Docker 镜像及Docker仓库配置 [四]

摘要

我们制作好镜像后,默认存放在本地,只可以我们本机使用,其他服务器无法使用,这时候就需要我们一个docker仓库,其他服务器使用的时候只需要进行pull下来即可

Docker 镜像及Docker仓库配置 [四]

Docker
时间:2016年11月8日15:45:20

博客:www.abcdocker.com
微信公众号:abcdocker
笔者QQ:381493251
Abcdocker交流群:454666672
如果遇到什么问题可以进群询问,我们是一个乐于帮助的集体!


一、Docker 镜像介绍

Docker镜像构建分为两种,一种是手动构建,另一种是Dockerfile(自动构建

Docker镜像手动构建案例:

我们基于centos镜像进行构建,制作nginx镜像

  1. [root@linux-node1 ~]# docker run --name abcdocker -it centos
  2. [root@026ae321431d /]# yum install wget -y
  3. [root@026ae321431d /]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
  4. [root@026ae321431d /]# yum install nginx -y

我们需要修改nginx配置文件,让他运行在前台

  1. [root@026ae321431d /]# vi /etc/nginx/nginx.conf
  2. ...
  3. daemon off;
  4. ...

修改完之后我们退出

  1. [root@linux-node1 ~]# docker ps -a
  2. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
  3. 026ae321431d centos "/bin/bash" 8 minutes ago Exited (0) 4 seconds ago abcdocker

我们修改完之后需要commit

  1. [root@linux-node1 ~]# docker commit -m "My Nginx" 026ae321431d abcdocker/abcdocker:v1
  2. sha256:d1da04e088afa5bc005fbef9c75c6c4d4432df2f8fdda2ca16543638ec3682f4
  3. [root@linux-node1 ~]# docker images
  4. REPOSITORY TAG IMAGE ID CREATED SIZE
  5. abcdocker/abcdocker v1 d1da04e088af 4 minutes ago 386.5 MB
  6. docker.io/nginx latest e43d811ce2f4 34 hours ago 181.4 MB
  7. docker.io/centos latest 980e0e4c79ec 6 weeks ago 196.7 MB
  8. #注释
  9. -m 描述
  10. 容器ID
  11. 第一个abcdocker是仓库的名称
  12. 第二个abcdocker是镜像的名称
  13. v1 标签,如果是最后一个版本我们可以打latest

我们现在启动制作好的nginx镜像

  1. [root@linux-node1 ~]# docker run --name nginxv1 -d -p 81:80 abcdocker/abcdocker:v1 nginx
  2. 2827b5ff95363d4597928a1e094b4c267178350a6c23a075bda90fabff1c671e
  3. 我们要写镜像全称,带上标签

提示:后面的nginx不是镜像的nginx,而是服务的名称
  4.png-57.6kB
我们可以查看访问日志

  1. [root@linux-node1 ~]# ./docker_in.sh nginxv1
  2. [root@2827b5ff9536 /]# tail -f /var/log/nginx/access.log
  3. 192.168.56.1 - - [23/Oct/2016:09:09:49 +0000] "GET / HTTP/1.1" 200 3700 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
  4. 192.168.56.1 - - [23/Oct/2016:09:09:49 +0000] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.56.11:81/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
  5. 192.168.56.1 - - [23/Oct/2016:09:09:49 +0000] "GET /poweredby.png HTTP/1.1" 200 2811 "http://192.168.56.11:81/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
  6. 192.168.56.1 - - [23/Oct/2016:09:09:49 +0000] "GET /favicon.ico HTTP/1.1" 404 3650 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
  7. 192.168.56.1 - - [23/Oct/2016:09:09:49 +0000] "GET /favicon.ico HTTP/1.1" 404 3650 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"

以上就是手动构建nginx镜像

Dockerfile是由一行命令语句组成的

Dockerfile构建步骤:

