Docker私有仓库

1. 普通的docker registry

2. 带认证的docker registry

3. 企业级的docker-harbor

3.1 部署思路

第一步:安装docker和docker-compose
第二步:下载harbor-offline-installer-v1.9.0-rc1.tgz
第三步:上传到/opt,并解压
第四步:修改harbor.yml配置文件 hostname = 10.0.0.11 harbor_admin_password = 123456
第五步:执行install.sh

3.2 安装私有仓库

1.下载软件包
cd /opt
wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-

installer-v1.9.3.tgz
上传包
tar xf harbor-offline-installer-v1.9.0-rc1.tgz

2.修改配置
vim harbor.yml 
hostname: 10.0.0.51
harbor_admin_password: 123456

3.下载docker-compose,编排工具
yum install docker-compose -y 

4.安装harbor
停止80端口执行
./install.sh

查看编排状态
cd /opt/harbor
docker-compose ps

登录:web 10.0.0.51 创建linux项目

5.修改镜像名称(镜像的ID)
docker tag ae21150e3af8 10.0.0.51/linux/my_kod:v2
docker images

6.修改docker配置添加信任仓库
cat >/etc/docker/daemon.json<<EOF 
{
  "registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
  "insecure-registries": ["http://10.0.0.51"] 
}
EOF

#重启docker
systemctl restart docker
docker-compose ps
docker-compose stop
docker-compose up -d

7.docker登录到harbor
docker login 10.0.0.51

8.上传镜像到私有仓库
docker push 10.0.0.51/linux/my_kod:v2

9.客户端使用仓库下载镜像
删除已有的:注意.先停容器,在删除容器,镜像 
docker pull 10.0.0.51/linux/my_kod:v2

3.3 其他主机上下载镜像

[root@docker02 ~]# cat /etc/docker/daemon.json 
{
      "registry-mirrors": ["http://hub-mirror.c.163.com"],
      "insecure-registries": ["http://10.0.1.11"],
      "insecure-registries": ["https://10.0.1.11"] 
}
[root@docker02 ~]# docker pull 10.0.1.11/linux/centos_kod:v1

4. 容器的基本架构图

5. 项目实战:制作kvm管理工具容器

前提:新起一个容器,容器内操作

1.初始化
rm -rf /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

2.安装python依赖
yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor gcc python-devel
python -m pip install --upgrade --force pip -i https://pypi.tuna.tsinghua.edu.cn/simple
pip install setuptools==33.1.1 -i https://pypi.tuna.tsinghua.edu.cn/simple
pip install numpy -i https://pypi.tuna.tsinghua.edu.cn/simple


3.安装python的Django环境
cd /opt/
git clone git://github.com/retspen/webvirtmgr.git
cd webvirtmgr
pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
[root@402aca4eaa81 webvirtmgr]# chmod +x manage.py 

./manage.py syncdb
./manage.py collectstatic

4.安装Nginx
cat>/etc/yum.repos.d/nginx.repo<<EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
yum makecache fast
yum install nginx -y
yum clean all 

5.配置Nginx和代码
mkdir /code
mv /opt/webvirtmgr /code/
chown -R nginx:nginx /code
rm -rf /etc/nginx/conf.d/default.conf
cat >/etc/nginx/conf.d/webvirtmgr.conf<<EOF
server {
    listen 80 default_server;

    server_name localhost;
    access_log /var/log/nginx/webvirtmgr_access_log; 

    location /static/ {
        root /code/webvirtmgr;        
        expires max;
    }
    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-for \$proxy_add_x_forwarded_for;
        proxy_set_header Host \$host:\$server_port;
        proxy_set_header X-Forwarded-Proto \$scheme;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M; 
    }
}
EOF
nginx -t
nginx
ss -lntup


6.配置Supervisor
cat >/etc/supervisord.d/webvirtmgr.ini<<EOF
[program:webvirtmgr]
command=/usr/bin/python /code/webvirtmgr/manage.py run_gunicorn -c /code/webvirtmgr/conf/gunicorn.conf.py
directory=/code/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python /code/webvirtmgr/console/webvirtmgr-console
directory=/code/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx

[program:nginx]
command=nginx -g 'daemon off;'
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/nginx.log
redirect_stderr=true
EOF
sed -i "s#nodaemon=false#nodaemon=true#g" /etc/supervisord.conf
supervisord -c /etc/supervisord.conf
supervisorctl status

