部署Docker私有仓库
Docker私有仓库
一、Registry私有仓库搭建
1.启动一个Rgistry容器并设置为自启动
[root@ETP-S ~]# docker run -d -p 5000:5000 --restart=always --name="registry" -v /opt/registry:/var/lib/registry registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
0a6724ff3fcd: Pull complete
d550a247d74f: Pull complete
1a938458ca36: Pull complete
acd758c36fc9: Pull complete
9af6d68b484a: Pull complete
Digest: sha256:d5459fcb27aecc752520df4b492b08358a1912fcdfa454f7d2101d4b09991daa
Status: Downloaded newer image for registry:latest
d8491bf87f45a251c5dd9eca1ee21c4a067d02bf6950e68322c2c88ff49ce63d
2.查看是否正常启动,宿主机是否将5000端口映射
[root@ETP-S ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d8491bf87f45 registry "/entrypoint.sh /etc…" 8 minutes ago Up 8 minutes 0.0.0.0:5000->5000/tcp registry
dbb3d1c4560d tomcat:8.5 "catalina.sh run" 17 hours ago Up 17 hours 0.0.0.0:8081->8080/tcp tomcat
[root@ETP-S ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 989/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1076/master
tcp6 0 0 :::5000 :::* LISTEN 18905/docker-proxy
tcp6 0 0 :::8081 :::* LISTEN 16354/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 989/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1076/master
3.配置文件编辑并重新启动Docker服务
vim /etc/docker/daemon.json
{
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"insecure-registries": ["http://192.168.150.180:5000"]
}
systemctl restart docker.service
4.重启Docker后,查看Registry容器是否为自启动
[root@ETP-S ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d8491bf87f45 registry "/entrypoint.sh /etc…" 28 minutes ago Up 3 seconds 0.0.0.0:5000->5000/tcp registry
5.将Nginx镜像推送至Registry私有仓库
5.1 查看已存在镜像
[root@ETP-S ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 678dfa38fcfa 13 hours ago 26.2MB
mysql 5.7 697daaecf703 6 days ago 448MB
mysql 5.7 697daaecf703 6 days ago 448MB
nginx latest 7baf28ea91eb 6 days ago 133MB
zabbix/zabbix-web-nginx-mysql latest 116855eaede2 2 weeks ago 164MB
zabbix/zabbix-server-mysql centos-latest 72316d953ca6 2 weeks ago 348MB
zabbix/zabbix-server-mysql latest 8ca9fbc31571 2 weeks ago 67.7MB
zabbix/zabbix-java-gateway latest 0c947c0abbd8 2 weeks ago 81.7MB
centos 7 8652b9f0cb4c 4 weeks ago 204MB
daocloud.io/library/tomcat 8.5.15-jre8 b8dfe9ade316 3 years ago 334MB
tomcat 8.5 b8dfe9ade316 3 years ago 334MB
5.2 将Nginx镜像打标签
[root@ETP-S ~]# docker tag nginx:latest 192.168.150.180:5000/gm/nginx:v1
#查看是否打标签成功
[root@ETP-S ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 678dfa38fcfa 13 hours ago 26.2MB
mysql 5.7 697daaecf703 6 days ago 448MB
mysql 5.7 697daaecf703 6 days ago 448MB
192.168.150.180:5000/gm/nginx v1 7baf28ea91eb 6 days ago 133MB
nginx latest 7baf28ea91eb 6 days ago 133MB
zabbix/zabbix-web-nginx-mysql latest 116855eaede2 2 weeks ago 164MB
zabbix/zabbix-server-mysql centos-latest 72316d953ca6 2 weeks ago 348MB
zabbix/zabbix-server-mysql latest 8ca9fbc31571 2 weeks ago 67.7MB
zabbix/zabbix-java-gateway latest 0c947c0abbd8 2 weeks ago 81.7MB
centos 7 8652b9f0cb4c 4 weeks ago 204MB
tomcat 8.5 b8dfe9ade316 3 years ago 334MB
daocloud.io/library/tomcat 8.5.15-jre8 b8dfe9ade316 3 years ago 334MB
5.3 将打标签的Nginx镜像上传至Registry私有仓库
打标签镜像上传至Registry仓库格式
docker push 仓库IP:端口号/项目名称/打标签镜像:版本
[root@ETP-S ~]# docker push 192.168.150.180:5000/gm/nginx:v1
