Docker实用篇
Docker是一个快速交付应用、运行应用的技术,具备下列优势:
- 可以将程序及其依赖、运行环境包括系统函数库,一起打包为一个镜像,仅依赖系统的Linux内核,可以迁移到任意Linux操作系统
- 运行时利用沙箱机制形成隔离容器,各个应用互不干扰
- 启动、移除都可以通过一行命令完成,方便快捷
安装Docker
[root@test ~]# yum remove docker docker-client docker-client-latest docker-common \
docker-latest docker-latest-logrotate docker-logrotate docker-selinux \
docker-engine-selinux docker-engine docker-ce
[root@test ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 --skip-broken
[root@test ~]# yum-config-manager --add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@test ~]# systemctl stop firewalld
[root@test ~]# yum install -y docker-ce
[root@test ~]# systemctl start docker
[root@test ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2022-03-30 12:58:46 CST; 4s ago
[root@test ~]# docker -v
Docker version 20.10.14, build a224086
docker官方镜像仓库网速较差,我们需要设置国内镜像服务:
参考阿里云的镜像加速文档:https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://n0dwemtq.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
Docker的基本操作
[root@docker ~]# docker --help
Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides
DOCKER_HOST env var and default context set with "docker
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-v, --version Print version information and quit
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")
...
anagement Commands:
app* Docker App (Docker Inc., v0.9.1-beta3)
builder Manage builds
buildx* Docker Buildx (Docker Inc., v0.8.1-docker)
config Manage Docker configs
container Manage containers
context Manage contexts
image Manage images
...
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
[root@docker ~]# docker cp --help
Usage: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
...
[root@docker ~]# docker save --help
Usage: docker save [OPTIONS] IMAGE [IMAGE...]
Save one or more images to a tar archive (streamed to STDOUT by default)
Options:
-o, --output string Write to a file, instead of STDOUT
[root@docker ~]# docker save -o nginx.tar nginx:latest
[root@docker ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 20.10.14
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc version: v1.0.3-0-gf46b6ba
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.777GiB
Name: docker
ID: XXUH:PGD5:VPGA:UGCJ:J5R4:NYWZ:GZUW:WGMM:NDUS:FJDT:D7DS:NEBJ
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://6gy*oqgq.mirror.aliyuncs.com/
Live Restore Enabled: false
常用的命令
docker images 查看本机镜像
docker search 镜像名称 从官方仓库查找镜像
docker pull 镜像名称:标签 下载镜像
docker push 镜像名称:标签 上传镜像
docker save 镜像名称:标签 -o 备份镜像名称.tar 备份(导出)镜像为tar包
docker load -i 备份镜像名称 导入备份的镜像文件
docker rmi 镜像名称:标签 删除镜像(必须先删除该镜像启动的所有容器)
docker history 镜像名称:标签 查看镜像的制作历史
docker inspect 镜像名称:标签 查看镜像的详细信息
docker run --name containerName -p 80:80 -d nginx
docker ps -aq 查看容器 -a 所有容器,包含未启动的,-q 只显示id
docker rm 容器ID -f 删除容器,强制删除,支持命令重入
docker rm -f ${docker ps -aq} 删除所有的容器
docker start|stop|restart 容器id 启动、停止、重启容器
