I am a little busy recently. I haven’t updated my article for more than a week.

In view of the previous Docker containerization technology – from the earth to the sky about the Docker warehouse related introduction is a little simple, this time I will start from the Docker warehouse.

Hydrology is not easy, and line and cherish.

Docker image repository

1 Docker Hub public repository

1.1 Registering a Docker account

Docker Hub is a public warehouse officially provided by Docker. We need to register a Docker account for use. The registered address is:

hub.docker.com

1.2 Client Login

All the operations in this article are in Linux environment.

The command

docker login
Copy the code

1.3 Push image to Docker Hub repository

Take a look at the mirror list:

[root@localhost ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
nginx        dev       ae2feff98a0c   3 days ago   133MB
nginx        latest    ae2feff98a0c   3 days ago   133MB
Copy the code

Push nginx:dev to repository

docker push nginx:dev
Copy the code

However, there are failures:

[root@localhost ~]# docker push nginx:dev
The push refers to repository [docker.io/library/nginx]
4eaf0ea085df: Preparing 
2c7498eef94a: Preparing 
7d2b207c2679: Preparing 
5c4e5adc71a8: Preparing 
87c8a1d8f54f: Preparing 
denied: requested access to the resource is denied
Copy the code

Requested access to the resource was denied!

This is because there is a format requirement for pushing an image to the official repository. It must be in the following format:

docker push username/image_name:tag
Copy the code

Therefore, we need to label the image according to the format:

docker tag nginx:latest xblzer/nginx:v1
Copy the code

Look again at the mirror image:

[root@localhost ~]# docker images
REPOSITORY     TAG       IMAGE ID       CREATED      SIZE
nginx          dev       ae2feff98a0c   3 days ago   133MB
nginx          latest    ae2feff98a0c   3 days ago   133MB
xblzer/nginx   v1        ae2feff98a0c   3 days ago   133MB
Copy the code

Then push it to the warehouse, and the command is as follows:

docker push xblzer/nginx:v1
Copy the code

Due to network constraints, it may need to wait for a period of time. If the push succeeds, the following message will be displayed:

A successful push returns a remote version with a hash value indicating that the push was successful.

Verify this on Docker Hub:

At this point, it can be pulled down from this address on another server.

This is very useful for our deployment projects, such as the images we upload to our repository on many servers directly docker pull, which can be used directly.

2 Docker Registry private image repository

In practice, it is very slow to push images to the public repository, and it even needs to be pushed several times to succeed, which is not conducive to the continuous integration and continuous deployment of the project. In general, we do not use the public repository.

In the actual production environment, private warehouses can be built for use, with the following benefits:

  • Private storage’s on the Intranet. It’s safer
  • Fast access (upload/download)
  • Convenient management
  • In addition to image management, you can also manage users
  • Management of login permissions

2.1 Working principle of Docker private Warehouse

Assuming that there is A Docker client A, the tomcat container running locally is committed and pushed to the private warehouse, client B can directly pull down from the private warehouse and run on its own client. The container environment of client A and client B is the same.

2.2 Build docker-Registry private warehouse

Get in the habit of hosting first

Prepare two VMS

Set up steps

Run on the Docker-Registry host:

1. docker search registry

2. docker pull registry

3. Run the container

docker run -d -v /registry:/home/docker-registry -p 5000:5000 --restart=always --privileged=true --name registry registry:latest
Copy the code

Tip: You can skip steps 1 and 2docker run.

View the container in action:

[root@docker-registry ~]# docker ps
CONTAINER ID   IMAGE             COMMAND                  CREATED         STATUS         PORTS                    NAMES
0e429bc1e3bf   registry:latest   "/ entrypoint. Sh/etc..."9 seconds ago Up 8 seconds 0.0.0.0:5000->5000/ TCP RegistryCopy the code

In the browser type http://192.168.242.218:5000/v2/, consisted of said the private library building success.

2.3 Upload/download through private warehouse

Operation on docker host (192.168.242.219).

According to the standard docker push format – must comply with the warehouse requirements of the registry_URL :port/image_name:tag, docker tag command to implement the image name, and then push to the warehouse.

1. Label the image

Docker tag nginx: latest 192.168.242.218:5000 / nginx: proCopy the code

2. Push to a private warehouse

Docker push 192.168.242.218:5000 / nginx: pro

/ root @ docker ~ # docker push 192.168.242.218:5000 / nginx: pro The push refers to The repository 192.168.242.218:5000 / nginx A Get HTTP: https://192.168.242.218:5000/v2/: server gave, the HTTP response to HTTPS clientCopy the code

The solution to this error is:

If aliyun accelerator has been configured, delete the /etc/dock/daemon. json file and run the following command:

sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "insecure-registries": ["192.168.242.218:5000"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
Copy the code

Docker push:

