docker-compose
一、概述
Compose 是用于定义和运行多容器 Docker 应用程序的工具。通过 Compose,您可以使用 YML 文件来配置应用程序需要的所有服务。然后,使用一个命令,就可以从 YML 文件配置中创建并启动所有服务。
二、使用方法
- 安装
curl -L https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
- 授予执行权限
chmod +x /usr/local/bin/docker-compose
- 查看版本号
docker-compose version
- 创建部署文件
cat > wordpress.yml <<EOF
version: "3"
services:
mysql:
image: mysql:5.6
ports:
- "3306:3306"
environment:
- "MYSQL_ROOT_PASSWORD=123456"
- "MYSQL_PASSWORD=123456"
- "MYSQL_USER=tom"
- "MYSQL_DATABASE=wordpress"
wordpress:
image: wordpress
ports:
- "80:80"
environment:
- "WORDPRESS_DB_NAME=wordpress"
- "WORDPRESS_DB_USER=tom"
- "WORDPRESS_DB_PASSWORD=123456"
- "WORDPRESS_DB_HOST=mysql"
EOF
- 部署程序
docker-compose -f wordpress.yml up -d
- 启动程序
docker-compose -f wordpress.yml start
- 停止程序
docker-compose -f wordpress.yml stop
- 删除程序
docker-compose -f wordpress.yml down
Harbor
harbor是VMware公司开源的一个docker镜像管理项目,它包括权限管理、日志审核、自我注册、镜像复制等功能。
官方网站:https://goharbor.io/
创建证书
可以根据官方的指引操作创建自签名证书
- 生成 CA 证书
mkdir -p /opt/harbor/cert && cd /opt/harbor/cert
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=192.168.129.131" \
-key ca.key \
-out ca.crt
- 生成服务器证书
openssl genrsa -out 192.168.129.131.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=192.168.129.131" \
-key 192.168.129.131.key \
-out 192.168.129.131.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=192.168.129.131
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in 192.168.129.131.csr \
-out 192.168.129.131.crt
安装步骤
- 下载安装文件
在此连接下载Harbor的安装文件:https://github.com/goharbor/harbor/releases
wget https://github.com/goharbor/harbor/releases/download/v2.9.1/harbor-online-installer-v2.9.1.tgz
tar zxvf harbor-online-installer-v2.9.1.tgz -C /opt/
- 准备配置文件
cd /opt/harbor
cp harbor.yml.tmpl harbor.yml
- 编辑配置文件
# 修改主机名
sed -i 's/reg.mydomain.com/192.168.129.131/g' harbor.yml
# 修改证书配置
sed -i 's$/your/certificate/path$/opt/harbor/cert/192.168.129.131.crt$g' harbor.yml
sed -i 's$/your/private/key/path$/opt/harbor/cert/192.168.129.131.key$g' harbor.yml
# 修改管理员密码
sed -i 's/Harbor12345/W4rI6rKmglnCTB1/g' harbor.yml
- 执行安装脚本
./install.sh
- 给配置文件目录授权(此操作在openEuler中需要执行,否则容器会因权限问题无法启动)
chown 10000:10000 common -R
- 重启程序
docker-compose restart
- 查看程序状态
[root@localhost harbor]# docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
harbor-core goharbor/harbor-core:v2.9.1 "/harbor/entrypoint.…" core About an hour ago Up 12 minutes (healthy)
harbor-db goharbor/harbor-db:v2.9.1 "/docker-entrypoint.…" postgresql About an hour ago Up 12 minutes (healthy)
harbor-jobservice goharbor/harbor-jobservice:v2.9.1 "/harbor/entrypoint.…" jobservice About an hour ago Up 12 minutes (healthy)
harbor-log goharbor/harbor-log:v2.9.1 "/bin/sh -c /usr/loc…" log About an hour ago Up 12 minutes (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal goharbor/harbor-portal:v2.9.1 "nginx -g 'daemon of…" portal About an hour ago Up 12 minutes (healthy)
nginx goharbor/nginx-photon:v2.9.1 "nginx -g 'daemon of…" proxy About an hour ago Up 12 minutes (healthy) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp
redis goharbor/redis-photon:v2.9.1 "redis-server /etc/r…" redis About an hour ago Up 12 minutes (healthy)
registry goharbor/registry-photon:v2.9.1 "/home/harbor/entryp…" registry About an hour ago Up 12 minutes (healthy)
registryctl goharbor/harbor-registryctl:v2.9.1 "/home/harbor/start.…" registryctl About an hour ago Up 12 minutes (healthy)
trivy-adapter goharbor/trivy-adapter-photon:v2.9.1 "/home/scanner/entry…" trivy-adapter About an hour ago Up 12 minutes (healthy)
修改docker的证书
- 将之前创建的证书转换下格式
openssl x509 -inform PEM -in 192.168.129.131.crt -out 192.168.129.131.cert
- 将证书移动到docker的目录下
cp 192.168.129.131.cert /etc/docker/certs.d/192.168.129.131/
cp 192.168.129.131.key /etc/docker/certs.d/192.168.129.131/
cp ca.crt /etc/docker/certs.d/192.168.129.131/
- 重启docker
systemctl restart docker
使用方式
访问192.168.129.131,进入登陆页面
登陆后跳转到主界面
创建一个新项目
创建机器人账号,仅授予拉取和推送权限,并在随后弹出的窗口复制账号的密码
配置docker登陆私有仓库
[root@localhost ~]# docker login 192.168.129.131
Username: robot$test+testbot
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
将镜像打标签并推送到Harbor中
[root@localhost ~]# docker tag nginx:1.23.2 192.168.129.131/test/nginx:1.23.2
[root@localhost ~]# docker push 192.168.129.131/test/nginx:1.23.2
The push refers to repository [192.168.129.131/test/nginx]
7b72d5d921cb: Pushed
aa3739f310f5: Pushed
6906edffc609: Pushed
f88642d922a1: Pushed
2842e5d66803: Pushed
b5ebffba54d3: Pushed
1.23.2: digest: sha256:d5e4095bb4bcd2c40d6aba552f9ea66aacb1d0a5137a521dc6b0503b40b08921 size: 1570
在Harbor中查看推送的镜像