docker非常重要,今天我们来实现对它的搭建
docker安装部署
这里我们采取从阿里云镜像下载,国内标杆的速度还是可以相信的。
centos7环境下安装
# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce
# Step 4: 开启Docker服务
sudo systemctl start docker
# 注意:
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# yum list docker-ce.x86_64 --showduplicates | sort -r
# Loading mirror speeds from cached hostfile
# Loaded plugins: branch, fastestmirror, langpacks
# docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
# docker-ce.x86_64 17.03.1.ce-1.el7.centos @docker-ce-stable
# docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
# Available Packages
# Step2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.0.ce.1-1.el7.centos)
# sudo yum -y install docker-ce-[VERSION]
这里我们安装 docker-ce-18.09.9 版本
yum install docker-ce-18.09.9 docker-ce-cli-18.09.9 containerd.io -y
查看信息
[root@master1 ~]# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.09.9
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 72cec4be58a9eb6b2910f5d10f1c01ca47d231c0
runc version: N/A
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.42.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.638GiB
Name: master1
ID: LMUO:P3LI:NOPD:RNMA:7ZRY:O7I7:VTDA:L67E:245C:F7VV:IZKK:OKOD
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
harbor.k8s.local
127.0.0.0/8
Registry Mirrors:
https://ot2k4d59.mirror.aliyuncs.com/
Live Restore Enabled: false
Product License: Community Engine
到这里我们docker的安装就完成了
接下来我们需要弄清楚docker应该如何使用
基本操作
拉取镜像,本地没有会默认从docker源下载最新版的(可指定版本如nginx:1.7.9)
[root@master1 ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
3cb635b06aa2: Pull complete
Digest: sha256:b5cfd4befc119a590ca1a81d6bb0fa1fb19f1fbebd0397f25fae164abe1e8a6a
Status: Downloaded newer image for busybox:latest
#查看是否有镜像
[root@master1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 2 weeks ago 1.24MB
#搜寻镜像
[root@master1 ~]# docker search yakexi007
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
yakexi007/game2048 0
yakexi007/mario 0
yakexi007/nginx 0
yakexi007/base-debian10 0
这里我们以yakexi007/game2048 为例
[root@master1 sysctl.d]# docker pull yakexi007/game2048
Using default tag: latest
latest: Pulling from yakexi007/game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for yakexi007/game2048:latest
#镜像拉取成功后,查看镜像的构建历史
可以知道容器暴露的端口为80、443 而我们本机暴露的端口为80
[root@master1 sysctl.d]# docker history yakexi007/game2048
IMAGE CREATED CREATED BY SIZE COMMENT
19299002fdbe 5 years ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "sed … 0B
<missing> 5 years ago /bin/sh -c #(nop) EXPOSE 80/tcp 0B
<missing> 5 years ago /bin/sh -c #(nop) COPY dir:cb74e9c037a3d501c… 600kB
<missing> 5 years ago /bin/sh -c #(nop) MAINTAINER Golfen Guo <go… 0B
<missing> 5 years ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
<missing> 5 years ago /bin/sh -c #(nop) EXPOSE 443/tcp 80/tcp 0B
<missing> 5 years ago /bin/sh -c #(nop) COPY file:d15ceb73c6ea776c… 1.1kB
<missing> 5 years ago /bin/sh -c #(nop) COPY file:af94db45bb7e4b8f… 643B
<missing> 5 years ago /bin/sh -c GPG_KEYS=B0F4253373F8F6F510D42178… 50.1MB
<missing> 5 years ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.11.7 0B
<missing> 5 years ago /bin/sh -c #(nop) MAINTAINER NGINX Docker M… 0B
<missing> 5 years ago /bin/sh -c #(nop) ADD file:7afbc23fda8b0b387… 4.8MB
构建容器
-d打入在后台运行
-name 容器名称
-p 80:80 将容器的80端口映射到主机的80端口(前面是主机端口,后面是容器端口这样容器可以访问外网)
最后加上使用的镜像
[root@master1 sysctl.d]# docker run -d --name jeff -p 80:80 yakexi007/game2048
9dacd0208b7716af5dec2bf9a610f0ec8257dc4a96967dcebd70c0313def1631
查看容器是否存在
[root@master1 sysctl.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9dacd0208b77 yakexi007/game2048 "/bin/sh -c 'sed -i …" 45 seconds ago Up 44 seconds 0.0.0.0:80->80/tcp, 443/tcp jeff
成功构建后可以发现访问本机地址直接出现容器镜像内容(一叶知秋容器化技术的过人之处)
