在Docker中,当我们执行 docker pull xxx 的时候 ,它实际上是从 hub.docker.com 这个地址去查找,这就是 Docker 公司为我们提供的公共仓库。在工作中,我们不可能把企业项目 push 到公有仓库进行管理。所以为了更好的管理镜像,Docker 不仅提供了一个中央仓库,同时也允许我们搭建本地私有仓库。
docker容器镜像仓库分类:
公网仓库:docker hub
私网仓库: registry、harbor
一、registry镜像仓库 1.1、 registry 仓库搭建 搭建步骤
拉取 registry 容器镜像
创建 registry 仓库容器
测试容器应用
搭建过程
b、创建registry仓库容器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 1、创建持久化存储,将容器镜像存储目录/var/lib/registry挂载到本地/opt/myregistry下: mkdir /opt/myregistry 2、创建 registry 容器: docker run -d -p 5000:5000 -v /opt/myregistry:/var/lib/registry --restart=always registry:latest 3、查看容器是否运行 docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6b20b55fe6f8 registry:latest "/entrypoint.sh /etc…" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp busy_mclean
c、测试容器应用
1 2 3 4 [root@test_manage01 ~]# curl http://192.168.1.150:5000/v2/_catalog {"repositories":[]} 显示仓库中没有任何镜像
1.2、registry仓库应用-上传镜像 上传镜像步骤
设置docker仓库为registry本地仓库
给需要存储的镜像打tag
上传镜像到registry仓库
演示案例
将baishuming2020/centos_nginx:latest上传到仓库
查看当前本地镜像
1 2 3 4 5 6 [root@test_manage01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE baishuming2020/centos_nginx latest bcd9f28f6126 33 minutes ago 447MB baishuming2020/centos_8_base latest 3e9f682f8459 47 minutes ago 200MB centos latest 0f3e07c0138f 6 weeks ago 220MB registry latest f32a97de94e1 8 months ago 25.8MB
a、设置docker仓库为registry本地仓库
1 2 3 4 5 6 7 8 9 10 11 12 13 14 #1、修改docker进程启动文件,修改其启动方式,目的是为了让通过docker配置文件启动 [root@test_manage01 ~]# sed -i.bak '/^ExecStart=/c\ExecStart=\/usr\/bin\/dockerd' /usr/lib/systemd/system/docker.service #2、设置docker 守护进程的配置文件 /etc/docker/daemon.json,默认没有该文件 [root@test_manage01 ~]# cat /etc/docker/daemon.json { "insecure-registries": ["http://192.168.1.150:5000"] } insecure-registries 指定非安全的仓库地址,多个用逗号隔开 #3、重启docker生效配置文件 [root@test_manage01 ~]# systemctl daemon-reload [root@test_manage01 ~]# systemctl restart docker
b、给需要存储的镜像打tag
1 2 3 4 5 6 7 8 9 [root@test_manage01 ~]# docker tag baishuming2020/centos_nginx:latest 192.168.1.150:5000/centos_nginx:v1 [root@test_manage01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.98.240:5000/centos_nginx v1 bcd9f28f6126 45 minutes ago 447MB baishuming2020/centos_nginx latest bcd9f28f6126 45 minutes ago 447MB baishuming2020/centos_8_base latest 3e9f682f8459 59 minutes ago 200MB centos latest 0f3e07c0138f 6 weeks ago 220MB registry latest f32a97de94e1 8 months ago 25.8MB
c、上传镜像到registry仓库
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 #1、上传镜像 [root@test_manage01 ~]# docker push 192.168.98.240:5000/centos_nginx:v1 The push refers to repository [192.168.98.240:5000/centos_nginx] 1da799aaf1ec: Pushed f598357997c6: Pushed 630012d2d35b: Pushed 4dcde7ab808a: Pushed 64dc1b92ebb6: Pushed 7db2133dafb9: Pushed fd05189e6e81: Pushed ee645629aa71: Pushed v1: digest: sha256:507a5ad9dd5771cdf461a6fa24c3fff6ea9eabd6945abf03e9264d3130fe816b size: 1996 #2、查看上传 [root@test_manage01 ~]# curl http://192.168.98.240:5000/v2/_catalog {"repositories":["centos_nginx"]} #查看存储文件夹 [root@test_manage01 ~]# ls /opt/docker_repos/docker/registry/v2/repositories/centos_nginx/ _layers _manifests _uploads
1.3、 registry仓库应用-客户端下载镜像
设置客户端docker仓库为registry仓库