  1. [root@linux-node1 ~]# mkdir /dockerfile
  2. [root@linux-node1 ~]# cd /dockerfile
  3. [root@linux-node1 dockerfile]#
  4. [root@linux-node1 dockerfile]# mkdir nginx
  5. [root@linux-node1 dockerfile]# cd nginx/
  6. [root@linux-node1 nginx]#
  7. 我们要在nginx目录上自动化创建一个nginx镜像

注意:D需要大写,当我们构建dockerfile的时候,docker默认会在我们当前目录读取一个名为Dockerfile的文件。这时候的D必须大写

  1. [root@linux-node1 nginx]# cat Dockerfile
  2. # This Dockerfile
  3. # My Name is YuHongCong
  4. # Base image
  5. FROM centos
  6. # Maintainer
  7. MAINTAINER abcdocker xxx@gmail.com
  8. #Commands
  9. RUN rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
  10. RUN yum install -y nginx && yum clean all
  11. RUN echo "daemon off;" >>/etc/nginx/nginx.conf
  12. ADD index.html /usr/share/nginx/html/index.html
  13. EXPOSE 80
  14. CMD ["nginx"]
#井号代表注释
#Base image  除了注释的第一行,必须是FROM,意思就是我们需要告诉dockerfile基础镜像是什么
#Maintainer 维护信息

#Commands 命令

#ADD index.html 这个文件需要我们在当前目录下有才可以,我们配置我们可以准备好,然后使用ADD命令进行添加或修改
EXPOSE 对外端口号
CMD [“nginx”] 它要启动的命令是nginx (就算是nginx服务)

关于Dokcerfile文章:http://www.abcdocker.com/abcdocker/1724

我们写好dockerfile还需要一个index.html

  1. [root@linux-node1 nginx]# echo www.abcdocker.com >index.html
  2. [root@linux-node1 nginx]# ll
  3. total 8
  4. -rw-r--r-- 1 root root 368 Oct 23 18:04 Dockerfile
  5. -rw-r--r-- 1 root root 18 Oct 23 18:06 index.html

提示:.代表构建的位置,我们是当前目录,我们使用docker build进行构建

  1. [root@linux-node1 nginx]# docker build -t mynginx:v2 .

5.png-38.6kB

构建完成后我们就知道我们配置的都是那些

  1. [root@linux-node1 nginx]# docker images
  2. REPOSITORY TAG IMAGE ID CREATED SIZE
  3. mynginx v2 0d327c3d5058 8 minutes ago 281.6 MB
  4. abcdocker/abcdocker v1 d1da04e088af About an hour ago 386.5 MB
  5. docker.io/nginx latest e43d811ce2f4 35 hours ago 181.4 MB
  6. docker.io/centos latest 980e0e4c79ec 6 weeks ago 196.7 MB

启动镜像

  1. [root@linux-node1 nginx]# docker run --name mynginxtest -d -p 82:80 mynginx:v2
  2. 71ca33f5032c57342eff85f948c0273f0818218c5e3ccf6c7368d5e5da123520
  3. #mynginx:v2是docker images查看到的镜像名称

6.png-27.4kB

Dockerfile参数解释

  1. FROM 指定基础镜像
  2. MAINTAINER 指定维护者信息
  3. RUN 在命令前面加上RUN
  4. ADD COPY文件,会自动解压
  5. WORKDIR 设置当前工作目录,类似于cd
  6. VOLUME 设置卷,挂载主机目录
  7. EXPOSE 指定对外的端口
  8. CMD 指定容器启动后要干的事情

Dockerfile文章:http://www.abcdocker.com/abcdocker/1724

二、Docker仓库

 Docker的仓库是DockerHub,类似于github,github有一个开源的软件叫gitlab。Docker也有一个开源软件docker registry

