环境准备
-
配置Docker私服
安装
如果有历史版本,删除:
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
删除依赖:
yum remove -y yum-utils \
device-mapper-persistent-data \
lvm2
安装依赖:
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
设置stable仓库
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
安装社区版
sudo dnf install --nobest -y docker-ce-18.09.1-3.el7 docker-ce-cli-18.09.1-3.el7 containerd.io
#sudo yum install docker-ce docker-ce-cli containerd.io
生成一个可执行jar包
-
Hello.java
public class Hello { public static void main(String[] args) { System.out.println("Hello World!"); } }
-
build.gradle
plugins { id 'java' } group 'com.yan' version '1.0-SNAPSHOT' sourceCompatibility = 1.8 repositories { mavenCentral() } dependencies { testCompile group: 'junit', name: 'junit', version: '4.12' } tasks.withType(Jar) { manifest { attributes 'Main-Class': 'Hello' } }
-
执行
gradle build
生成可执行jar包
将jar包上传至Linux机器
[外链图片转存失败(img-hr90BhWo-1564288089750)(http://pqu2vhhw1.bkt.clouddn.com/blog/20190506/B5TqNi6aVBLK.png?imageslim)]
登陆私服
docker login --username=admin --password=admin123 192.168.196.196:18080
此时会出现错误
INFO[0000] Error logging in to v2 endpoint, trying next endpoint: Get https://192.168.196.196:18080/v2/: x509: certificate is valid for 127.0.0.1, not 192.168.196.196
INFO[0000] Error logging in to v1 endpoint, trying next endpoint: Get https://192.168.196.196:18080/v1/users/: x509: certificate is valid for 127.0.0.1, not 192.168.196.196
Get https://192.168.196.196:18080/v1/users/: x509: certificate is valid for 127.0.0.1, not 192.168.196.196
这是因为在生成证书的时候的地址写的是本机,也就是127.0.0.1
,而现实中docker客户端和私服不一定在一个机器上,因此重新使用IP或域名生成证书并重启Nexus。
重新登录报错如下:
[root@localhost bin]# docker login --username=admin --password=admin123 192.168.196.196:18080
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
INFO[0000] Error logging in to v2 endpoint, trying next endpoint: Get https://192.168.196.196:18080/v2/: x509: certificate signed by unknown authority
INFO[0000] Error logging in to v1 endpoint, trying next endpoint: Get https://192.168.196.196:18080/v1/users/: x509: certificate signed by unknown authority
Get https://192.168.196.196:18080/v1/users/: x509: certificate signed by unknown authority
这是因为私服不受信任,将私服地址设置为信任即可,由于目前docker版本直接做成了服务,所以,直接编辑其服务文件即可:
首先,查看服务状态systemctl status docker
:
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2019-05-09 20:34:14 CST; 2s ago
Docs: https://docs.docker.com
Main PID: 10703 (dockerd)
Tasks: 12
Memory: 115.2M
CGroup: /system.slice/docker.service
└─10703 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
5月 09 20:34:12 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:12.868837252+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChan...dule=grpc
5月 09 20:34:12 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:12.870357240+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChan...dule=grpc
5月 09 20:34:12 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:12.908366836+08:00" level=info msg="Graph migration to content-addressability... seconds"
5月 09 20:34:12 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:12.910649904+08:00" level=info msg="Loading containers: start."
5月 09 20:34:13 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:13.398820820+08:00" level=info msg="Default bridge (docker0) is assigned with... address"
5月 09 20:34:13 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:13.714647551+08:00" level=info msg="Loading containers: done."
5月 09 20:34:13 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:13.972128433+08:00" level=info msg="Docker daemon" commit=e8ff056 graphdriver...n=18.09.5
5月 09 20:34:13 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:13.972782738+08:00" level=info msg="Daemon has completed initialization"
5月 09 20:34:14 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:14.000438014+08:00" level=info msg="API listen on /var/run/docker.sock"
5月 09 20:34:14 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
得知其service/usr/lib/systemd/system/docker.service
文件位置及启动命令/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
。
编辑service文件
vim /usr/lib/systemd/system/docker.service
在启动命令后面追加--insecure-registry 192.168.196.96:18080
,重新登录即可。
还有一位大神分享了另一种比较复杂的方式,参考部署私有Docker Registry
本人也根据此文成功部署,相关记录博客:CentOS7安装Docker-Registry
Docker生成镜像并推送至私服
编写Dockerfile
vim /usr/local/share/Dockerfile
FROM openjdk:8-jre
MAINTAINER yanwei
ENV JAVA_OPTS="-Xms128M -Xmx128M"
COPY *.jar images/app.jar
ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -jar images/app.jar" ]
构建生成镜像
docker build -t hello-demo /usr/local/share
运行
docker run hello-demo
推送至私服
docker push hello-demo