[root@master1 ~]# docker pull yakexi007/mario
Using default tag: latest
latest: Pulling from yakexi007/mario
bbe1c4256df3: Pull complete
911d09728ffd: Pull complete
615765bc0d9f: Pull complete
a3ed95caeb02: Pull complete
d3be476df650: Pull complete
11b25b5b7583: Pull complete
Digest: sha256:7758988210dfc2c26d17376171ed8c8e0cb68cb44d9cda06f3382b06304788d9
Status: Downloaded newer image for yakexi007/mario:latest
[root@master1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 2 weeks ago 1.24MB
yakexi007/mario latest 9a35a9e43e8c 6 years ago 198MB
[root@master1 sysctl.d]# docker rm demo 容器正在运行中不能直接删除,除非强制删除
Error response from daemon: You cannot remove a running container 6e79e9773442ad75b66761041cae27ca607de15235ddcbda7ea54a760e05abdb. Stop the container before attempting removal or force remove
[root@master1 sysctl.d]# docker stop demo所以我们先停止容器
demo
[root@master1 sysctl.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@master1 sysctl.d]# docker ps -a 可以查看所有状态的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e79e9773442 yakexi007/mario "python3 -m http.ser…" 36 minutes ago Exited (137) About a minute ago demo
[root@master1 sysctl.d]# docker rm demo
demo
[root@master1 sysctl.d]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
同理搭建了一个带有马里奥镜像的容器(感谢大佬的开源精神)
搭建harbor仓库
首先我们需要从GitHub中下载软件(建议主机下载好再倒入,直接wget下载太慢了)
注意需下载离线版带offline的
下载好后可看见这是一个tgz格式的压缩包文件
-rw-r--r-- 1 root root 612698835 Dec 25 19:58 harbor-offline-installer-v2.4.1.tgz
我们对其解压
[root@master1 ~]# tar zxf harbor-offline-installer-v2.4.1.tgz
[root@master1 ~]# cd harbor/
[root@master1 harbor]# ll
total 601608
-rw-r--r-- 1 root root 3361 Dec 16 12:22 common.sh
-rw-r--r-- 1 root root 616006217 Dec 16 12:23 harbor.v2.4.1.tar.gz
-rw-r--r-- 1 root root 8999 Dec 16 12:22 harbor.yml.tmpl
-rwxr-xr-x 1 root root 2500 Dec 16 12:22 install.sh
-rw-r--r-- 1 root root 11347 Dec 16 12:22 LICENSE
-rwxr-xr-x 1 root root 1881 Dec 16 12:22 prepare
[root@master1 harbor]# mv harbor.yml.tmpl harbor.yml #改文件名为yml标准后缀
为了避坑,接着我们需要去到阿里镜像下载openssl的新版本这里
下载好了后 可提前创建目录
[root@master1 openssl]# ll
total 2184
-rw-r--r-- 1 root root 708281 Dec 25 22:04 openssl11-1.1.1k-2.el7.x86_64.rpm
-rw-r--r-- 1 root root 1524745 Dec 25 22:04 openssl11-libs-1.1.1k-2.el7.x86_64.rpm
[root@master1 openssl]# yum install -y *
下一步
[root@master1 data]# mkdir /data1
[root@master1 data]# cd /data1
[root@master1 data1]# mkdir certs
[root@master1 data1]# ls
certs
[root@master1 data1]# openssl11 req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -addext " subjectAltName = DNS:reg.westos.org" -x509 -days 365 -out certs/westos.org.crt
Generating a RSA private key
................................++++
.............................................++++
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hunan
Locality Name (eg, city) [Default City]:chenzhou
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:reg.westos.org
Email Address []:root@westos.org
[root@master1 data1]#
[root@master1 data1]# ls
certs
[root@master1 data1]# ls certs/
westos.org.crt westos.org.key
接着回到/root/harbor目录
修改harbor.yml
之后我们需要对
[root@master1 harbor]# vim /etc/hosts
做一个映射 将master1对应IP地址 与 reg.westos.org对应
到这里我们的任务还没结束,还需要去到github官网下载一个安装包
https://github.com/docker/compose/releases
[root@master1 ~]# file docker-compose-linux-x86_64 #查看文件类型,是可执行的文件
docker-compose-linux-x86_64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
[root@master1 ~]# mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose #移动到系统默认路径并改名
[root@master1 ~]# chmod +x /usr/local/bin/docker-compose #给文件加上执行权限
[root@master1 ~]# /usr/local/bin/docker-compose
会发现有命令帮助的提示,说明我们安装成功了
终于到了最后一步
root@master1 ~]# cd harbor/
[root@master1 harbor]# ./install.sh #执行安装harbor安装脚本
[Step 0]: checking if docker is installed ...