 我们先查看镜像,找到registry

  1. [root@linux-node1 ~]# docker search docker
  2. INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
  3. docker.io docker.io/jenkins Official Jenkins Docker image 2146 [OK]
  4. docker.io docker.io/alpine A minimal Docker image based on Alpine Lin... 1556 [OK]
  5. docker.io docker.io/registry Containerized docker registry 1161 [OK]
  6. docker.io docker.io/swarm Swarm: a Docker-native clustering system. 529 [OK]
  7. docker.io docker.io/fedora Official Docker builds of Fedora 446 [OK]
  8. docker.io docker.io/docker Docker in Docker! 311 [OK]
  9. docker.io docker.io/konradkleine/docker-registry-frontend Browse and modify your Docker registry in ... 121 [OK]
  10. docker.io docker.io/oddrationale/docker-shadowsocks shadowsocks Docker image 121 [OK]
  11. docker.io docker.io/docker-dev Docker is an open source project to pack, ... 58 [OK]
  12. docker.io docker.io/hyper/docker-registry-web Web UI, authentication service and event r... 55 [OK]
  13. docker.io docker.io/datadog/docker-dd-agent Docker container for the Datadog Agent. 42 [OK]
  14. docker.io docker.io/francescou/docker-compose-ui web interface for Docker Compose 32 [OK]
  15. docker.io docker.io/nodered/node-red-docker Node-RED Docker images. 32 [OK]
  16. docker.io docker.io/spotify/docker-gc Garbage collection of Docker containers an... 26 [OK]
  17. docker.io docker.io/devalx/docker-teamspeak3 Docker Container with Teamspeak 3. Contain... 19 [OK]
  18. docker.io docker.io/grahamdumpleton/mod-wsgi-docker Docker images for Apache/mod_wsgi. 19 [OK]
  19. docker.io docker.io/dockercore/docker 15 [OK]
  20. docker.io docker.io/docker/docker-bench-security Docker Bench checks for dozens of common b... 12 [OK]
  21. docker.io docker.io/laurentmalvert/docker-boinc A dockerized BOINC client 7 [OK]
  22. docker.io docker.io/rubinius/docker Docker images for Rubinius and other parts... 4 [OK]
  23. docker.io docker.io/docker/migrator Tool to migrate Docker images from a v1 re... 3 [OK]
  24. docker.io docker.io/fabric8/jenkins-docker Fabric8 Jenkins Docker Image 3 [OK]
  25. docker.io docker.io/jakubsacha/symfony-docker Docker image tailed to run symfony applica... 2 [OK]
  26. docker.io docker.io/cgal/testsuite-docker Docker images for the CGAL testsuite 1 [OK]
  27. docker.io docker.io/jfisbein/docker-images Various Docker build files for creating Do... 1 [OK]

我们可以通过docker pull 来下载一个

  1. [root@linux-node1 ~]# docker pull registry

查看镜像

  1. [root@linux-node1 ~]# docker images
  2. REPOSITORY TAG IMAGE ID CREATED SIZE
  3. mynginx v2 0d327c3d5058 26 hours ago 281.6 MB
  4. abcdocker/abcdocker v1 d1da04e088af 27 hours ago 386.5 MB
  5. docker.io/nginx latest e43d811ce2f4 2 days ago 181.4 MB
  6. docker.io/registry latest c9bd19d022f6 5 days ago 33.27 MB
  7. docker.io/centos latest 980e0e4c79ec 6 weeks ago 196.7 MB
  8. docker.io/vmware/admiral latest 4e798983bb2a 6 weeks ago 506.4 MB

默认占用5000端口,我们查看是否存在5000端口

  1. [root@linux-node1 ~]# netstat -lntup
  2. Active Internet connections (only servers)
  3. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  4. tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 19995/mysqld
  5. tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 21574/epmd
  6. tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1094/sshd
  7. tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 21557/beam
  8. tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1372/master
  9. tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 21557/beam
  10. tcp6 0 0 :::81 :::* LISTEN 119979/docker-proxy
  11. tcp6 0 0 :::4369 :::* LISTEN 21574/epmd
  12. tcp6 0 0 :::82 :::* LISTEN 122045/docker-proxy
  13. tcp6 0 0 :::22 :::* LISTEN 1094/sshd
  14. tcp6 0 0 ::1:25 :::* LISTEN 1372/master
  15. tcp6 0 0 :::8282 :::* LISTEN 7571/docker-proxy
  16. tcp6 0 0 :::5672 :::* LISTEN 21557/beam
  17. udp 0 0 0.0.0.0:123 0.0.0.0:* 19389/chronyd
  18. udp 0 0 127.0.0.1:323 0.0.0.0:* 19389/chronyd
  19. udp6 0 0 ::1:323 :::* 19389/chronyd

