Docker use tutorial related series catalog
table of Contents
2. Conclusion of the analysis report
Three, technical manager summary
Start the container and report an error
Seven, access and configure nexus
One, the scene
Citizen Zhao Tiezhu works as a development engineer in Company A.
The technical manager asked Zhao Tiezhu to find a suitable Docker open source image warehouse for the company, and form an analysis report and submit it to the manager. Zhao Tiezhu finally selected four warehouses through consultations with his personal contacts and searching information on the Internet.
1、Docker Registry
2、VMware Harbor
3、Sonatype Nexus
4、SUSE Portus
2. Conclusion of the analysis report
Overall analysis table
Program characteristics |
Docker Registry |
VMware Harbor |
Sonatype Nexus |
SUSE Portus |
System complexity |
simple |
complex |
simple |
general |
Configuration difficulty |
simple |
complex |
general |
general |
Web UI management interface |
no |
Have |
Have |
Have |
Integration with external LDAP/AD |
no |
Have |
Have |
Have |
Access control |
weak |
Strong |
weak |
Strong |
Mirror copy |
no |
Support copying to another Harbor mirror library |
Support proxy proxy to another mirror library |
weak |
Mirror scan |
no |
Clair can be integrated |
no |
Clair can be integrated |
1、Docker Registry
Docker Registry is the most popular open source private mirror warehouse. It is published in mirror format. After downloading, run a Docker Registry container to start a private mirror warehouse service.
The points of Docker Registry are as follows:
- The biggest advantage of Docker Registry is its simplicity. You only need to run a container to centrally manage a cluster-wide mirror, and other machines can download the mirror from the mirror warehouse.
- In terms of security, Docker Registry supports TLS and signature-based authentication.
- Docker Registry also provides Restful API to provide external system calls and manage the images in the image library
2、VMware Harbor
The VMware Harbor (Harbor for short) project is an open source container image warehouse system developed by the VMware China R&D team. It is based on Docker Registry and has many enhancements. The main features include:
- Role-based access control
- Mirror copy
- Web UI management interface
- Can integrate LDAP or AD user authentication system
- Audit log
- Provide RESTful API to provide external client calls
- Mirror security vulnerability scanning (Integrated with Clair scene scanning tool since v1.2)
Compared with Docker Registry, Harbor provides better user management, role rights management, audit logs, and mirror replication functions between multiple Harbor mirror repositories, and can be used as a server for enterprise private mirror repositories. However, due to the many components of Harbor, the integration with the outside world is more complicated.
3、Sonatype Nexus
Sonatype Nexus is a software warehouse manager, mainly in two major versions 2.X and 3.X. 2.X version mainly supports warehouse software such as Maven, P2, OBR, Yum; 3.X version mainly supports warehouse software such as Docker, NuGet, npm, Bower, PyPI, Ruby Gems, Apt, Conam, R, CPAN, Raw, Helm, etc. , Also supports the build tool Maven.
The features of Sonatype Nexus are as follows:
- Simple deployment, can be completed by starting a container
- Support TLS security authentication
- Provide Web UI management interface
- Support Docker Proxy, which can proxy operations to the Nexus mirror repository to another remote mirror repository
- Support Docker Group, which can combine multiple warehouses into one address to provide services
- In addition to supporting Docker mirroring, it also supports the management of other software repositories, such as Yum, Npm, etc.
4、SUSE Portus
SUSE Portus is another open source mirror library, its features include:
- Fine-grained access control based on group (Team) and namespace (Namespace)
- Web UI management interface
- Can integrate LDAP user authentication system, also supports OAuth
- Audit log
- Provide RESTful API for external clients to call
- Image security vulnerability scanning (integrated Clair image scanning tool)
Three, technical manager summary
1. The company is already using Nexus as a private server for Maven, and Nexus 3 supports docker. By then, a set of private server warehouses can be used for multiple purposes.
2. Harbor is powerful, but with many components, the complexity of configuration and operation and maintenance is high, which increases the difficulty of operation and maintenance.
3. Docker Registry does not meet the needs of the company, and there is no graphical interface management; SUSE Portus has similar functions to Nexus, and ultimately the company chose Nexus3.
Four, Nexus introduction
The access speed of "Docker official mirror repository" is very slow. Sonatype Nexus allows to build our own mirror repository to facilitate the implementation of mirror pull and push.