The push refers to repository [192.168.150.180:5000/gm/nginx]
ea6033164031: Pushed
997bdb5b26cc: Pushed
f3ee98cb305c: Pushed
2111bafa5ce4: Pushed
87c8a1d8f54f: Pushed
v1: digest: sha256:e0f65235cc7bca84baf18bb5146faa7413225bfd1013b7c72f0b85b153deccb6 size: 1362
6.使用其他虚拟机测试拉取私有仓库内的镜像
6.1 目标虚拟机配置文件配置
vim /etc/docker/daemon.json
{
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"insecure-registries": ["http://192.168.150.180:5000"]
}
6.2 拉取192.168.150.180宿主机提交的镜像
docker pull 192.168.150.180:5000/gm/nginx:v1
v1: Pulling from gm/nginx
6ec7b7d162b2: Pull complete
bbce32568f49: Pull complete
5928664fb2b3: Pull complete
a85e904c7548: Pull complete
ac39958ca6b1: Pull complete
Digest: sha256:e0f65235cc7bca84baf18bb5146faa7413225bfd1013b7c72f0b85b153deccb6
Status: Downloaded newer image for 192.168.150.180:5000/gm/nginx:v1
192.168.150.180:5000/gm/nginx:v1
6.3 查看拉取的镜像
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.150.180:5000/gm/nginx v1 7baf28ea91eb 7 days ago 133MB
二、密码验证私有仓库搭建
1. 安装依赖包
yum -y install httpd-tools
2. 创建密码文件夹及密码文件
mkdir -p /opt/registry-auth/
cd /opt/registry-auth/
htpasswd -Bbn gm 123456 > /opt/registry-auth/htpasswd
cat htpasswd
gm:$2y$05$ldgOofKNrCXPxutEZSOpQOe2gBQJwa1kSfQNdY24zLkI7.Ni3LFfO
3. 创建私有仓库
docker run -d -p 5000:5000 -v /opt/registry-auth/:/auth/ -v /opt/registry:/var/lib/registry --name="registry-auth" -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
6f9b43fd0cb448d31c94f4e6fdda400c1b7843c7cc67f31e7d448a6f073e3dc1
4. 上传镜像至私有仓库测试
未认证无法上传镜像至私有仓库内
docker push 192.168.150.180:5000/gm/nginx:v1
The push refers to repository [192.168.150.180:5000/gm/nginx]
ea6033164031: Preparing
997bdb5b26cc: Preparing
f3ee98cb305c: Preparing
2111bafa5ce4: Preparing
87c8a1d8f54f: Preparing
no basic auth credentials
登陆私有仓库
docker login 192.168.150.180:5000
Username: gm
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
上传镜像
docker tag centos:7 192.168.150.180:5000/gm/centos7:v1
docker push 192.168.150.180:5000/gm/centos7:v1
The push refers to repository [192.168.150.180:5000/gm/centos7]
174f56854903: Pushed
v1: digest: sha256:e4ca2ed0202e76be184e75fb26d14bf974193579039d5573fb2348664deef76e size: 529
5. 使用其他虚拟机拉取私有仓库镜像
未登录私有仓库拉取
docker pull 192.168.150.180:5000/gm/centos7:v1
Error response from daemon: Head http://192.168.150.180:5000/v2/gm/centos7/manifests/v1: no basic auth credentials
登陆私有仓库拉取镜像
[root@DogMan ~]# docker login 192.168.150.180:5000
Username: gm
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@DogMan ~]# docker pull 192.168.150.180:5000/gm/centos7:v1
v1: Pulling from gm/centos7
2d473b07cdd5: Pull complete
Digest: sha256:e4ca2ed0202e76be184e75fb26d14bf974193579039d5573fb2348664deef76e
Status: Downloaded newer image for 192.168.150.180:5000/gm/centos7:v1
192.168.150.180:5000/gm/centos7:v1
三、Docker-harbor私有仓库
1.下载安装软件包
cd /opt
wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-installer-v1.9.3.tgz
tar xf harbor-offline-installer-v1.9.3.tgz
2.修改配置文件
cd harbor/
vim harbor.yml
hostname: 192.168.150.180
harbor_admin_password: 123456
3.安装docker-compose
yum -y install docker-compose
4. 安装harbor
cd /opt/harbor && sh install.sh
[Step 0]: checking installation environment ...
Note: docker version: 20.10.1
Note: docker-compose version: 1.24.1
[Step 1]: loading Harbor images ...