docker cp 本机文件路径 容器id:容器内路径 把本机文件拷贝到容器内(上传)
docker cp 容器id:容器内路径 本机文件路径 把容器内文件拷贝到本机(下载)
docker inspect 容器ID 查看容器的详细信息
docker exec -it 容器id 启动命令 进入容器新的进程,退出后容器不会关闭
docker logs 容器ID
数据卷(容器数据管理)
数据卷操作的基本语法如下:
[root@docker ~]# docker volume --help
Usage: docker volume COMMAND
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove all unused local volumes
rm Remove one or more volumes
① 创建数据卷
[root@docker ~]# docker volume create test-vo
[root@docker ~]# docker volume ls
DRIVER VOLUME NAME
local test-vo
[root@docker ~]# docker volume inspect test-vo
[
{
"CreatedAt": "2022-03-31T12:00:25+08:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/test-vo/_data",
"Name": "test-vo",
"Options": {},
"Scope": "local"
}
]
挂载数据卷到容器内的HTML目录
docker run --name nginx -v test-vo:/usr/share/nginx/html -p 80:80 -d nginx
#如果volmue: test-vo不存在,则自动创建
去DockerHub查阅资料,创建并运行MySQL容器
docker run --name myslq-test -e MYSQL_PASSWOED=123 -p3306:3306 \
-v /tmp/mysql/conf/my1.cnf:/etc/mysql/conf.d/my1.cnf \
-v /tmp/myslq/data:/var/lib/mysql -d myslq:5.7.25
Dockerfile语法
镜像是将应用程序及其需要的系统函数库、环境、配置、依赖、启动脚本打包在一起形成的文件。
1)Dockerfile语法
FROM 基础镜像
RUN 制作镜像时执行的命令,可以有多个
ADD 复制文件到镜像,自动解压
COPY 复制文件到镜像,不解压
EXPOSE 声明开放的端口
ENV 设置容器启动后的环境变量
WORKDIR 定义容器默认工作目录(指定目录等于cd,会自动创建)
CMD 容器启动时执行的命令,仅可以有一条CMD
ENTERPOINT 器启动时执行的命令,会覆盖CMD
2)使用Dockerfile创建镜像制作镜像
docker build -t image:tag Dockerfile所在目录
需求:基于Ubuntu镜像构建一个新镜像,运行一个java项目
# 指定基础镜像
FROM ubuntu:16.04
# 配置环境变量,JDK的安装目录
ENV JAVA_DIR=/usr/local
# 拷贝jdk和java项目的包
COPY ./jdk8.tar.gz $JAVA_DIR/
COPY ./docker-demo.jar /tmp/app.jar
# 安装JDK
RUN cd $JAVA_DIR \
&& tar -xf ./jdk8.tar.gz \
&& mv ./jdk1.8.0_144 ./java8
# 配置环境变量
ENV JAVA_HOME=$JAVA_DIR/java8
ENV PATH=$PATH:$JAVA_HOME/bin
# 暴露端口
EXPOSE 8090
# 入口,java项目的启动命令
ENTRYPOINT java -jar /tmp/app.jar
DockerCompose
Docker Compose可以基于Compose文件帮我们快速的部署分布式应用,实现容器编排。
Compose文件是一个文本文件,通过指令定义集群中的每个容器如何运行。
DockerCompose的详细语法参考官网:https://docs.docker.com/compose/compose-file/
格式如下:
version: "3.8"
services:
//运行mysql设置了环境变量,挂载了目录
mysql:
image: mysql:5.7.25
environment:
MYSQL_ROOT_PASSWORD: 123
volumes:
- "/tmp/mysql/data:/var/lib/mysql"
- "/tmp/mysql/conf/hmy.cnf:/etc/mysql/conf.d/hmy.cnf"
//等于构建镜像后docker run --name web -p 8090:8090 -d build的镜像
web:
build: .
ports:
- "8090:8090"
安装DockerCompose
Linux下需要通过命令下载:
[root@docker ~]# curl -L https://github.com/docker/compose/releases/download/1.23.1/docker-compose-`uname -s`-`uname -m` \
> /usr/local/bin/docker-compose
[root@docker ~]# chmod +x /usr/local/bin/docker-compose
[root@docker ~]# echo "199.232.68.133 raw.githubusercontent.com" >> /etc/hosts
[root@docker ~]# curl -L https://raw.githubusercontent.com/docker/compose/1.29.1/contrib/completion/bash/docker-compose \
> /etc/bash_completion.d/docker-compose
[root@docker ~]# docker-compose -v
docker-compose version 1.29.1, build c34c88b2
[root@docker ~]# docker-compose --help
Define and run multi-container applications with Docker.
