Docker use tutorial related series catalog

table of Contents

Overall analysis table

1、Docker Registry

2、VMware Harbor

3、Sonatype Nexus

4、SUSE Portus

Three, technical manager summary

Four, Nexus introduction

Five, pull the mirror

1. Find the mirror

2. Pull the image

Six, start the container

Start the container and report an error

solution:

Seven, access and configure nexus

One, the scene

Citizen Zhao Tiezhu works as a development engineer in Company A.

The technical manager asked Zhao Tiezhu to find a suitable Docker open source image warehouse for the company, and form an analysis report and submit it to the manager. Zhao Tiezhu finally selected four warehouses through consultations with his personal contacts and searching information on the Internet.

1、Docker Registry

2、VMware Harbor

3、Sonatype Nexus

4、SUSE Portus

2. Conclusion of the analysis report

Overall analysis table

Program characteristics	Docker Registry	VMware Harbor	Sonatype Nexus	SUSE Portus
System complexity	simple	complex	simple	general
Configuration difficulty	simple	complex	general	general
Web UI management interface	no	Have	Have	Have
Integration with external LDAP/AD	no	Have	Have	Have
Access control	weak	Strong	weak	Strong
Mirror copy	no	Support copying to another Harbor mirror library	Support proxy proxy to another mirror library	weak
Mirror scan	no	Clair can be integrated	no	Clair can be integrated

1、Docker Registry

Docker Registry is the most popular open source private mirror warehouse. It is published in mirror format. After downloading, run a Docker Registry container to start a private mirror warehouse service.

The points of Docker Registry are as follows:

The biggest advantage of Docker Registry is its simplicity. You only need to run a container to centrally manage a cluster-wide mirror, and other machines can download the mirror from the mirror warehouse.
In terms of security, Docker Registry supports TLS and signature-based authentication.
Docker Registry also provides Restful API to provide external system calls and manage the images in the image library

2、VMware Harbor

The VMware Harbor (Harbor for short) project is an open source container image warehouse system developed by the VMware China R&D team. It is based on Docker Registry and has many enhancements. The main features include:

Role-based access control
Mirror copy
Web UI management interface
Can integrate LDAP or AD user authentication system
Audit log
Provide RESTful API to provide external client calls
Mirror security vulnerability scanning (Integrated with Clair scene scanning tool since v1.2)

Compared with Docker Registry, Harbor provides better user management, role rights management, audit logs, and mirror replication functions between multiple Harbor mirror repositories, and can be used as a server for enterprise private mirror repositories. However, due to the many components of Harbor, the integration with the outside world is more complicated.

3、Sonatype Nexus

Sonatype Nexus is a software warehouse manager, mainly in two major versions 2.X and 3.X. 2.X version mainly supports warehouse software such as Maven, P2, OBR, Yum; 3.X version mainly supports warehouse software such as Docker, NuGet, npm, Bower, PyPI, Ruby Gems, Apt, Conam, R, CPAN, Raw, Helm, etc. , Also supports the build tool Maven.

The features of Sonatype Nexus are as follows:

Simple deployment, can be completed by starting a container
Support TLS security authentication
Provide Web UI management interface
Support Docker Proxy, which can proxy operations to the Nexus mirror repository to another remote mirror repository
Support Docker Group, which can combine multiple warehouses into one address to provide services
In addition to supporting Docker mirroring, it also supports the management of other software repositories, such as Yum, Npm, etc.

4、SUSE Portus

SUSE Portus is another open source mirror library, its features include:

Fine-grained access control based on group (Team) and namespace (Namespace)
Web UI management interface
Can integrate LDAP user authentication system, also supports OAuth
Audit log
Provide RESTful API for external clients to call
Image security vulnerability scanning (integrated Clair image scanning tool)

Three, technical manager summary

1. The company is already using Nexus as a private server for Maven, and Nexus 3 supports docker. By then, a set of private server warehouses can be used for multiple purposes.

2. Harbor is powerful, but with many components, the complexity of configuration and operation and maintenance is high, which increases the difficulty of operation and maintenance.