/ root @ docker ~ # docker push 192.168.242.218:5000 / nginx: pro The push refers to The repository 192.168.242.218:5000 / nginx 4eaf0ea085df: Pushed 2c7498eef94a: Pushed 7d2b207c2679: Pushed 5c4e5adc71a8: Pushed 87c8a1d8f54f: Pushed pro: digest: sha256:13e4551010728646aa7e1b1ac5313e04cf75d051fa441396832fcd6d600b5e71 size: 1362Copy the code

Success! Again through the browser type http://192.168.242.218:5000/v2/_catalog to check the warehouse list:

3. Pull the image from the private library

To delete the existing local 192.168.242.218:5000 / nginx: pro mirror:

Docker rmi 192.168.242.218:5000 / nginx: proCopy the code

Pull an nginx image from a private library:

Docker pull 192.168.242.218:5000 / nginx: proCopy the code

Verify that the pull succeeded.

3 Enterprise open source components Harbor

3.1 Harbor characteristics summary

Harbor is an enterprise-class Registry service for storing Docker images.

The development and operation of Docker container applications cannot be separated from reliable image management. Although Docker officially provides a public image warehouse, it is also necessary to deploy Registry in our private environment from the perspective of security and efficiency.

Harbor is an open source enterprise Docker Registry project managed by VMware, including rights management (RBAC), LDAP, log audit, management interface, self-registration, image replication and Chinese support, etc.

3.2 Environment Deployment

Internet speed is not good or do not want to download, can pay attention to my public number line hundred er reply docker download, as well as the original PDF and docker brain map.

1. Docker-compose needs to be installed

Offline installation, download address:

Dl.bintray.com/docker-comp…

Docker-comement-linux-x86_64: docker-comement-linux-x86_64:

mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
Copy the code
2. Install harbor offline

The offline installation package can be downloaded from the following website:

Github.com/goharbor/ha…

Download the latest version 2.1.2 directly here.

Place the file in an appropriate location (such as /usr/local) and unzip:

cd /usr/local&& tar XVF harbor - offline installer - v2.1.2. TGZCopy the code

Enter the harbor folder and execute prepare:

[root@harbor harbor]# ./prepare prepare base dir is set to /usr/local/harbor Unable to find image 'Goharbor /prepare: V2.1.2' locally v2.1.2: Pulling from goharbor/prepare D92F685b57aa: Pull complete FC55d5d4818d: Pull complete ea8c2aea8e20: Pull complete 3330770cd308: Pull complete c549bbd461f6: Pull complete df56c6333246: Pull complete ecedca2dfa64: Pull complete d3b48e96a07e: Pull complete Digest: sha256:d7959b235cbd0a357594d58c2341cb12788a388d7edacbad71095f3231cab4ca Status: Downloaded newer Image for goharbor/prepare: V2.1.2 ERROR:root:Please specify hostname ERROR happened in config validation...Copy the code

ERROR:root:Please specify hostname, modify the harbor.yml configuration file

Execute again:

[root@myharbor harbor]# ./prepare 
prepare base dir is set to /usr/local/harbor
ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
Copy the code

Continue to modify the configuration file and comment out HTTPS:

Then proceed with prepare:

After preparing, run the install script:

As shown above, check the Docker image and running container:

At this point, you can log into the Harbor Web UI and play.

The username is admin and the password can be found in the harbor.yml configuration file. The default is Harbor12345.

TIP: Possible problems

After the virtual shutdown, I found that the Harbor page could not be opened again. This problem has bothered me for a long time, and it is worth mentioning my solution process.

Docker-compose up-D: docker-compose up-D: docker-compose up-D: Docker-compose up-D: Docker-compose up-D

Then I verify that other ports on the host are accessible, so I use Docker to create a Tomcat container, port mapping 8081, browser access to it, found that the access is not available;

The problem is not on harbor, but on the network. When I start the Tomcat container, I get a message:

[root@myharbor harbor]# docker run -d -p 8081:8080 tomcat
WARNING: IPv4 forwarding is disabled. Networking will not work.
73d1c0463aa2694cfa34b997b41afb86eb2e50d908b3f2e2b9588dd65181735f
Copy the code

WARNING: IPv4 forwarding is disabled. Networking will not work.

This alerted me, and I suspected that it was the IP forwarding function. The final solution is as follows:

1. The IP forwarding function is disabled in Linux by default. Run the following command to check whether the IP forwarding function is enabled: cat /proc/sys/net/ipv4/ip_forward 2. If the value is 0, IP forwarding is disabled. If the value is 1, the IP forwarding function is enabled. To enable the IP forwarding function, run the echo 1 > /proc/sys/net/ipv4/ip_forward command. Sysctl -p /etc/sysctl.conf 4. Docker systemctl restart network && systemctl restart Docker 5. Docker-compose down 6. Start harbor Docker-compose up -DCopy the code

3.3 Docker image upload and download to Harbor private warehouse

This is similar to the operation of the Docker-Registry private repository:

  • Create a project in the Harbor admin page. This project is the address where the image will be stored, and the image name will also be used
  • Docker Tag IP: port/project name/image name :tag
  • Docker client configuration/etc/docker/daemon.jsonTo addinsecure-registriescontent
  • Docker login IP: port -u admin -p Harbor12345
  • docker push/pull

Let me take a Dev version of Tomcat image as an example.