Usage:
docker-compose [-f <arg>...] [--profile <name>...] [options] [--] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file
(default: docker-compose.yml)
-p, --project-name NAME Specify an alternate project name
(default: directory name)
--profile NAME Specify a profile to enable
-c, --context NAME Specify a context name
--verbose Show more output
--log-level LEVEL Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
--ansi (never|always|auto) Control when to print ANSI control characters
--no-ansi Do not print ANSI control characters (DEPRECATED)
-v, --version Print version and exit
-H, --host HOST Daemon socket to connect to
--tls Use TLS; implied by --tlsverify
--tlscacert CA_PATH Trust certs signed only by this CA
--tlscert CLIENT_CERT_PATH Path to TLS certificate file
--tlskey TLS_KEY_PATH Path to TLS key file
--tlsverify Use TLS and verify the remote
--skip-hostname-check Don't check the daemon's hostname against the
name specified in the client certificate
--project-directory PATH Specify an alternate working directory
(default: the path of the Compose file)
--compatibility If set, Compose will attempt to convert keys
in v3 files to their non-Swarm equivalent (DEPRECATED)
--env-file PATH Specify an alternate environment file
Commands:
build Build or rebuild services
config Validate and view the Compose file
create Create services
down Stop and remove resources
events Receive real time events from containers
exec Execute a command in a running container
help Get help on a command
images List images
kill Kill containers
logs View output from containers
pause Pause services
port Print the public port for a port binding
ps List containers
pull Pull service images
push Push service images
restart Restart services
rm Remove stopped containers
run Run a one-off command
scale Set number of containers for a service
start Start services
stop Stop services
top Display the running processes
unpause Unpause services
up Create and start containers
version Show version information and quit
部署微服务集群
需求:将cloud-demo微服务集群利用DockerCompose部署
[root@docker cloud-demo]# ls
docker-compose.yml gateway mysql order-service user-service
[root@docker cloud-demo]# tree gateway/
gateway/
├── app.jar
└── Dockerfile
order-service/
├── app.jar
└── Dockerfile
user-service/
├── app.jar
└── Dockerfile
[root@docker cloud-demo]# ls mysql/data/
cloud_user cloud_order
[root@docker cloud-demo]# cat /user-service/Dockerfile
FROM java:8-alpine
COPY ./app.jar /tmp/app.jar
ENTRYPOINT java -jar /tmp/app.jar
[root@docker cloud-demo]# cat docker-compose.yml
version: "3.2"
services:
nacos:
image: nacos/nacos-server
environment:
MODE: standalone
ports:
- "8848:8848"
mysql:
image: mysql:5.7.25
environment:
MYSQL_ROOT_PASSWORD: 123
volumes:
- "$PWD/mysql/data:/var/lib/mysql"
- "$PWD/mysql/conf:/etc/mysql/conf.d/"
userservice:
build: ./user-service
orderservice:
build: ./order-service
gateway:
build: ./gateway
ports:
- "10010:10010"
可以看到,其中包含5个service服务:
nacos:作为注册中心和配置中心image: nacos/nacos-server: 基于nacos/nacos-server镜像构建environment:环境变量MODE: standalone:单点模式启动
ports:端口映射,这里暴露了8848端口
mysql:数据库image: mysql:5.7.25:镜像版本是mysql:5.7.25environment:环境变量MYSQL_ROOT_PASSWORD: 123:设置数据库root账户的密码为123
volumes:数据卷挂载,这里挂载了mysql的data、conf目录,其中有我提前准备好的数据
userservice、orderservice、gateway:都是基于Dockerfile临时构建的
修改微服务配置
因为微服务将来要部署为docker容器,而容器之间互联不是通过IP地址,而是通过容器名。这里我们将order-service、user-service、gateway服务的mysql、nacos地址都修改为基于容器名的访问。
spring:
datasource:
url: jdbc:mysql://mysql:3306/cloud_order?useSSL=false
username: root
password: 123
driver-class-name: com.mysql.jdbc.Driver
application:
name: orderservice
cloud:
nacos:
server-addr: nacos:8848 # nacos服务地址
微服务的打包
Dockerfile中的jar包名称都是app.jar,因此我们的每个微服务都需要用这个名称。
可以通过修改pom.xml中的打包名称来实现,每个微服务都需要修改:
<build>
<!-- 服务打包的最终名称 -->
<finalName>app</finalName>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
进入cloud-demo目录,然后运行下面的命令:
docker-compose up -d
搭建私有镜像仓库
搭建镜像仓库可以基于Docker官方提供的DockerRegistry来实现
简单版
docker run -d --restart=always --name registry -p 5000:5000 \
-v registry-data:/var/lib/registry registry
带有图形化界面版本
使用DockerCompose部署带有图象界面的DockerRegistry
[root@docker ~]# mv registry.yaml compose.yml
version: '3.0'
services:
registry:
image: registry
volumes:
- ./registry-data:/var/lib/registry
ui:
image: joxit/docker-registry-ui:static
ports:
- 8080:80
environment:
- REGISTRY_TITLE=私有仓库
- REGISTRY_URL=http://registry:5000
depends_on:
- registry
私服采用的是http协议,默认不被Docker信任,所以需要做一个配置:
[root@docker cloud-demo]# vi /etc/docker/daemon.json
"insecure-registries":["http://192.168.1.17:8080"],
[root@docker cloud-demo]# systemctl daemon-reload
[root@docker cloud-demo]# systemctl restart docker
[root@docker ~]# docker-compose up -d
Creating root_registry_1 ... done
Creating root_ui_1 ... done
浏览器访问192.168.1.17:8080/,可以看到仓库信息
推送、拉取镜像
重新tag本地镜像,名称前缀为私有仓库的地址:192.168.150.101:8080/
[root@docker ~]# docker tag nginx:latest 192.168.1.17:8080/nginx:1.0
[root@docker ~]# docker push 192.168.1.17:8080/nginx:1.0
[root@docker ~]# docker pull 192.168.1.17:8080/nginx:1.0