我们开始运行容器

  1. [root@linux-node1 ~]# docker run -d -p 5000:5000 registry
  2. aa6b8ce82d5ab3539e7c6aa8bca23215f18f1215ccb8ca48100e525ba769d964

提示:docker比较老的版本运行起来就可以运行,1.7之后都不可以

我们新打一个标签

  1. [root@linux-node1 ~]# docker tag abcdocker/abcdocker:v1 192.168.56.11:5000/abc/mynginx:latest
  2. #我们将以前的abcdocker打一个标签到5000端口

因为Docker从1.3.X之后默认docker registry使用的是https,所以当用docker pull命令下载远程镜像时,如果远程docker registry是非https的时候就会报上面的错误。

  1. [root@linux-node1 ~]# docker tag abcdocker/abcdocker:v1 192.168.56.11:5000/abc/mynginx:latest
  2. [root@linux-node1 ~]# docker push 192.168.56.11:5000/abc/mynginx:latest
  3. The push refers to a repository [192.168.56.11:5000/abc/mynginx]
  4. unable to ping registry endpoint https://192.168.56.11:5000/v0/
  5. v2 ping attempt failed with error: Get https://192.168.56.11:5000/v2/: http: server gave HTTP response to HTTPS client
  6. v1 ping attempt failed with error: Get https://192.168.56.11:5000/v1/_ping: http: server gave HTTP response to HTTPS client

提示:解决方法有2种,一种是去沃通或腾讯申请免费ssl,或者我们本地修改配置文件

解决Https问题

安装nginx,制作https

  1. [root@linux-node1 ~]# yum install nginx -y
  2. [root@linux-node1 ~]# vim /etc/nginx/nginx.conf
  3. include /etc/nginx/conf.d/*.conf;

因为在配置文件中已经指定了目录,只有放在/etc/nginx/conf.d/*下面才会识别到
配置如下:

  1. [root@linux-node1 conf.d]# cat docker.conf
  2. upstream docker-registry {
  3. server 127.0.0.1:5000;
  4. }
  5. server {
  6. listen 443;
  7. server_name registry.abcdocker.com
  8. ssl on;
  9. ssl_certificate /etc/ssl/nginx.crt;
  10. ssl_certificate_key /etc/ssl/nginx.key;
  11. proxy_set_header Host $http_host;
  12. proxy_set_header X-Real-IP $remote_addr;
  13. client_max_body_size 0;
  14. chunked_transfer_encoding on;
  15. location / {
  16. auth_basic "Docker";
  17. auth_basic_user_file /etc/nginx/conf.d/docker-registry.htpasswd;
  18. proxy_pass http://docker-registry;
  19. }
  20. location /_ping {
  21. auth_basic off;
  22. proxy_pass http://docker-registry;
  23. }
  24. location /v1/_ping {
  25. auth_basic off;
  26. proxy_pass http://docker-registry;
  27. }
  28. }
  29. [root@linux-node1 conf.d]#

