Docker Harbor

Docker坑 启动

https://www.jianshu.com/p/93518610eea1

 

Docker镜像下载慢的问题

配置完 数据源 需要重启docker 

https://blog.csdn.net/zhengchaooo/article/details/80566722

Docker 拉取镜像报错

 

https://segmentfault.com/a/1190000016083023?utm_source=tag-newest

其他概括

  docker: 容器  www.docker.com
  image: 镜像 ,存储状态  不可修改
  container: 单进程，运行状态 可修改

   mage可以理解为一个系统镜像 (centos.iso)，
   container是image的在运行时的一个状态。

安装yum源
  yum install -y yum-utils
yum-config-manager --add-repo http://download.docker.com/linux/centos/docker-ce.repo
yum源路径 
  cd /etc/yum.repos.d/
设置缓存
[root@hadoop002 yum.repos.d]# yum makecache

移除历史docker

首先查看Docker版本
# yum list installed | grep docker
docker-ce.x86_64  18.05.0.ce-3.el7.centos @docker-ce-edge
 
执行卸载
# yum -y remove docker-ce.x86_64
 
删除存储目录
 
# rm -rf /etc/docker
# rm -rf /run/docker
# rm -rf /var/lib/dockershim
# rm -rf /var/lib/docker

如果发现删除不掉，需要先 umount，如
# umount /var/lib/docker/devicemapper

https://docs.docker.com/install/linux/docker-ce/centos/

查看Docker状态

service docker status
systemctl status  docker

service docker status 只能查看一个组件的状态
service sshd status

systemctl status  docker sshd 可以同时查看多个组件状态

[root@docker001 ~]# docker run hello-world

Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete 
Digest: sha256:2557e3c07ed1e38f26e389462d03ed943586f744621577a99efb77324b0fe535
Status: Downloaded newer image for hello-world:latest

这时，已经下载完成，开始运行image为一个container 进程
Hello from Docker!
输出一句话

This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

[root@docker001 ~]# 

docker pull jwilder/nginx-proxy

docker \
run -d \
-p 80:80 \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy

[root@docker001 ~]# docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED              STATUS              PORTS                NAMES
5f193fc172ed        jwilder/nginx-proxy   "/app/docker-entrypo…"   About a minute ago   Up About a minute   0.0.0.0:80->80/tcp   quirky_wescoff
[root@docker001 ~]# 

docker run --name ruozedata-nginx-v1 \
-d -p 801:80 nginx

docker ps 

docker run --name ruozedata-mysql-v1 \
-e MYSQL_ROOT_PASSWORD=123456 \
-d mysql:5.7
[root@docker001 ~]# docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                 NAMES
db7e1b5e4b35        mysql:5.7             "docker-entrypoint.s…"   4 seconds ago       Up 4 seconds        3306/tcp, 33060/tcp   ruozedata-mysql-v1
b12d70d7da18        nginx                 "nginx -g 'daemon of…"   9 minutes ago       Up 9 minutes        0.0.0.0:801->80/tcp   ruozedata-nginx-v1
5f193fc172ed        jwilder/nginx-proxy   "/app/docker-entrypo…"   14 minutes ago      Up 14 minutes       0.0.0.0:80->80/tcp    quirky_wescoff
[root@docker001 ~]# 

运行容器
docker run --name ruozedata-mysql-v2 \
-e MYSQL_ROOT_PASSWORD=123456 \
-p 33061:3306 \
-d mysql:5.7

[root@docker001 ~]# docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                NAMES
37169ea9a8b0        mysql:5.7           "docker-entrypoint.s…"   4 seconds ago       Up 3 seconds        33060/tcp, 0.0.0.0:33061->3306/tcp   ruozedata-mysql-v2
[root@docker001 ~]# 

进入 docker内部
docker exec -it ruozedata-mysql-v2 bash
常用的docker命令
[root@docker001 ~]# docker 

Usage:  docker [OPTIONS] COMMAND

Commands:
   build       Build an image from a Dockerfile
   diff        Inspect changes to files or directories on a container's filesystem
   
   exec        Run a command in a running container
   
   history     Show the history of an image
   images      List images
   kill        Kill one or more running containers
   login       Log in to a Docker registry
   logout      Log out from a Docker registry
   logs        Fetch the logs of a container
   pause       Pause all processes within one or more containers
   port        List port mappings or a specific mapping for the container
   ps          List containers
   pull        Pull an image or a repository from a registry
   push        Push an image or a repository to a registry
   rename      Rename a container
   restart     Restart one or more containers
   rm          Remove one or more containers
   rmi         Remove one or more images
   
   run         Run a command in a new container

   search      Search the Docker Hub for images
   start       Start one or more stopped containers
   stats       Display a live stream of container(s) resource usage statistics
   stop        Stop one or more running containers
   tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
   top         Display the running processes of a container

[root@docker001 ~]# docker top db7e1b5e4b35 
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
systemd+            22950               22917               2                   15:51               ?                   00:00:00            mysqld

一个容器中只有一个进程

[root@docker001 ~]# 

如何企业定制自己的image？

github下载zip包
上传zip包
解压zip
 
制作自己的镜像
docker build -t ruozedata-mysql:5.7 .（当前目录，必须有Dockfile）

 

 

1.部署docker
[root@docker002 ~]# ll
total 41712
-rw-r--r-- 1 root root 42712724 Mar 31 16:03 docker-ce-18.06.1.ce-3.el7.x86_64.rpm
[root@docker002 ~]# yum install ./docker-ce-18.06.1.ce-3.el7.x86_64.rpm
[root@docker002 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@docker002 ~]# systemctl start docker

 2安装部署Harbor

DOCKER hub

VM harbor 港湾  安全 

goharbor.io

1).环境要求
On a Linux host: docker 17.03.0-ce+ and docker-compose 1.10.0+ .
     
