBnginx stable ecc98fc2f376 5 weeks ago 109MBcentos 6.6 4e1ad2ce7f78 5 weeks ago 203MBredis 4-alpine 05097a3a0549 6 weeks ago 30MB [root@bogon] # docker pull centos7-node2. Local/development/httpd:1.21.2: Pulling from development/httpdDigest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5Status: Downloaded newer image for centos7-node2.local/development/httpd:1.2 [root@bogon ~] # docker pull centos7-node2.local/development/httpd:1.31.3: Pulling from development/httpdDigest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5Status: Downloaded newer image for centos7-node2.local/development/httpd:1.3 [root@bogon ~] # docker pull centos7-node2.local/development/httpd:1.41.4: Pulling from development/ HttpdDigest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5Status: Downloaded newer image for centos7-node2.local/development/httpd:1.4 [root@bogon ~] # docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEhttpd 1.1 bbffcf779dd4 2 weeks ago 264MBcentos7-node2.local/development/httpd 1.2 bbffcf779dd4 2 weeks ago 264MBcentos7-node2.local/development/httpd 1.3 bbffcf779dd4 2 weeks ago 264MBcentos7-node2.local/development/httpd 1.4 bbffcf779dd4 2 weeks ago 264MB

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.