3. Docker Registry does not meet the needs of the company, and there is no graphical interface management; SUSE Portus has similar functions to Nexus, and ultimately the company chose Nexus3.

Four, Nexus introduction

The access speed of "Docker official mirror repository" is very slow. Sonatype Nexus allows to build our own mirror repository to facilitate the implementation of mirror pull and push.

Five, pull the mirror

1. Find the mirror

docker search nexus3

2. Pull the image

docker pull  docker.io/sonatype/nexus3

Six, start the container

Specify the data volume to prevent data loss in the container every time the container is started, and realize data sharing between the container and the virtual machine

指定虚拟机与容器共享的文件夹
mkdir /usr/local/docker/nexus/nexus-data

Need to modify folder permissions

chmod 777 /usr/local/docker/nexus/nexus-data

"8716903d1912" is the image ID of nexus

 docker run -p 8081:8081 --name nexus -v /usr/local/docker/nexus/nexus-data:/nexus-data 8716903d1912

Start the container and report an error

Error: No permission to create

mkdir: cannot create directory '../sonatype-work/nexus3/log': Permission denied
mkdir: cannot create directory '../sonatype-work/nexus3/tmp': Permission denied
OpenJDK 64-Bit Server VM warning: Cannot open file ../sonatype-work/nexus3/log/jvm.log due to No such file or directory

Warning:  Cannot open log file: ../sonatype-work/nexus3/log/jvm.log
Warning:  Forcing option -XX:LogFile=/tmp/jvm.log
java.io.FileNotFoundException: ../sonatype-work/nexus3/tmp/i4j_ZTDnGON8hezynsMX2ZCYAVDtQog=.lock (No such file or directory)
	at java.io.RandomAccessFile.open0(Native Method)
	at java.io.RandomAccessFile.open(RandomAccessFile.java:316)
	at java.io.RandomAccessFile.<init>(RandomAccessFile.java:243)
	at com.install4j.runtime.launcher.util.SingleInstance.check(SingleInstance.java:72)
	at com.install4j.runtime.launcher.util.SingleInstance.checkForCurrentLauncher(SingleInstance.java:31)
	at com.install4j.runtime.launcher.UnixLauncher.checkSingleInstance(UnixLauncher.java:88)
	at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:67)
java.io.FileNotFoundException: /nexus-data/karaf.pid (Permission denied)
	at java.io.FileOutputStream.open0(Native Method)
	at java.io.FileOutputStream.open(FileOutputStream.java:270)
	at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
	at java.io.FileOutputStream.<init>(FileOutputStream.java:101)
	at org.apache.karaf.main.InstanceHelper.writePid(InstanceHelper.java:127)
	at org.apache.karaf.main.Main.launch(Main.java:243)
	at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113)
	at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85)
	at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69)
java.lang.RuntimeException: /nexus-data/log/karaf.log (No such file or directory)
	at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:102)
	at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlersInternal(BootstrapLogManager.java:137)
	at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlers(BootstrapLogManager.java:70)
	at org.apache.karaf.main.util.BootstrapLogManager.configureLogger(BootstrapLogManager.java:75)
	at org.apache.karaf.main.Main.launch(Main.java:244)
	at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113)
	at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85)
	at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69)
Caused by: java.io.FileNotFoundException: /nexus-data/log/karaf.log (No such file or directory)
	at java.io.FileOutputStream.open0(Native Method)
	at java.io.FileOutputStream.open(FileOutputStream.java:270)
	at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
	at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.open(BootstrapLogManager.java:193)
	at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.<init>(BootstrapLogManager.java:182)
	at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:100)
	... 12 more
Error creating bundle cache.

solution:

Delete the container first

docker rm nexus

Run again to start a new command

Added "--privileged=true" to the original command

docker run -p 8081:8081 --privileged=true --name nexus -v /usr/local/docker/nexus/nexus-data:/nexus-data 8716903d1912

Note: --privileged , this parameter can set whether to give docker container privileges. If this parameter is true, the root permission in the docker container is the root permission of the host, not just the root permission in the container

Check whether the service is started normally