 
  
2）.下载docker-compose
     docker-compose  对docker命令的编排
     安装 docker-compose
    curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose  
3）.下载harbor 解压
  wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-online-installer-v1.7.5.tgz
  tar -zxvf harbor-online-installer-v1.7.5.tgz  -C /usr/local/
4）.生产认证文件，配置ssl
https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
    -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=docker001" \
    -key ca.key \
    -out ca.crt
openssl genrsa -out docker001.key 4096
openssl req -sha512 -new \
    -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=docker001" \
    -key docker001.key \
    -out docker001.csr 

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth 
subjectAltName = @alt_names

[alt_names]
DNS.1=docker001
EOF

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in docker001.csr \
    -out docker001.crt

openssl x509 -inform PEM -in docker001.crt -out docker001.cert

cp docker001.cert /etc/docker/certs.d/docker001/
cp docker001.key /etc/docker/certs.d/docker001/
cp ca.crt /etc/docker/certs.d/docker001/
新增机器  拷贝以上三个文件

admin/Harbor12345
配置文件 
   不信任节点

   LDAP

  6.）安装harbor

  7）.浏览器打开 https://docker001/  admin/Harbor12345

 
https://blog.csdn.net/summerxiachen/article/details/82594992
 

3.尝试登陆172.19.48.84
[root@docker002 ~]# docker login 172.19.48.84
Username: jepson
Password: 
Error response from daemon: Get https://172.19.48.84/v2/: x509: cannot validate certificate for 172.19.48.84 because it doesn't contain any IP SANs
[root@docker002 ~]# 

[root@docker002 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.19.48.84 docker001
172.19.48.85 docker002

4.尝试登陆docker001
[root@docker002 ~]# docker login docker001
Username: jepson
Password: 
Error response from daemon: Get https://docker001/v2/: x509: certificate signed by unknown authority

5.认证文件和daemon.json
[root@docker002 ~]# mkdir -p /etc/docker/certs.d/docker001/

传输
[root@docker001 ~]# cd /etc/docker/certs.d/docker001/
[root@docker001 docker001]# ll
total 12
-rw-r--r-- 1 root root 2017 Mar 31 15:13 ca.crt
-rw-r--r-- 1 root root 2045 Mar 31 15:13 docker001.cert
-rw-r--r-- 1 root root 3243 Mar 31 15:13 docker001.key
[root@docker001 docker001]# scp  * 172.19.48.85:/etc/docker/certs.d/docker001/
root@172.19.48.85's password: 
ca.crt                                                     100% 2017     2.0KB/s   00:00    
docker001.cert                                             100% 2045     2.0KB/s   00:00    
docker001.key                                              100% 3243     3.2KB/s   00:00   

[root@docker002 ~]# ll  /etc/docker/certs.d/docker001/
total 12
-rw-r--r-- 1 root root 2017 Mar 31 16:10 ca.crt
-rw-r--r-- 1 root root 2045 Mar 31 16:10 docker001.cert
-rw-r--r-- 1 root root 3243 Mar 31 16:10 docker001.key
[root@docker002 ~]# vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://docker001"],
  "insecure-registries":["172.19.48.84"]

}

6.重启生效，再次登陆

再次登录出现问题 

https://blog.csdn.net/wxb880114/article/details/85703198

 

[root@docker002 ~]# systemctl restart docker
[root@docker002 ~]# docker login docker001
Username: jepson   
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@docker002 ~]# docker login 172.19.48.84
Username: jepson
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

7.查看 docker001和172.19.48.84 都OK
[root@docker002 ~]# cat /root/.docker/config.json
{
        "auths": {
                "172.19.48.84": {
                        "auth": "amVwc29uOlJ1b3plZGF0YTEyMw=="
                },
                "docker001": {
                        "auth": "amVwc29uOlJ1b3plZGF0YTEyMw=="
                }
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/18.06.1-ce (linux)"
        }
}

8.pull镜像
[root@docker002 ~]# docker pull 172.19.48.84/g5private/ruozedatag5:v1
v1: Pulling from g5private/ruozedatag5
27833a3ba0a5: Pull complete 
f30b0de0fe20: Pull complete 
3ec4edcb2e20: Pull complete 
Digest: sha256:796f4d27c079764433cd40ffbee435de369eba4148cc50bfc167ab290bf93496
Status: Downloaded newer image for 172.19.48.84/g5private/ruozedatag5:v1

9.push镜像
[root@docker002 ~]# docker images
REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE
172.19.48.84/g5private/ruozedatag5   v1                  11109979b6fa        24 hours ago        109MB
[root@docker002 ~]# docker tag 172.19.48.84/g5private/ruozedatag5:v1 172.19.48.84/g5private/ruozedatag5:v2

[root@docker002 ~]# docker push 172.19.48.84/g5private/ruozedatag5:v2
The push refers to repository [172.19.48.84/g5private/ruozedatag5]
16fb54cacc34: Layer already exists 
1723fb2f7bd2: Layer already exists 
5dacd731af1b: Layer already exists 
v2: digest: sha256:796f4d27c079764433cd40ffbee435de369eba4148cc50bfc167ab290bf93496 size: 948
[root@docker002 ~]#