我们需要生成一个证书,大家可以申请一个沃通或者腾讯的免费ssl


以下如果有沃通的免费ssl就不需要设置

我们先设置一个根密钥,生产上直接使用沃通的免费ssl配置就可以了

  1. ---------------此步在生产可以不使用--------------------
  2. [root@linux-node1 ~]# cd /etc/pki/CA/
  3. [root@linux-node1 CA]# touch ./{serial,index.txt}
  4. [root@linux-node1 CA]# echo "00" >serial
  5. [root@linux-node1 CA]# openssl genrsa -out private/cakey.pem 2048
  6. Generating RSA private key, 2048 bit long modulus
  7. .................................+++
  8. ............+++
  9. e is 65537 (0x10001)
  10. [root@linux-node1 CA]# openssl req -new -x509 -key private/cakey.pem -days 3650 -out cacert.pem
  11. You are about to be asked to enter information that will be incorporated
  12. into your certificate request.
  13. What you are about to enter is what is called a Distinguished Name or a DN.
  14. There are quite a few fields but you can leave some blank
  15. For some fields there will be a default value,
  16. If you enter '.', the field will be left blank.
  17. -----
  18. Country Name (2 letter code) [XX]:输入CN
  19. State or Province Name (full name) []: 输入BeiJing
  20. Locality Name (eg, city) [Default City]:BeiJing
  21. Organization Name (eg, company) [Default Company Ltd]:abcdocker
  22. Organizational Unit Name (eg, section) []:docker
  23. Common Name (eg, your name or your server's hostname) []:registry.abcdocker.com
  24. Email Address []:cyh@abcdocker.com
  25. 以上步骤是生成一个根证书
  26. 我们现在需要生产一个nginx的证书(生产可以直接使用运营商颁发的证书,不需要生成)
  27. [root@linux-node1 CA]# cd /etc/ssl/
  28. [root@linux-node1 ssl]# openssl genrsa -out nginx.key 2048
  29. Generating RSA private key, 2048 bit long modulus
  30. ....+++
  31. .........................................+++
  32. e is 65537 (0x10001)
  33. [root@linux-node1 ssl]# openssl req -new -key nginx.key -out nginx.csr
  34. You are about to be asked to enter information that will be incorporated
  35. into your certificate request.
  36. What you are about to enter is what is called a Distinguished Name or a DN.
  37. There are quite a few fields but you can leave some blank
  38. For some fields there will be a default value,
  39. If you enter '.', the field will be left blank.
  40. -----
  41. Country Name (2 letter code) [XX]:CN
  42. State or Province Name (full name) []:BeiJing
  43. Locality Name (eg, city) [Default City]:BeiJing
  44. Organization Name (eg, company) [Default Company Ltd]:abcdocker
  45. Organizational Unit Name (eg, section) []:docker
  46. Common Name (eg, your name or your server's hostname) []:registry.abcdocker.com
  47. Email Address []:cyh@abcdocker.com
  48. Please enter the following 'extra' attributes
  49. to be sent with your certificate request
  50. A challenge password []:
  51. An optional company name []:
  52. #最后2个直接回车
  53. 签发证书
  54. [root@linux-node1 ssl]# openssl ca -in nginx.csr -days 365 -out nginx.crt
  55. Using configuration from /etc/pki/tls/openssl.cnf
  56. Check that the request matches the signature
  57. Signature ok
  58. Certificate Details:
  59. Serial Number: 0 (0x0)
  60. Validity
  61. Not Before: Oct 24 14:04:16 2016 GMT
  62. Not After : Oct 24 14:04:16 2017 GMT
  63. Subject:
  64. countryName = CN
  65. stateOrProvinceName = BeiJing
  66. organizationName = abcdocker
  67. organizationalUnitName = docker
  68. commonName = registry.abcdocker.com
  69. emailAddress = cyh@abcdocker.com
  70. X509v3 extensions:
  71. X509v3 Basic Constraints:
  72. CA:FALSE
  73. Netscape Comment:
  74. OpenSSL Generated Certificate
  75. X509v3 Subject Key Identifier:
  76. 29:04:19:D9:1A:C1:8C:1C:11:38:FF:75:85:1F:B2:BD:E1:1C:79:5C
  77. X509v3 Authority Key Identifier:
  78. keyid:70:D7:95:49:C3:40:05:43:43:D4:07:AE:4D:AB:F2:D6:40:28:63:8D
  79. Certificate is to be certified until Oct 24 14:04:16 2017 GMT (365 days)
  80. Sign the certificate? [y/n]:y
  81. 1 out of 1 certificate requests certified, commit? [y/n] y
  82. CERTIFICATION CANCELED
  83. 因为我们设置的是自签证书,要让系统允许
  84. [root@linux-node1 ~]# cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt

我们创建一个用来验证的账号密码

  1. [root@linux-node1 ~]# htpasswd -c /etc/nginx/conf.d/docker-registry.htpasswd abcdocker
  2. New password:
  3. Re-type new password:
  4. Adding password for user abcdocker
  5. #这个路径要跟nginx配置文件中的路径对应上
  6. [root@linux-node1 ~]# systemctl start nginx

查看是否有443端口

  1. [root@linux-node1 ~]# netstat -lntup
  2. Active Internet connections (only servers)
  3. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  4. tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 19995/mysqld
  5. tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14408/nginx: master
  6. tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 21574/epmd
  7. tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1094/sshd
  8. tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 21557/beam
  9. tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1372/master
  10. tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 14408/nginx: master
  11. tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 21557/beam
  12. tcp6 0 0 :::80 :::* LISTEN 14408/nginx: master
  13. tcp6 0 0 :::81 :::* LISTEN 119979/docker-proxy
  14. tcp6 0 0 :::4369 :::* LISTEN 21574/epmd
  15. tcp6 0 0 :::82 :::* LISTEN 122045/docker-proxy
  16. tcp6 0 0 :::22 :::* LISTEN 1094/sshd
  17. tcp6 0 0 ::1:25 :::* LISTEN 1372/master
  18. tcp6 0 0 :::8282 :::* LISTEN 7571/docker-proxy
  19. tcp6 0 0 :::5000 :::* LISTEN 12308/docker-proxy
  20. tcp6 0 0 :::5672 :::* LISTEN 21557/beam
  21. udp 0 0 0.0.0.0:123 0.0.0.0:* 19389/chronyd
  22. udp 0 0 127.0.0.1:323 0.0.0.0:* 19389/chronyd
  23. udp6 0 0 ::1:323 :::* 19389/chronyd

我们还需要做一个绑定,设置host解析

  1. [root@linux-node1 ~]# cat /etc/hosts
  2. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
  3. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
  4. 192.168.56.11 linux-node1.abcdocker.com registry.abcdocker.com
  5. 192.168.56.12 linux-node2.abcdocker.com

修改配置文件

  1. [root@linux-node1 ~]# vim /etc/sysconfig/docker
  2. # Modify these options if you want to change the way the docker daemon runs
  3. OPTIONS='--selinux-enabled --insecure-registry 192.168.56.11:5000'

测试

  1. [root@linux-node1 ~]# docker push 192.168.56.11:5000/abcdocker/abcnginx:latest
  2. The push refers to a repository [192.168.56.11:5000/abcdocker/abcnginx]
  3. f69e85c4fed0: Pushed
  4. 0aeb287b1ba9: Pushed
  5. latest: digest: sha256:516a0527d14f5f657a984c19c3e1a4cc90fff99cf065d5b1e56740fe5d8f0796 size: 719

小结:制作好nginx—ssl 后,docker基本上只需要三步

  1. 1、修改/etc/sysconfig/docker 配置文件,设置域名
  2. 2、构建镜像
  3. [root@linux-node1 ~]# docker tag abcdocker/abcdocker:v1 192.168.56.11:5000/abcdocker/abc:latest
  4. 3、上传到仓库中
  5. [root@linux-node1 ~]# docker push 192.168.56.11:5000/abcdocker/abc:latest

