类似网站的建设,浙江网站建设上市公司,百度pc网页版,网站建设创新点私有仓库----registry官方提供registry仓库管理#xff08;推送、删除、下载#xff09;私有仓库----harbor私有镜像仓库1.私有仓库----registry官方提供 Docker hub官方已提供容器镜像registry,用于搭建私有仓库 1.1 镜像拉取、运行、查看信息、测试 (一) 拉取镜像 # dock…私有仓库----registry官方提供registry仓库管理推送、删除、下载私有仓库----harbor私有镜像仓库1.私有仓库----registry官方提供 Docker hub官方已提供容器镜像registry,用于搭建私有仓库 1.1 镜像拉取、运行、查看信息、测试 (一) 拉取镜像 # docker pull daocloud.io/library/registry:latest 二 运行容器 # docker run --name pri_registry --restartalways -d -p 5000:5000 daocloud.io/library/registry 注如果创建容器不成功报错防火墙解决方案如下 #systemctl stop firewalld #yum install iptables* #systemctl start iptables #iptables -F #systemctl restart docker 三 查看容器 # docker ps -a 四 连接容器查看端口状态 # docker exec -it 1f444285bed8 /bin/sh //这里是sh 不是bash /# netstat -lnp //查看5000端口是否开启 在本机查看能否访问该私有仓库,看看状态码是不是200: # curl -I 127.0.0.1:5000 //参数是大写的i 2.registry仓库管理推送、删除、下载 2.1 修改请求方式为http 默认为https不改会在往私有仓库上传时报错报以下错误: # vim /etc/docker/daemon.json { insecure-registries:[192.168.245.136:5000] } 重启docker: # systemctl restart docker 2.2 仓库功能测试 为了方便下载1个比较小的镜像,buysbox # docker pull busybox 上传前必须给镜像打tag 注明ip和端口 格式 # docker tag busybox 私有仓库IP:端口/busybox # docker tag busybox 192.168.245.136:5000/busybox Mysql是测试的第二个镜像从daocloud拉取 # docker pull daocloud.io/library/mysql # docker tag daocloud.io/library/mysql 192.168.245.136:5000/daocloud.io/library/mysql 注tag后面可以使用镜像名称也可以使用id,我这里使用的镜像名称如果使用官方的镜像不需要加前缀但是daocloud.io的得加前缀 上传镜像到私有仓库 # docker push 192.168.26.144:5000/busybox # docker push 192.168.26.144:5000/daocloud.io/library/mysql 2.3 查看私有仓库里的所有镜像 查看所有镜像: # curl -X GET http://192.168.26.144:5000/v2/_catalog 查看镜像所有tag curl -X GET http://registry_host:5000/v2/images_name/tags/list # curl -X GET http://192.168.26.144:5000/v2/daocloud.io/library/mysql/tags/list 2.4 删除仓库里的镜像 查看要删除镜像的Digest: 格式 curl -I -X GET http://registry_host:5000/v2/images_name/manifests/tag # curl -I -X GET http://192.168.26.144:5000/v2/daocloud.io/library/mysql/manifests/v2 其中 Docker-Content-Digest的内容为要删除镜像的 Digest Digset sha256:46e16271326ceb468caa89217b4c7bc86788168662fdf8bb45bc4dae6da9d0f1 删除镜像 格式curl -I -X DELETE http://10.74.234.17:5001/v2/images_name/manifests/Digest # curl -I -X DELETE http://192.168.26.144:5001/v2/images_name/manifests/Digest 2.5 拉取私有仓库镜像 格式docker pull 192.168.26.144:5000/images_name # docker pull 192.168.26.144:5000/busybox 3.私有仓库----harbor私有镜像仓库 3.1 框架 loadbalancer做负载均衡实验时1核1G生产时16核64G harborA和harborB做高可用实验时4核4G生产时4核16G redis做数据缓存生产时4核16Gpostgresql做数据库存储生产时16核64G 在对harborA/B做nfs生产时500G 实验时放在一台机器上4核4G 3.2 环境准备 一设置redisredis、nfs、postgresql在同一台机器上 # yum install epel-release # yum -y install redis # systemctl enable --now redis # vim /etc/redis.conf bind 192.168.26.176 //监听地址改为本机 requirepass test123!! //设置密码 # systemctl restart redis 二 设置nfsredis、nfs、postgresql在同一台机器上 # yum -y install nfs-utils # mkdir -p /data/harbor # vim /etc/exports /data/harbor 192.168.26.0/24(rw,sync,no_root_squash) # systemctl enable --now nfs 设置harbor的挂载点在两台harbor上设置 # mkdir -p /data/harbor 设置挂载点 # vim /etc/fstab 192.168.26.176:/data/harbor /data/harbor nfs defaults 0 0 # mount -a 或者 # mount -t nfs 192.168.26.176:/data/harbor /data/harbor # mount -a # df -Th 注意如果在harbor客户机中挂载nfs时出现这样 在该机器上安装nfs的驱动程序并启动然后在重新挂载即可 # yum -y install nfs-utils # systemctl start nfs-utils.service (三) 设置postgresqlredis、nfs、postgresql在同一台机器上 # yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm # yum install -y postgresql13-server # /usr/pgsql-13/bin/postgresql-13-setup initdb //初始化postgresql数据 # systemctl enable --now