7.创建用户
mkdir /var/cache/nginx/.ssh/ -p
chown -R nginx:nginx /var/cache/nginx/
su - nginx -s /bin/bash
ssh-keygen
touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
chmod 0600 ~/.ssh/config
ssh-copy-id root@10.0.0.12

8.提交新镜像
docker commit 402aca4eaa81 mykvm:v1

9.运行新容器,注意:其他端口有时会跳转,

docker run --name mykvm3 -p 80:80  -it -d  mykvm:v1 supervisord -c /etc/supervisord.conf

6. docker监控

1.docker自带的监控命令
docker container ps    :查看正在运行的容器
docker container top  +容器的id :知道某个容器运行了哪些进程
docker container stats +容器的id :显示每个容器各种资源使用情况 

2.cAdvisor+ prometheus+ grafana组件介绍
组件介绍: 在不同页面之间跳转,并且只能监控一个host,这不免让人质疑他的实用性,但cAdvisor有一个亮点是可以将监控到的数据导出给第三方工具,有这些工具进一步加工处理。
所以我们可以把cAdvisor定位为一个监控数据收集器,收集和导出数据是他的强项,而非展示数据。
cAdvisor支持很多第三方工具,其中就包含prometheus

#prometheus
Prometheus是一个非常优秀的监控工具。提供了监控数据搜集,存储,处理,可视化和告警一系列完整的解决方案。包含组件
Node Exporter :负责收集host硬件和操作系统数据,以容器的形式运行在所有host上
cAdvisor      :负责收集容器数据,以容器的形式运行在所有host上

#grafana
grafana是一款支持多种数据源的图形展示工具

3.部署
#地址规划:
10.0.0.51   cAdvisor+ Node Exporter +prometheus+ grafana
10.0.0.52   cAdvisor+ Node Exporter

#docker01的配置文件:
mkdir prometheus
cd prometheus
#上传压缩包
docker load < 压缩包
cat >docker-compose.yml<<EOF
version: '3.2'
services:
  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    ports:
    - 9090:9090
    command:
    - --config.file=/etc/prometheus/prometheus.yml
    volumes:
    - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
    depends_on:
    - cadvisor

  node-exporter:
    image: prom/node-exporter:latest
    container_name: node_exporter
    ports:
    - 9100:9100

  cadvisor:
    image: google/cadvisor:latest
    container_name: cadvisor
    ports:
    - 8080:8080
    volumes:
    - /:/rootfs:ro
    - /var/run:/var/run:rw
    - /sys:/sys:ro
    - /var/lib/docker/:/var/lib/docker:ro

  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    ports:
    - 3000:3000
EOF

#prometheus配置文件
cat >prometheus.yml <<EOF
scrape_configs:
- job_name: cadvisor
  scrape_interval: 5s
  static_configs:
  - targets:
    - 10.0.0.51:8080
    - 10.0.0.52:8080

- job_name: prometheus
  scrape_interval: 5s
  static_configs:
  - targets: 
    - 10.0.0.51:9090

- job_name: node_exporter
  scrape_interval: 5s
  static_configs:
  - targets: 
    - 10.0.0.51:9100
    - 10.0.0.52:9100
EOF

#docker02配置文件:
cat >docker-compose.yml<<EOF
version: '3.2'
services:
  node-exporter:
    image: prom/node-exporter:latest
    container_name: node_exporter
    ports:
    - 9100:9100

  cadvisor:
    image: google/cadvisor:latest
    container_name: cadvisor
    ports:
    - 8080:8080
    volumes:
    - /:/rootfs:ro
    - /var/run:/var/run:rw
    - /sys:/sys:ro
    - /var/lib/docker/:/var/lib/docker:ro
EOF

4.运行
ntpdate time1.aliyun.com
docker-compose up -d

5.检查
http://10.0.0.51:8080/metrics
http://10.0.0.51:9100/metrics
http://10.0.0.51:9090
http://10.0.0.51:3000

登录:10.0.0.51:3000

账号:admin 密码;admin

配置源地址

下载



posted on 2020-03-22 19:24  gong^_^  阅读(461)  评论(0编辑  收藏  举报