浏览器访问192.168.1.17:8080/ 可以看到镜像信息,大小,历史
部署企业私有镜像仓库Habor
1)开启路由转发
[root@harbor ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@harbor ~]# sysctl -p
[root@harbor ~]# yum -y install docker-ce
[root@harbor ~]# systemctl start docker
[root@harbor ~]# systemctl enable docker
2)部署harbor
[root@harbor ~]# mv /root/docker-compose /usr/local/bin/
[root@harbor ~]# chmod +x /usr/local/bin/docker-compose
[root@harbor ~]# tar -xf harbor-offline-installer-v1.2.0.tgz -C /usr/local/
[root@harbor ~]# cd /usr/local/harbor
[rootharbor harbor]# ls
common docker-compose.notary.yml harbor_1_1_0_template harbor.v1.2.0.tar.gz
LICENSE prepare docker-compose.clair.yml docker-compose.yml harbor.cfg
install.sh NOTICE upgrade
3)修改配置文件
#访问harbor管理界面的地址,改为本机的IP地址
[root@harbor harbor]# sed -i '/^hostname/s/reg.mydomain.com/192.168.1.17/' harbor.cfg
[root@harbor harbor]# sed -i '121 s/80:80/8099:80/' docker-compose.yml
#默认是访问80端口,但因为80端口与Nginx集群冲突,故改变访问端口为8099
[root@harbor harbor]#sed -i '24 s/$ui_url/$ui_url:8099/' common/templates/registry/config.yml
[root@harbor harbor]# ./install.sh
.......
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.1.17.
For more details, please visit https://github.com/vmware/harbor .
[root@harbor harbor]# netstat -antpu | grep 8099
tcp6 0 0 :::8099 :::* LISTEN 3028/docker-proxy
浏览器访问92.168.1.17:8099 用户名:admin 密码:Harbor12345
[root@docker harbor]# egrep -v "^#|^$" harbor.cfg
hostname = 192.168.1.17
ui_url_protocol = http
db_password = root123
max_job_workers = 3
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
clair_db_password = password
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
harbor_admin_password = Harbor12345
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 3
ldap_timeout = 5
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
verify_remote_cert = on
[root@docker harbor]# cat docker-compose.yml
version: '2'
services:
log:
image: vmware/harbor-log:v1.2.0
container_name: harbor-log
restart: always
volumes:
- /var/log/harbor/:/var/log/docker/:z
ports:
- 127.0.0.1:1514:514
networks:
- harbor
registry:
image: vmware/registry:2.6.2-photon
container_name: registry
restart: always
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
- harbor
environment:
- GODEBUG=netdns=cgo
command:
["serve", "/etc/registry/config.yml"]
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
mysql:
image: vmware/harbor-db:v1.2.0
container_name: harbor-db
restart: always
volumes:
- /data/database:/var/lib/mysql:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
adminserver:
image: vmware/harbor-adminserver:v1.2.0
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /data/config/:/etc/adminserver/config/:z
- /data/secretkey:/etc/adminserver/key:z
- /data/:/data/:z
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: vmware/harbor-ui:v1.2.0
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- /data/secretkey:/etc/ui/key:z
- /data/ca_download/:/etc/ui/ca/:z
- /data/psc/:/etc/ui/token/:z
networks:
- harbor
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: vmware/harbor-jobservice:v1.2.0
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z
- /data/secretkey:/etc/jobservice/key:z
networks:
- harbor
depends_on:
- ui
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
proxy:
image: vmware/nginx-photon:1.11.13
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
- 8099:80
- 443:443
- 4443:4443
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
[root@docker harbor]# cat common/templates/registry/config.yml
version: 0.1
log:
level: debug
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /storage
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
http:
addr: :5000
secret: placeholder
debug:
addr: localhost:5001
auth:
token:
issuer: harbor-token-issuer
realm: $ui_url:8099/service/token
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
notifications:
endpoints:
- name: harbor
disabled: false
url: http://ui/service/notifications
timeout: 3000ms
threshold: 5
backoff: 1s
[root@docker harbor]# cat install.sh
#!/bin/bash
#docker version: 1.11.2
#docker-compose version: 1.7.1
#Harbor version: 0.4.0
set +e
set -o noglob
#
# Set Colors
#
bold=$(tput bold)
underline=$(tput sgr 0 1)
reset=$(tput sgr0)
red=$(tput setaf 1)
green=$(tput setaf 76)
white=$(tput setaf 7)
tan=$(tput setaf 202)
blue=$(tput setaf 25)
#
# Headers and Logging
#
underline() { printf "${underline}${bold}%s${reset}\n" "$@"
}
h1() { printf "\n${underline}${bold}${blue}%s${reset}\n" "$@"
}
h2() { printf "\n${underline}${bold}${white}%s${reset}\n" "$@"
}
debug() { printf "${white}%s${reset}\n" "$@"
}
info() { printf "${white}➜ %s${reset}\n" "$@"
}
success() { printf "${green}✔ %s${reset}\n" "$@"
}
error() { printf "${red}✖ %s${reset}\n" "$@"
}
warn() { printf "${tan}➜ %s${reset}\n" "$@"
}
bold() { printf "${bold}%s${reset}\n" "$@"
}
note() { printf "\n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}\n" "$@"
}
set -e
set +o noglob
usage=$'Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.
