Docker私服及docker初体验

环境准备

  1. VMware上安装CentOS7

  2. CentOS7下安装Nexus私服及基础配置

  3. 配置Docker私服

安装

如果有历史版本,删除:

sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine

删除依赖:

yum remove -y yum-utils \
   device-mapper-persistent-data \
   lvm2

安装依赖:

sudo yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2

设置stable仓库

sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

安装社区版

sudo dnf install --nobest -y  docker-ce-18.09.1-3.el7 docker-ce-cli-18.09.1-3.el7 containerd.io
#sudo yum install docker-ce docker-ce-cli containerd.io

生成一个可执行jar包

  1. Hello.java

    public class Hello {
        public static void main(String[] args) {
            System.out.println("Hello World!");
        }
    }
    
  2. build.gradle

    plugins {
        id 'java'
    }
    
    group 'com.yan'
    version '1.0-SNAPSHOT'
    
    sourceCompatibility = 1.8
    
    repositories {
        mavenCentral()
    }
    
    dependencies {
        testCompile group: 'junit', name: 'junit', version: '4.12'
    }
    
    tasks.withType(Jar) {
        manifest {
            attributes 'Main-Class': 'Hello'
        }
    }
    
  3. 执行gradle build生成可执行jar包

将jar包上传至Linux机器

[外链图片转存失败(img-hr90BhWo-1564288089750)(http://pqu2vhhw1.bkt.clouddn.com/blog/20190506/B5TqNi6aVBLK.png?imageslim)]

登陆私服

docker login --username=admin --password=admin123 192.168.196.196:18080

此时会出现错误

INFO[0000] Error logging in to v2 endpoint, trying next endpoint: Get https://192.168.196.196:18080/v2/: x509: certificate is valid for 127.0.0.1, not 192.168.196.196 
INFO[0000] Error logging in to v1 endpoint, trying next endpoint: Get https://192.168.196.196:18080/v1/users/: x509: certificate is valid for 127.0.0.1, not 192.168.196.196 
Get https://192.168.196.196:18080/v1/users/: x509: certificate is valid for 127.0.0.1, not 192.168.196.196

这是因为在生成证书的时候的地址写的是本机,也就是127.0.0.1,而现实中docker客户端和私服不一定在一个机器上,因此重新使用IP或域名生成证书并重启Nexus。

重新登录报错如下:

[root@localhost bin]# docker login --username=admin --password=admin123 192.168.196.196:18080
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
INFO[0000] Error logging in to v2 endpoint, trying next endpoint: Get https://192.168.196.196:18080/v2/: x509: certificate signed by unknown authority 
INFO[0000] Error logging in to v1 endpoint, trying next endpoint: Get https://192.168.196.196:18080/v1/users/: x509: certificate signed by unknown authority 
Get https://192.168.196.196:18080/v1/users/: x509: certificate signed by unknown authority

这是因为私服不受信任,将私服地址设置为信任即可,由于目前docker版本直接做成了服务,所以,直接编辑其服务文件即可:

首先,查看服务状态systemctl status docker

● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since 四 2019-05-09 20:34:14 CST; 2s ago
     Docs: https://docs.docker.com
 Main PID: 10703 (dockerd)
    Tasks: 12
   Memory: 115.2M
   CGroup: /system.slice/docker.service
           └─10703 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

5月 09 20:34:12 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:12.868837252+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChan...dule=grpc
5月 09 20:34:12 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:12.870357240+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChan...dule=grpc
5月 09 20:34:12 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:12.908366836+08:00" level=info msg="Graph migration to content-addressability... seconds"
5月 09 20:34:12 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:12.910649904+08:00" level=info msg="Loading containers: start."
5月 09 20:34:13 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:13.398820820+08:00" level=info msg="Default bridge (docker0) is assigned with... address"
5月 09 20:34:13 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:13.714647551+08:00" level=info msg="Loading containers: done."
5月 09 20:34:13 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:13.972128433+08:00" level=info msg="Docker daemon" commit=e8ff056 graphdriver...n=18.09.5
5月 09 20:34:13 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:13.972782738+08:00" level=info msg="Daemon has completed initialization"
5月 09 20:34:14 localhost.localdomain dockerd[10703]: time="2019-05-09T20:34:14.000438014+08:00" level=info msg="API listen on /var/run/docker.sock"
5月 09 20:34:14 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.

得知其service/usr/lib/systemd/system/docker.service文件位置及启动命令/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

编辑service文件

vim /usr/lib/systemd/system/docker.service

在启动命令后面追加--insecure-registry 192.168.196.96:18080,重新登录即可。

还有一位大神分享了另一种比较复杂的方式,参考部署私有Docker Registry
本人也根据此文成功部署,相关记录博客:CentOS7安装Docker-Registry

Docker生成镜像并推送至私服

编写Dockerfile

vim /usr/local/share/Dockerfile

FROM openjdk:8-jre
MAINTAINER yanwei
ENV JAVA_OPTS="-Xms128M -Xmx128M"
COPY *.jar images/app.jar
ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS  -jar images/app.jar" ]

构建生成镜像

docker build -t hello-demo /usr/local/share

运行

docker run hello-demo

推送至私服

docker push hello-demo

参考

  1. Get Docker CE for CentOS
  2. docker批量删除容器、镜像
  3. docker push 出现:x509: certificate signed by unknown authority
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值