拉取镜像到本地
演示案例
要求192.168.98.241[hostname:test_node1]机器的容器可以下载registry仓库中的镜像
a、设置192.168.1.151[hostname:test_node1]机器的docker仓库为registry仓库
1 2 3 4 5 6 7 8 #1、设置docker启动文件 [root@test_node1 ~]# sed -i.bak '/^ExecStart=/c\ExecStart=\/usr\/bin\/dockerd' /usr/lib/systemd/system/docker.service #2、设置docker配置文件 [root@test_node1 ~]# cat /etc/docker/daemon.json { "insecure-registries": ["http://192.168.1.150:5000"] }
b、下载镜像
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [root@test_node1 ~]# docker pull 192.168.1.150:5000/centos_nginx:v1 v1: Pulling from centos_nginx dcd04d454f16: Pull complete 5cb2e05aa6e1: Pull complete 870634eb98b4: Pull complete 0fae9697ee4b: Pull complete 18ad57cfcecb: Pull complete 64dd6f0d85c1: Pull complete 7178b0b4388e: Pull complete 34de8795cd41: Pull complete Digest: sha256:507a5ad9dd5771cdf461a6fa24c3fff6ea9eabd6945abf03e9264d3130fe816b Status: Downloaded newer image for 192.168.98.240:5000/centos_nginx:v1 192.168.98.240:5000/centos_nginx:v1 #验证下载 [root@test_node1 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.1.150:5000/centos_nginx v1 bcd9f28f6126 4 hours ago 447MB
1.4、registry带basic认证的仓库 实现步骤
安装需要认证的包
创建存放认证信息的文件
创建认证信息
创建带认证的registry容器
指定仓库地址
登录认证
实现过程
1 yum -y install httpd-tools
b、创建存放认证信息的文件
1 mkdir -p /opt/registry-var/auth
c、创建认证信息
1 htpasswd -Bbn test 123456 >> /opt/registry-var/auth/htpasswd
d、创建带认证的registry容器
1 2 3 4 5 6 7 docker run -d -p 10000:5000 --restart=always --name registry \ -v /opt/registry-var/auth:/auth \ -v /opt/myregistry:/var/lib/registry \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ registry:latest
e、指定仓库地址
1 2 3 4 cat /etc/docker/daemon.json { "insecure-registries": ["http://192.168.1.150:5000","http://192.168.1.150:10000"] }
f、登录认证
1 2 3 docker login 192.168.1.150:10000 Username:test Password:123456
二、 harbor镜像仓库 Harbor离线安装包下载地址:https://github.com/goharbor/harbor
docker-compose版本选择:https://github.com/docker/compose/releases
2.1 harbor下载 1 [root@centos8_manage01 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.2-rc1.tgz
2.2 docker-compose安装 容器编排工具,执行./install.sh时需要。如果不安装,一会重启docker服务,相关的harbor容器会死掉,安装后就会被随着docker重启
1 2 curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
2.3 harbor安装 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 [root@centos8_manage01 ~]# tar xf harbor-offline-installer-v1.9.2-rc1.tgz [root@centos8_manage01 ~]# mv harbor /opt/ [root@centos8_manage01 ~]# /opt/harbor/prepare prepare base dir is set to /opt/harbor Unable to find image 'goharbor/prepare:v1.9.2' locally v1.9.2: Pulling from goharbor/prepare b950b5dd94ab: Pull complete cc7bb94ca291: Pull complete d6a642502e65: Pull complete 21510274066b: Pull complete 04998692a2c0: Pull complete ae8f4647fe53: Pull complete cee24c721c12: Pull complete Digest: sha256:a647780bcd7f5fdcc9696332c9bca90f290912ecb41bd15c4c1a516450597bc2 Status: Downloaded newer image for goharbor/prepare:v1.9.2 Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /secret/keys/secretkey Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir 修改配置文件中的主机名为本机域名或IP [root@centos8_manage01 ~]# grep "^hostname" /opt/harbor/harbor.yml hostname: 192.168.98.240 [root@centos8_manage01 ~]# /opt/harbor/install.sh [Step 0]: checking installation environment ... Note: docker version: 19.03.1 /usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version! RequestsDependencyWarning) Note: docker-compose version: 1.24.1 [Step 1]: loading Harbor images ... 