47a4bb1cfbc7: Loading layer [==================================================>] 34.26MB/34.26MB
f93c083be5bc: Loading layer [==================================================>] 9.009MB/9.009MB
bf1b03029526: Loading layer [==================================================>] 44.41MB/44.41MB
3395eb0db37a: Loading layer [==================================================>] 2.048kB/2.048kB
630606b67737: Loading layer [==================================================>] 3.072kB/3.072kB
b59ccb3639e4: Loading layer [==================================================>] 44.41MB/44.41MB
Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.9.3
0801a4e2ebe9: Loading layer [==================================================>] 2.56kB/2.56kB
e2b8ec162f1b: Loading layer [==================================================>] 1.536kB/1.536kB
b68f30fd6125: Loading layer [==================================================>] 73.35MB/73.35MB
fbe2002fa9e6: Loading layer [==================================================>] 42.63MB/42.63MB
105f3dfa58eb: Loading layer [==================================================>] 156.7kB/156.7kB
2395dbeaea9f: Loading layer [==================================================>] 3.006MB/3.006MB
Loaded image: goharbor/prepare:v1.9.3
e80aab7b0662: Loading layer [==================================================>] 63.49MB/63.49MB
f8b3d119e8a9: Loading layer [==================================================>] 54.42MB/54.42MB
5f496dd4633b: Loading layer [==================================================>] 5.632kB/5.632kB
9a2858fea72d: Loading layer [==================================================>] 2.048kB/2.048kB
b7501a88cd95: Loading layer [==================================================>] 2.56kB/2.56kB
c82e3969a2e2: Loading layer [==================================================>] 2.56kB/2.56kB
7cac869555ad: Loading layer [==================================================>] 2.56kB/2.56kB
cca577be763d: Loading layer [==================================================>] 10.24kB/10.24kB
Loaded image: goharbor/harbor-db:v1.9.3
9a508de7d2b7: Loading layer [==================================================>] 9.005MB/9.005MB
508382d944be: Loading layer [==================================================>] 3.072kB/3.072kB
6e9e3cb5d33e: Loading layer [==================================================>] 2.56kB/2.56kB
73ddaf5bf2d0: Loading layer [==================================================>] 21.76MB/21.76MB
9a276490655f: Loading layer [==================================================>] 21.76MB/21.76MB
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.9.3
4a0251807cc9: Loading layer [==================================================>] 9.004MB/9.004MB
897af7ff7b63: Loading layer [==================================================>] 6.239MB/6.239MB
3f4123d93010: Loading layer [==================================================>] 14.9MB/14.9MB
4e0bdb09cba5: Loading layer [==================================================>] 29.21MB/29.21MB
29c5283b24ee: Loading layer [==================================================>] 22.02kB/22.02kB
6f09075fda1a: Loading layer [==================================================>] 50.34MB/50.34MB
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.9.3
756ffb58fa91: Loading layer [==================================================>] 7.037MB/7.037MB
733009a88a23: Loading layer [==================================================>] 196.6kB/196.6kB
5cc05e9a6a60: Loading layer [==================================================>] 172kB/172kB
eabe1b3a567b: Loading layer [==================================================>] 15.36kB/15.36kB
dd83cfe76436: Loading layer [==================================================>] 3.584kB/3.584kB
28bde9e732c9: Loading layer [==================================================>] 10.84MB/10.84MB
Loaded image: goharbor/harbor-portal:v1.9.3
0eb10921ee80: Loading layer [==================================================>] 78.25MB/78.25MB
74a7ce2b0571: Loading layer [==================================================>] 3.072kB/3.072kB
7d193a1c54ab: Loading layer [==================================================>] 59.9kB/59.9kB
d45413cea5ea: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v1.9.3
7c53cafac35a: Loading layer [==================================================>] 337.9MB/337.9MB
c6bad7449208: Loading layer [==================================================>] 119.8kB/119.8kB
Loaded image: goharbor/harbor-migrator:v1.9.3
4bb3c8da2619: Loading layer [==================================================>] 50.3MB/50.3MB
fa60bb5fba7f: Loading layer [==================================================>] 3.584kB/3.584kB
12a81f321c68: Loading layer [==================================================>] 3.072kB/3.072kB
a94dcd551900: Loading layer [==================================================>] 2.56kB/2.56kB
c684117da188: Loading layer [==================================================>] 3.072kB/3.072kB
f14e11ea2c25: Loading layer [==================================================>] 3.584kB/3.584kB
2e2e439cb618: Loading layer [==================================================>] 12.29kB/12.29kB
Loaded image: goharbor/harbor-log:v1.9.3
99ce145e19e6: Loading layer [==================================================>] 10.84MB/10.84MB