Please set --with-clair if needs enable Clair in Harbor'
item=0
# notary is not enabled by default
with_notary=$false
# clair is not enabled by default
with_clair=$false
while [ $# -gt 0 ]; do
case $1 in
--help)
note "$usage"
exit 0;;
--with-notary)
with_notary=true;;
--with-clair)
with_clair=true;;
*)
note "$usage"
exit 1;;
esac
shift || true
done
workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $workdir
# The hostname in harbor.cfg has not been modified
if grep 'hostname = reg.mydomain.com' &> /dev/null harbor.cfg
then
warn "$usage"
exit 1
fi
function check_docker {
if ! docker --version &> /dev/null
then
error "Need to install docker(1.10.0+) first and run this script again."
exit 1
fi
# docker has been installed and check its version
if [[ $(docker --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
then
docker_version=${BASH_REMATCH[1]}
docker_version_part1=${BASH_REMATCH[2]}
docker_version_part2=${BASH_REMATCH[3]}
# the version of docker does not meet the requirement
if [ "$docker_version_part1" -lt 1 ] || ([ "$docker_version_part1" -eq 1 ] && [ "$docker_version_part2" -lt 10 ])
then
error "Need to upgrade docker package to 1.10.0+."
exit 1
else
note "docker version: $docker_version"
fi
else
error "Failed to parse docker version."
exit 1
fi
}
function check_dockercompose {
if ! docker-compose --version &> /dev/null
then
error "Need to install docker-compose(1.7.1+) by yourself first and run this script again."
exit 1
fi
# docker-compose has been installed, check its version
if [[ $(docker-compose --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
then
docker_compose_version=${BASH_REMATCH[1]}
docker_compose_version_part1=${BASH_REMATCH[2]}
docker_compose_version_part2=${BASH_REMATCH[3]}
# the version of docker-compose does not meet the requirement
if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 6 ])
then
error "Need to upgrade docker-compose package to 1.7.1+."
exit 1
else
note "docker-compose version: $docker_compose_version"
fi
else
error "Failed to parse docker-compose version."
exit 1
fi
}
h2 "[Step $item]: checking installation environment ..."; let item+=1
check_docker
check_dockercompose
if [ -f harbor*.tar.gz ]
then
h2 "[Step $item]: loading Harbor images ..."; let item+=1
docker load -i ./harbor*.tar.gz
fi
echo ""
h2 "[Step $item]: preparing environment ..."; let item+=1
if [ -n "$host" ]
then
sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg
fi
prepare_para=
if [ $with_notary ]
then
prepare_para="${prepare_para} --with-notary"
fi
if [ $with_clair ]
then
prepare_para="${prepare_para} --with-clair"
fi
./prepare $prepare_para
echo ""
h2 "[Step $item]: checking existing instance of Harbor ..."; let item+=1
docker_compose_list='-f docker-compose.yml'
if [ $with_notary ]
then
docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"
fi
if [ $with_clair ]
then
docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"
fi
if [ -n "$(docker-compose $docker_compose_list ps -q)" ]
then
note "stopping existing Harbor instance ..."
docker-compose $docker_compose_list down -v
fi
echo ""
h2 "[Step $item]: starting Harbor ..."
docker-compose $docker_compose_list up -d
protocol=http
hostname=reg.mydomain.com
if [[ $(cat ./harbor.cfg) =~ ui_url_protocol[[:blank:]]*=[[:blank:]]*(https?) ]]
then
protocol=${BASH_REMATCH[1]}
fi
if [[ $(grep 'hostname[[:blank:]]*=' ./harbor.cfg) =~ hostname[[:blank:]]*=[[:blank:]]*(.*) ]]
then
hostname=${BASH_REMATCH[1]}
fi
echo ""
success $"----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at ${protocol}://${hostname}.
For more details, please visit https://github.com/vmware/harbor .
"
73
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