Note: docker version: 18.09.9
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 2.2.2
[Step 2]: loading Harbor images ...
1e3f0dc884e2: Loading layer [==================================================>] 39.45MB/39.45MB
3fd9ccd5eeaa: Loading layer [==================================================>] 5.275MB/5.275MB
c600bceee2f7: Loading layer [========================
...
...
⠿ Container harbor-jobservice Started 3.8s
⠿ Container nginx Starting 3.8s
Error response from daemon: driver failed programming external connectivity on endpoint nginx (f439b1f2862931b31d66786d76b0447ad767c037963f25e894e829692979672f): Bind for 0.0.0.0:80 failed: port is already allocated
竟然有错误 ps:如果之前没有占用主机的80端口大概是不会出错的
有错误我们就根据报错尝试解决
提示80端口以及被分配了,一想原来是之前搭建了一个容器占用了80端口,把容器stop并rm删除。
再次执行脚本(./install.sh)
看到这个页面说明我们的私有仓库就搭建成功了
完结
选择 高级–
登录 用户名为admin
密码为harbor.yml中设定的westos
到这里我们就搭建完私有仓库了
这里我们还需要做一个证书的认证
[root@master1 reg.westos.org]# cp /data1/certs/westos.org.crt ca.crt
[root@master1 reg.westos.org]# mkdir -p /etc/docker/certs.d/reg.westos.org
[root@master1 reg.westos.org]# docker push reg.westos.org/library/nginx
The push refers to repository [reg.westos.org/library/nginx]
5f70bf18a086: Preparing
4b26ab29a475: Preparing
ccb1d68e3fb7: Preparing
e387107e2065: Preparing
63bf84221cce: Preparing
e02dce553481: Waiting
dea2e4984e29: Waiting
unauthorized: unauthorized to access repository: library/nginx, action: push: unauthorized to access repository: library/nginx, action: push
这里提示访问库没收授权,我们再做一个登录
[root@master1 reg.westos.org]# docker login reg.westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
再次上传 成功~
[root@master1 reg.westos.org]# docker push reg.westos.org/library/nginx
The push refers to repository [reg.westos.org/library/nginx]
5f70bf18a086: Pushed
4b26ab29a475: Pushed
ccb1d68e3fb7: Pushed
e387107e2065: Pushed
63bf84221cce: Pushed
e02dce553481: Pushed
dea2e4984e29: Pushed
latest: digest: sha256:b1f5935eb2e9e2ae89c0b3e2e148c19068d91ca502e857052f14db230443e4c2 size: 3012
实践
这里我们用主机来实践私有仓库
[root@master1 reg.westos.org]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest f6987c8d6ed5 6 days ago 141MB
goharbor/harbor-exporter v2.4.1 0ee361b5454a 11 days ago 82.7MB
goharbor/chartmuseum-photon v2.4.1 337a9d03b197 11 days ago 174MB
goharbor/redis-photon v2.4.1 2bbe19b8cc5d 11 days ago 156MB
...
**reg.westos.org/library/nginx latest 84581e99d807 6 years ago 91.7MB**
#我们把上传到私有仓库的镜像在本地删除了
[root@master1 reg.westos.org]# docker rmi reg.westos.org/library/nginx
Untagged: reg.westos.org/library/nginx:latest
Untagged: reg.westos.org/library/nginx@sha256:b1f5935eb2e9e2ae89c0b3e2e148c19068d91ca502e857052f14db230443e4c2
#然后尝试从私有仓库拉取 成功了 说明我们的私有仓库是ok的
[root@master1 reg.westos.org]# docker pull reg.westos.org/library/nginx
Using default tag: latest
latest: Pulling from library/nginx
Digest: sha256:b1f5935eb2e9e2ae89c0b3e2e148c19068d91ca502e857052f14db230443e4c2
Status: Downloaded newer image for reg.westos.org/library/nginx:latest
看日志是也是有记录的
加油干饭人