Loaded image: goharbor/nginx-photon:v1.9.3
da7ad744c6fd: Loading layer [==================================================>] 16.4MB/16.4MB
a03cee9d5ed3: Loading layer [==================================================>] 29.21MB/29.21MB
f5f37ba098b1: Loading layer [==================================================>] 22.02kB/22.02kB
c6e237d0effb: Loading layer [==================================================>] 51.85MB/51.85MB
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.9.3
01d39dbfbd65: Loading layer [==================================================>] 115.7MB/115.7MB
6d1186763503: Loading layer [==================================================>] 12.31MB/12.31MB
293c8dc3d8c6: Loading layer [==================================================>] 2.048kB/2.048kB
d0ffe0bb8b6b: Loading layer [==================================================>] 48.13kB/48.13kB
c9f0ab7d8bbb: Loading layer [==================================================>] 3.072kB/3.072kB
75c4044a879b: Loading layer [==================================================>] 12.36MB/12.36MB
Loaded image: goharbor/clair-photon:v2.1.0-v1.9.3
b2329d5f99cf: Loading layer [==================================================>] 12.77MB/12.77MB
17c27eb4f7f8: Loading layer [==================================================>] 55.4MB/55.4MB
3c10f4815fc0: Loading layer [==================================================>] 5.632kB/5.632kB
5fb810768754: Loading layer [==================================================>] 36.35kB/36.35kB
376871497fae: Loading layer [==================================================>] 55.4MB/55.4MB
Loaded image: goharbor/harbor-core:v1.9.3
2c38bb39e841: Loading layer [==================================================>] 12.77MB/12.77MB
20ef2473aa7f: Loading layer [==================================================>] 48.13MB/48.13MB
Loaded image: goharbor/harbor-jobservice:v1.9.3
bc526ee3d965: Loading layer [==================================================>] 9.005MB/9.005MB
d880cff24505: Loading layer [==================================================>] 3.072kB/3.072kB
adc7407dd64d: Loading layer [==================================================>] 21.76MB/21.76MB
aa1f551082be: Loading layer [==================================================>] 3.072kB/3.072kB
97bd8288c3d1: Loading layer [==================================================>] 8.661MB/8.661MB
f184a9da0594: Loading layer [==================================================>] 30.42MB/30.42MB
Loaded image: goharbor/harbor-registryctl:v1.9.3
[Step 2]: preparing environment ...
prepare base dir is set to /opt/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating redis ... done
Creating harbor-db ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.150.180.
For more details, please visit https://github.com/goharbor/harbor .
5.修改上传镜像名称
docker tag ae2feff98a0c 192.168.150.180/linux/nginx:v1
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest ae2feff98a0c 5 days ago 133MB
192.168.150.180/linux/nginx v1 ae2feff98a0c 5 days ago 133MB
6.修改docker配置添加信任仓库
cat >/etc/docker/daemon.json<<EOF
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"insecure-registries": ["http://192.168.150.180"]
}
EOF
7.登陆harbor
docker login 192.168.150.180
Username: admin ### 默认用户admin
Password: ###123456
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
8.上传镜像至仓库
docker push 192.168.150.180/linux/nginx:v1
The push refers to repository [192.168.150.180/linux/nginx]
4eaf0ea085df: Pushed
2c7498eef94a: Pushed
7d2b207c2679: Pushed
5c4e5adc71a8: Pushed
87c8a1d8f54f: Pushed
v1: digest: sha256:13e4551010728646aa7e1b1ac5313e04cf75d051fa441396832fcd6d600b5e71 size: 1362
9.登陆WEB查看
10.测试拉取镜像
这里我们使用另外一台服务器进行镜像拉取
[root@DogMan /usr/local/bin]# docker pull 192.168.150.180/linux/nginx:v1
Error response from daemon: Get https://192.168.150.180/v2/: dial tcp 192.168.150.180:443: connect: connection refused
出现权限拒绝,我们尝试登陆私有仓库进行拉取
[root@DogMan /usr/local/bin]# docker login 192.168.150.180
Username: admin
Password: ###123456
Error response from daemon: Get https://192.168.150.180/v2/: dial tcp 192.168.150.180:443: connect: connection refused
出现登陆验证失败,说明我们的验证配置文件同私有仓库服务器不一致导致,解决办法:将私有仓库服务器验证配置文件复制一份给目标服务器即可(切记:修改配置文件后,要重启docker服务)
cat >/etc/docker/daemon.json<<EOF
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"insecure-registries": ["http://192.168.150.180"]
}
EOF
systemctl restart docker.service
再次登陆私有仓库拉取镜像测试
[root@DogMan /usr/local/bin]# docker login 192.168.150.180
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded ###出现Login Succeeded表示登陆成功
#拉取镜像
[root@DogMan /usr/local/bin]# docker run -p 80:80 -d 192.168.150.180/linux/nginx:v1
Unable to find image '192.168.150.180/linux/nginx:v1' locally
v1: Pulling from linux/nginx
6ec7b7d162b2: Already exists
cb420a90068e: Pull complete
2766c0bf2b07: Pull complete
e05167b6a99d: Pull complete
70ac9d795e79: Pull complete
Digest: sha256:13e4551010728646aa7e1b1ac5313e04cf75d051fa441396832fcd6d600b5e71
Status: Downloaded newer image for 192.168.150.180/linux/nginx:v1
68c2a02dffc0eff283f66780e2d429b63baf0bb19ae3aa8fb5a65d5592876703
#查看拉取的镜像
[root@DogMan /usr/local/bin]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.150.180/linux/nginx v1 ae2feff98a0c 6 days ago 133MB
至此,私有镜像仓库部署完毕