6ef530defbe4: Loading layer 63.49MB/63.49MB 55872518448e: Loading layer 54.42MB/54.42MB 070787ce276e: Loading layer 5.632kB/5.632kB 1ddc8ebef7e9: Loading layer 2.048kB/2.048kB 94ec70036213: Loading layer 2.56kB/2.56kB 87f88832870d: Loading layer 2.56kB/2.56kB 208968317bf9: Loading layer 2.56kB/2.56kB ab6259c81a01: Loading layer 10.24kB/10.24kB Loaded image: goharbor/harbor-db:v1.9.2 92e51ca4c459: Loading layer 9.005MB/9.005MB 9e12eb4a5a82: Loading layer 3.072kB/3.072kB 913c064dae30: Loading layer 21.76MB/21.76MB b28cae8255d8: Loading layer 3.072kB/3.072kB 890572f32fd2: Loading layer 8.661MB/8.661MB 6f00be7ade9a: Loading layer 30.42MB/30.42MB Loaded image: goharbor/harbor-registryctl:v1.9.2 51bada9a03ba: Loading layer 78.25MB/78.25MB bdd423614a28: Loading layer 3.072kB/3.072kB e44c809a7328: Loading layer 59.9kB/59.9kB 07d91c85aa68: Loading layer 61.95kB/61.95kB Loaded image: goharbor/redis-photon:v1.9.2 e0a372c4d5d3: Loading layer 10.84MB/10.84MB Loaded image: goharbor/nginx-photon:v1.9.2 99f324455426: Loading layer 115.7MB/115.7MB dbde533bd1f2: Loading layer 12.29MB/12.29MB 32adabde1b24: Loading layer 2.048kB/2.048kB cdedbb7b738d: Loading layer 48.13kB/48.13kB 60eb6ca8f5f9: Loading layer 3.072kB/3.072kB 05fadada21a7: Loading layer 12.34MB/12.34MB Loaded image: goharbor/clair-photon:v2.0.9-v1.9.2 fbe05936a49e: Loading layer 12.77MB/12.77MB 8dc691e9365f: Loading layer 55.38MB/55.38MB c83233ecc176: Loading layer 5.632kB/5.632kB de775c6f50f5: Loading layer 36.35kB/36.35kB 525709237f01: Loading layer 55.38MB/55.38MB Loaded image: goharbor/harbor-core:v1.9.2 734abd864add: Loading layer 12.77MB/12.77MB 74033d37bf08: Loading layer 48.13MB/48.13MB Loaded image: goharbor/harbor-jobservice:v1.9.2 6677f529d41e: Loading layer 9.005MB/9.005MB 019a95ff5e80: Loading layer 3.072kB/3.072kB 4b3792cedc69: Loading layer 2.56kB/2.56kB 274f5851694b: Loading layer 21.76MB/21.76MB 68e937b2af9e: Loading layer 21.76MB/21.76MB Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.9.2 Loaded image: goharbor/prepare:v1.9.2 0566b1894f2e: Loading layer 9.009MB/9.009MB b99c86e48679: Loading layer 44.41MB/44.41MB 283ba1db5c52: Loading layer 2.048kB/2.048kB 701de676a8f6: Loading layer 3.072kB/3.072kB c923d0b0255c: Loading layer 44.41MB/44.41MB Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.9.2 ef4a961407c7: Loading layer 9.004MB/9.004MB 7cf94e5011b7: Loading layer 6.239MB/6.239MB 5c984b34ecb2: Loading layer 16.4MB/16.4MB f06fb877e324: Loading layer 29.21MB/29.21MB ae07ec384ebd: Loading layer 22.02kB/22.02kB 864698f2b94d: Loading layer 51.85MB/51.85MB Loaded image: goharbor/notary-server-photon:v0.6.1-v1.9.2 c953b6400a8b: Loading layer 50.3MB/50.3MB 2ee784d17d84: Loading layer 3.584kB/3.584kB c71f6b26fd01: Loading layer 3.072kB/3.072kB bb6389098841: Loading layer 2.56kB/2.56kB b63da553de9f: Loading layer 3.072kB/3.072kB 62a479d14974: Loading layer 3.584kB/3.584kB aa3fee5917b8: Loading layer 12.29kB/12.29kB Loaded image: goharbor/harbor-log:v1.9.2 691af8d2c981: Loading layer 14.9MB/14.9MB 7878347ee491: Loading layer 29.21MB/29.21MB 433f16e7c539: Loading layer 22.02kB/22.02kB ad0202306aed: Loading layer 50.34MB/50.34MB Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.9.2 62247cb7cb19: Loading layer 337.8MB/337.8MB d8b748aaf7dd: Loading layer 119.8kB/119.8kB Loaded image: goharbor/harbor-migrator:v1.9.2 d9705202f79f: Loading layer 7.036MB/7.036MB 3fdb77b47894: Loading layer 196.6kB/196.6kB 8901bb1db41e: Loading layer 172kB/172kB baf9307d1844: Loading layer 15.36kB/15.36kB 1dcfba9b1bd1: Loading layer 3.584kB/3.584kB 90a90fef2f80: Loading layer 10.84MB/10.84MB Loaded image: goharbor/harbor-portal:v1.9.2 [Step 2]: preparing environment ... prepare base dir is set to /opt/harbor Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir /usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version! RequestsDependencyWarning) [Step 3]: starting Harbor ... /usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version! RequestsDependencyWarning) Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-portal ... done Creating redis ... done Creating registryctl ... done Creating registry ... done Creating harbor-db ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://192.168.98.240. For more details, please visit https://github.com/goharbor/harbor .
2.4 docker设置仓库为harbor 1 2 3 4 5 6 7 8 9 10 1、docker服务启动文件 #ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock 注释或者将[-H fd:// --containerd=/run/containerd/containerd.sock]删除 ExecStart=/usr/bin/dockerd 这样做的目的是让daemon.json管理docker进程 2、创建docker守护进程配置文件 [root@centos8_manage01 harbor]# cat /etc/docker/daemon.json { "insecure-registries": ["http://192.168.98.240"] }
2.5 镜像上传到harbor 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 #登陆harbor [root@centos8_manage01 harbor]# docker login http://192.168.98.240 -u admin -p Harbor12345 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #修改镜像name:tag为harbor仓库名 [root@centos8_manage01 harbor]# docker tag baishuming2020:latest 192.168.98.240/library/centos_web:v1 #上传镜像 [root@centos8_manage01 harbor]# docker push 192.168.98.240/library/centos_web:v1 The push refers to repository [192.168.98.240/library/centos_web] 968786242e9d: Pushed v1: digest: sha256:d204253a33c6c2c74273fbd003cf3e14a48bcdd5c7bc10f51ccbad9e4dd39699 size: 528
常见问题 docker-compose命令无法使用
1 Supported filenames: docker-compose.yml, docker-compose.yaml
原因: 当前目录没有配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 正确执行路径 harbor安装目录 [root@centos8_manage01 harbor]# docker-compose ps Name Command State Ports ----------------------------------------------------------------------------------------- harbor-core /harbor/harbor_core Up harbor-db /docker-entrypoint.sh Up 5432/tcp harbor-jobservice /harbor/harbor_jobservice ... Up harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up 8080/tcp nginx nginx -g daemon off; Up 0.0.0.0:80->8080/tcp redis redis-server /etc/redis.conf Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up 5000/tcp registryctl /harbor/start.sh Exit 137