Make an image on Docker client (192.168.242.217) and download Tomcat image from the official. The running container cannot access the Tomcat homepage normally, because there is no content in the internal Webapps directory of the running Tomcat container. Instead, I put it in the webapps.dist directory. Based on this container, I entered the container and copied the content of Webapps. dist to the Webapps directory. Then docker committed it into a new image, and finally submitted the new image to Harbor private warehouse.

The commands for creating an image and labeling the image are as follows:

[root@docker ~]# docker pull tomcat Using default tag: latest latest: Pulling from library/tomcat 6c33745f49b4: Pull complete ef072fc32a84: Pull complete c0afb8e68e0b: Pull complete d599c07d28e6: Pull complete e8a829023b97: Pull complete d04be46a31d1: Pull complete db6007c69c35: Pull complete e4ad4c894bce: Pull complete 248895fda357: Pull complete 277059b4cba2: Pull complete Digest: sha256:57dae7dfb9b62a413cde65334c8a18893795cac70afc3be589c8336d8244655d Status: Downloaded newer image for tomcat:latest docker.io/library/tomcat:latest [root@docker ~]# docker run -d -p 8001:8080 tomcat:latest 56d1f7ab0b2ee95c369ff26eef99908ba256a8c6d6ba8144bd3954525381383f [root@docker ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 56d1f7ab0b2e tomcat:latest "catalina.sh run" 4 seconds ago Up 3 seconds 0.0.0.0:8001->8080/ TCP reverent_lamport [root@docker ~]# docker exec it 56d1f7ab0b2e /bin/bash root@56d1f7ab0b2e:/usr/local/tomcat# cd webapps.dist/ root@56d1f7ab0b2e:/usr/local/tomcat/webapps.dist# cp -r * .. /webapps/ root@56d1f7ab0b2e:/usr/local/tomcat/webapps.dist# cd .. /webapps root@56d1f7ab0b2e:/usr/local/tomcat/webapps# ls ROOT docs examples host-manager manager root@56d1f7ab0b2e:/usr/local/tomcat/webapps# exit exit [root@docker ~]# docker commit 56d1f7ab0b2e 192.168.242.217 / xblzer/tomcat: dev sha256:1 e982d89a75763a93d902b71a76e2c43fd3d7e03a70fb0dbd3089712ca0dbaed [root @ docker ~] # docker images REPOSITORY TAG IMAGE ID CREATED the SIZE 192.168.242.217 xblzer/tomcat dev 1 e982d89a757 4 seconds a line 653MB tomcat latest feba8d001e3f 2 days ago 649MB xblzer/nginx v1 ae2feff98a0c 5 days ago 133MB nginx latest ae2feff98a0c 5 days ago 133MBCopy the code

PS: Tomcat here is an example for convenience. The actual production environment is usually its own application, such as SpringBoot application, Vue application, etc., constructed as a mirror and pushed to the warehouse.

The commands involved in the main push steps are listed below:

[root@docker ~]# vim /etc/docker/daemon.json [root@docker ~]# systemctl restart docker [root@docker ~]# systemctl Restart docker [root@docker ~]# docker login 192.168.242.217 -u admin -p Harbor12345 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker ~] # docker push 192.168.242.217 / xblzer/tomcat: dev The push refers to The repository 192.168.242.217 / xblzer/tomcat b64a3ca40e3a: Pushed ecec7e17c20b: Layer already exists 467d4d32e8da: Layer already exists d2329ec79afd: Layer already exists 998e4e1e3864: Layer already exists fb6f398853f5: Layer already exists e528f2c31deb: Layer already exists c5f4367d4a59: Layer already exists ceecb62b2fcc: Layer already exists 193bc1d68b80: Layer already exists f0e10b20de19: Layer already exists dev: digest: sha256:00d031e1dd37cdafbd1d8ae1334b71a2e8a8280d90895fd0266654fddd314eb4 size: 2632 / root @ docker ~ # docker pull 192.168.242.217 / xblzer/tomcat: dev dev: Pulling the from xblzer/tomcat Digest: sha256:00d031e1dd37cdafbd1d8ae1334b71a2e8a8280d90895fd0266654fddd314eb4 Status: Image is the up to date for 192.168.242.217 / xblzer/tomcat: dev 192.168.242.217 / xblzer/tomcat: devCopy the code

This time take a look at the warehouse:

Run the container:

Docker run - d - 8002 p: 8080 192.168.242.217 / xblzer/tomcat: devCopy the code

http://192.168.242.219:8002:

To complete.

The first public line 100 li ER, welcome the old iron attention reading correction. GitHub github.com/xblzer/Java…