postgresql-13 # vim /var/lib/pgsql/13/data/postgresql.conf listen_addresses * //监听全网地址 port 5432 //放开端口 # vim /var/lib/pgsql/13/data/pg_hba.conf host all all 192.168.26.0/24 md5 //设置可连接网端 # systemctl restart postgresql-13 # su - postgres //切换用户 -bash-4.2$ psql //进入postgresql 以下操作在posetgresql中进行 # CREATE DATABASE harbor; # CREATE DATABASE notary_signer; # CREATE DATABASE notary_server; # CREATE USER harbor WITH PASSWORD test123!!; # CREATE USER notary_signer WITH PASSWORD test123!!; # CREATE USER notary_server WITH PASSWORD test123!!; # GRANT ALL PRIVILEGES ON DATABASE harbor TO harbor; # GRANT ALL PRIVILEGES ON DATABASE notary_signer TO notary_signer; # GRANT ALL PRIVILEGES ON DATABASE notary_server TO notary_server; postgres# \l //查看库 postgres# exit -bash-4.2$ exit //退出 四设置loadbalancer 使用nginx作为代理 # vim /etc/yum.repos.d/nginx.repo [nginx-stable] namenginx stable repo baseurlhttp://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck1 enabled1 gpgkeyhttps://nginx.org/keys/nginx_signing.key module_hotfixestrue # yum -y install nginx # cd /etc/nginx/conf.d # vim harbor-proxy.conf upstream harbor-service { server harborA_ipaddress:80; server harborB_ipaddress:80; } server { listen 80; server_name harbor.daemon.com; access_log /var/log/nginx/harbor-loadbalance.access.log main; location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://harbor-service; } } # systemctl start nginx 五设置harbor-A harbor-B 安装harbor 对企业内的镜像进行统一的管理,并且harbor还带有 用户管理功能, 并且还具备LDAP用户管理域接入功能; 1.事先在两台harbor机其中安装好docker, 并配置好加速器 作者的博客中有 2.安装docker-compose # curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose # chmod ax /usr/local/bin/docker-compose # ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose harbor 下载地址:https://github.com/goharbor/harbor/releases/download/v2.5.0/harbor-offline-installer-v2.5.0.tgz # tar xf harbor-offline-installer-$(VERSION).tgz -C /usr/local/ # cd /usr/local/harbor # cp harbor.yml.tmpl harbor.yml # vim harbor.yml hostname: 192.168.26.174 //主机名改为本地主机IP #https: # port: 443 # certificate: /your/certificate/path # private_key: /your/private/key/path //注释https服务 external_url: https://reg.mydomain.com:8433 //修改外部访问url #database: # password: root123 # max_idle_conns: 100 # max_open_conns: 900 //注释掉内部的数据库 data_volume: /data/harbor //数据卷使用harbor-A/B 的挂载点 # Uncomment external_database if using external database. //配置数据库 external_database: harbor: host: 192.168.26.176 port: 5432 db_name: harbor username: harbor password: test123!! ssl_mode: disable max_idle_conns: 2 max_open_conns: 0 notary_signer: host: 192.168.26.176 port: 5432 db_name: notary_signer username: notary_signer password: test123!! ssl_mode: disable notary_server: host: 192.168.26.176 port: 5432 db_name: notary_server username: notary_server password: test123!! ssl_mode: disable # Uncomment external_redis if using external Redis server //配置redis external_redis: # support redis, redissentinel # host for redis: host_redis:port_redis # host for redissentinel: # host_sentinel1:port_sentinel1,host_sentinel2:port_sentinel2,host_sentinel3:port_sentinel3 host: 192.168.26.176:6379 password: test123!! # sentinel_master_set must be set to support redissentinel #sentinel_master_set: # db_index 0 is for core, its unchangeable registry_db_index: 1 jobservice_db_index: 2 chartmuseum_db_index: 3 trivy_db_index: 5 idle_timeout_seconds: 30 下载所需的镜像: 安装前的准备工作 注意需要开启docker # ./prepare 直接安装 # ./install.sh 观察docker容器是否全部开启 # docker ps -a harbor-B 做一样的操作在harbor.yml 主机名的IP需要更该 六访问