Sonatype Nexus is a software warehouse manager, mainly in two major versions 2.X and 3.X. 2.X version mainly supports warehouse software such as Maven, P2, OBR, Yum; 3.X version mainly supports warehouse software such as Docker, NuGet, npm, Bower, PyPI, Ruby Gems, Apt, Conam, R, CPAN, Raw, Helm, etc. , Also supports the build tool Maven.
Five, pull the mirror
1. Find the mirror
docker search nexus3
2. Pull the image
docker pull docker.io/sonatype/nexus3
Six, start the container
Specify the data volume to prevent data loss in the container every time the container is started, and realize data sharing between the container and the virtual machine
指定虚拟机与容器共享的文件夹
mkdir /usr/local/docker/nexus/nexus-data
Need to modify folder permissions
chmod 777 /usr/local/docker/nexus/nexus-data
"8716903d1912" is the image ID of nexus
docker run -p 8081:8081 --name nexus -v /usr/local/docker/nexus/nexus-data:/nexus-data 8716903d1912
Start the container and report an error
Error: No permission to create
mkdir: cannot create directory '../sonatype-work/nexus3/log': Permission denied
mkdir: cannot create directory '../sonatype-work/nexus3/tmp': Permission denied
OpenJDK 64-Bit Server VM warning: Cannot open file ../sonatype-work/nexus3/log/jvm.log due to No such file or directory
Warning: Cannot open log file: ../sonatype-work/nexus3/log/jvm.log
Warning: Forcing option -XX:LogFile=/tmp/jvm.log
java.io.FileNotFoundException: ../sonatype-work/nexus3/tmp/i4j_ZTDnGON8hezynsMX2ZCYAVDtQog=.lock (No such file or directory)
at java.io.RandomAccessFile.open0(Native Method)
at java.io.RandomAccessFile.open(RandomAccessFile.java:316)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:243)
at com.install4j.runtime.launcher.util.SingleInstance.check(SingleInstance.java:72)
at com.install4j.runtime.launcher.util.SingleInstance.checkForCurrentLauncher(SingleInstance.java:31)
at com.install4j.runtime.launcher.UnixLauncher.checkSingleInstance(UnixLauncher.java:88)
at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:67)
java.io.FileNotFoundException: /nexus-data/karaf.pid (Permission denied)
at java.io.FileOutputStream.open0(Native Method)
at java.io.FileOutputStream.open(FileOutputStream.java:270)
at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
at java.io.FileOutputStream.<init>(FileOutputStream.java:101)
at org.apache.karaf.main.InstanceHelper.writePid(InstanceHelper.java:127)
at org.apache.karaf.main.Main.launch(Main.java:243)
at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113)
at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85)
at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69)
java.lang.RuntimeException: /nexus-data/log/karaf.log (No such file or directory)
at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:102)
at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlersInternal(BootstrapLogManager.java:137)
at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlers(BootstrapLogManager.java:70)
at org.apache.karaf.main.util.BootstrapLogManager.configureLogger(BootstrapLogManager.java:75)
at org.apache.karaf.main.Main.launch(Main.java:244)
at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113)
at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85)
at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69)
Caused by: java.io.FileNotFoundException: /nexus-data/log/karaf.log (No such file or directory)
at java.io.FileOutputStream.open0(Native Method)
at java.io.FileOutputStream.open(FileOutputStream.java:270)
at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.open(BootstrapLogManager.java:193)
at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.<init>(BootstrapLogManager.java:182)
at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:100)
... 12 more
Error creating bundle cache.
solution:
Delete the container first
docker rm nexus
Run again to start a new command
Added "--privileged=true" to the original command
docker run -p 8081:8081 --privileged=true --name nexus -v /usr/local/docker/nexus/nexus-data:/nexus-data 8716903d1912
Note: --privileged , this parameter can set whether to give docker container privileges. If this parameter is true, the root permission in the docker container is the root permission of the host, not just the root permission in the container
Check whether the service is started normally
docker ps
Seven, access and configure nexus
Open the browser and visit http://:8081/
Note: Sometimes the startup will be slower, so you have to wait for a while. . If you can’t wait, you can check the log
docker logs nexus
When this interface appears, it means that the startup is successful
The administrator login password is in the file beginning with admin in /usr/local/docker/nexus/nexus-data, just copy it and enter it
After entering the account password, enter the guide
Set a new password
Whether to allow anonymous access
The setup is complete, so we install the Docker private mirror warehouse Nexus on the server
To be continued. .
Reference: Introduction to several common open source mirror repositories
https://blog.csdn.net/Andriy_dangli/article/details/84381383