提示:如果使用的是域名此处的IP地址就是域名的地址

连接

首先我们修改配置文件,因为不是https,所以要修改配置文件,跟服务端修改的一样
设置hosts解析
然后我们使用docker pull即可

  1. [root@linux-node2 ~]# docker images
  2. REPOSITORY TAG IMAGE ID CREATED SIZE
  3. [root@linux-node2 ~]# docker pull 192.168.56.11:5000/abcdocker/abc:latest
  4. Trying to pull repository 192.168.56.11:5000/abcdocker/abc ...
  5. latest: Pulling from 192.168.56.11:5000/abcdocker/abc
  6. 8d30e94188e7: Pull complete
  7. 9cc6fcb823f4: Pull complete
  8. Digest: sha256:516a0527d14f5f657a984c19c3e1a4cc90fff99cf065d5b1e56740fe5d8f0796
  9. Status: Downloaded newer image for 192.168.56.11:5000/abcdocker/abc:latest

查看是否存在

  1. [root@linux-node2 ~]# docker images
  2. REPOSITORY TAG IMAGE ID CREATED SIZE
  3. 192.168.56.11:5000/abcdocker/abc latest d1da04e088af 44 minutes ago 386.5 MB

创建容器

  1. [root@linux-node2 ~]# docker run -d -it --name nginx1 -d -p 81:80 192.168.56.11:5000/abcdocker/abc
  2. 5086eafe42a7c82c8c1b2adaeaa223766348c7ec349c407d57868add9cd7a77e
  3. [root@linux-node2 ~]# sh docker.sh nginx1
  4. [root@5086eafe42a7 /]# ls
  5. anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var

案例:按照我们上面的方法,制作一个nginx镜像并上传到docker仓库中,并运行容器启动nginx服务

  1. [root@linux-node2 ~]# docker run -d --name nginx -p 192.168.56.12:87:80 192.168.56.11:5000/abc
  2. 477a9eda45b0262d2c914539698efc0eedc580d123fd25188c9c1f3205bfd445
  3. [root@linux-node2 ~]# netstat -lntup
  4. Active Internet connections (only servers)
  5. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  6. tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1094/sshd
  7. tcp 0 0 192.168.56.12:87 0.0.0.0:* LISTEN 25508/docker-proxy
  8. tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1373/master
  9. tcp6 0 0 :::22 :::* LISTEN 1094/sshd
  10. tcp6 0 0 ::1:25 :::* LISTEN 1373/master

1.png-28.1kB

Docker仓库含义

  我们制作好镜像后,默认存放在本地,只可以我们本机使用,其他服务器无法使用,这时候就需要我们一个docker仓库,其他服务器使用的时候只需要进行pull下来即可
 Docker默认提供了一个仓库叫docker registry
 Docker registry需要使用https进行验证
官方手册 https://docs.docker.com/registry/


Docker registry私有仓库搭建基本几步流程(采用nginx+认证的方式)

1.  申请免费的ssl证书 https://buy.wosiqn.com/free
2.  设置nginx ssl证书
3.  设置验证
4.  proxy_pass 5000
5.  docker run -d -p 5000:5000 –name registry registry:2

docker registry可能比较low,我们还可以使用harbor是由VMware写的一款针对企业级的开源软件
下载链接:https://github.com/vmware/harbor
中文文档:http://vmware.github.io/harbor/index_cn.html

Harbor简介
  Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。

基于角色的访问控制 - 用户与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限。
镜像复制 - 镜像可以在多个Registry实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景。
图形化用户界面 - 用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间。
AD/LDAP 支持 - Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理。
审计管理 - 所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
国际化 - 已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言会添加进来。
RESTful API - RESTful API 提供给管理员对于Harbor更多的操控, 使得与其它管理软件集成变得更容易。
部署简单 - docker-compose和离线安装。

VMware 一共有3个开源项目
https://github.com/vmware/vic-product

admiral Docker web管理界面
https://github.com/vmware/admiral
但是adminiral和harbor虽然都是VMware的开源软件,但是admiral没有harbor好用

2.png-128.6kB

完!

     更多精彩请继续关注我们!
   weixin.gif-425.6kB


新闻联播老司机

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: