Docker build private warehouse (registry and Harbor)

As more and more docker use mirroring, you need to have a local mirror of preservation, this is the warehouse. The commonly used two warehouses: public warehouses and private warehouses. The most convenient is to use a public warehouse upload and download, download public warehouse image does not require registration, but uploading is need to register.

The most common is the registry, Harbor two kinds of private warehouse, then the next detail how to create a private warehouse.

First, build a registry of private warehouse

1) Case description

Two docker servers, dockerA create a registry of private warehouses, dockerB for testing!

2) Case examples

Operation (1) DockerA server

[root@dockerA ~]# docker pull registry:2              //下载registry:2的镜像
[root@dockerA ~]# docker run -itd --name registry --restart=always  -p 5000:5000 -v /registry:/var/lib/registry registry:2
//创建一个registry容器来运行registry服务；
//-p：端口映射（前面是宿主机端口：后面是容器暴露的端口）；
//-v：挂载目录（前面是宿主机的目录：后面的是容器的目录）自动创建宿主机的目录；
//--restart=always：随docker服务的启动而启动！
[root@dockerA ~]# docker ps                   //确保容器是运行状态
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
f98bf93f100e        registry:2          "/entrypoint.sh /etc…"   3 minutes ago       Up 3 minutes        0.0.0.0:5000->5000/tcp   registry
[root@dockerA ~]# netstat -anpt | grep 5000         //确保5000端口正在被监听
tcp6       0      0 :::5000                 :::*                    LISTEN      2370/docker-proxy   
[root@dockerA ~]# docker tag centos:7 192.168.1.1:5000/centos:7
//更改镜像名称，以便符合私有仓库名称规范
注：私有仓库镜像的命名规则：192.168.20.7:5000/XXX（宿主机的IP:5000端口/镜像名称）
[root@dockerA ~]# vim /usr/lib/systemd/system/docker.service 
//编写docker服务的主配置文件
 13 ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.1:5000
//修改原本的配置文件添加不安全的仓库（--insecure-registry），地址是宿主机的IP地址与5000端口
[root@dockerA ~]# systemctl daemon-reload 
[root@dockerA ~]# systemctl restart docker             //重新启动docker服务
[root@dockerA ~]# docker push  192.168.1.1:5000/centos:7
//将重命名后的镜像上传到registry私有仓库
[root@dockerA ~]# curl 192.168.1.1:5000/v2/_catalog             //查看私有仓库中的镜像
{"repositories":["centos"]}
[root@dockerA ~]# curl 192.168.1.1:5000/v2/centos/tags/list         //查看镜像的详细信息
{"name":"centos","tags":["7"]}

Operation (2) DockerB server

[root@dockerB ~]# vim /usr/lib/systemd/system/docker.service 
//修改docker的主配置文件
 13 ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.1:5000
//添加内容与registry一致，指定registry私有仓库服务器的IP地址及端口
[root@dockerB ~]# systemctl daemon-reload 
[root@dockerB ~]# systemctl restart docker            //重新启动docker服务
[root@dockerB ~]# curl 192.168.1.1:5000/v2/_catalog         //查看私有仓库中的镜像
{"repositories":["centos"]}
[root@dockerB ~]# curl 192.168.1.1:5000/v2/centos/tags/list     //查看私有仓库中的镜像
{"name":"centos","tags":["7"]}
[root@dockerB ~]# docker pull 192.168.1.1:5000/centos:7
//下载私有仓库中的镜像
[root@dockerB ~]# docker images            //确认镜像已经下载到本地
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
192.168.1.1:5000/centos   7                   5e35e350aded        5 weeks ago         203MB

So far, registry private warehouse has been set up to complete!

Second, build a private warehouse Harbor

Harbor private warehouses and private warehouses Registry compared to many powerful features, and support for web graphics management, so very popular in the enterprise!

1) Case description

Two docker servers, dockerA Harbor create a private warehouse, dockerB for testing!

2) Case examples

(1) Download docker-compose tool

First, the github official website , as shown:




DockerA operation of the server

[root@dockerA ~]# yum -y install yum-utils device-mapper-persistent-data lvm2
//下载docker-compose工具所需的依赖（部署docker环境时，就可以安装了）
[root@dockerA ~]# curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
//下载docker-compose工具
[root@dockerA ~]#  chmod +x /usr/local/bin/docker-compose
[root@dockerA ~]# docker-compose -v           
docker-compose version 1.25.0, build 0a186604
//查看docker-compose工具版本信息，确保已经安装成功

(2) Configuration Harbor

Github is also on the official website of the search, you can find the version here is not to do a screenshot! Https://github.com/goharbor/harbor/releases URL is
shown:

The same also operate on dockerA server

[root@dockerA ~]# wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.1.tgz
//下载harbor软件包
[root@dockerA ~]# tar zxf harbor-offline-installer-v1.9.1.tgz -C /usr/local
[root@dockerA ~]# cd /usr/local/harbor/
[root@dockerA harbor]# vim harbor.yml 
//编写其配置文件，其他版本默认是cfg结尾的，这个版本是yml结尾的，文件内容都一样的
hostname: 192.168.1.1                 //更改其为本机的IP地址
harbor_admin_password: Harbor12345        
//这一行原本就是存在，不需要自行填写，只需记得它的用户名和密码即可，有需要可以自行进行修改
[root@dockerA harbor]# ./install.sh               //执行安装脚本
[root@dockerA harbor]# vim /usr/lib/systemd/system/docker.service 
//编写docker主配置文件
 13 ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.1
//跟registry差不多，主要harbor配置文件中没有填写端口号，这里也可添加，否则可能会出现错误
[root@dockerA harbor]# systemctl daemon-reload 
[root@dockerA harbor]# systemctl restart docker           //重新启动docker服务
[root@dockerA harbor]# pwd
/usr/local/harbor                         //注意目录，必须在这个目录下
[root@dockerA harbor]# docker-compose start
//使用docker-compose工具启动所有容器（因为在重新启动docker时，所有的容器都已经关闭了）
[root@dockerA harbor]# netstat -anpt | grep 80              //确认80端口在监听
tcp        0      0 172.18.0.1:33780        172.18.0.5:10514        ESTABLISHED 70076/docker-proxy  
tcp6       0      0 :::80                   :::*                    LISTEN      72870/docker-proxy  

Client Access web page:

(3) Upload image

After the completion of the warehouse building, then upload the image on dockerA (harbor) server!

[root@dockerA ~]# docker login -u admin -p Harbor12345 192.168.1.1
//指定用户名、密码及harbor服务器地址登录
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded        //登录成功
[root@dockerA ~]# docker tag centos:7 192.168.1.1/test/centos:7
//需要更改镜像名称，test是刚才创建的仓库名称
[root@dockerA ~]# docker push 192.168.1.1/test/centos:7
//向harbor服务器的test仓库上传镜像

After uploading, as shown:

(4) a test image on the download server dockerB

[root@dockerB ~]# vim /usr/lib/systemd/system/docker.service 
//编写docker的主配置文件
 13 ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.1
//指定harbor服务器的IP地址
[root@dockerB ~]# systemctl daemon-reload 
[root@dockerB ~]# systemctl restart docker       //重新启动docker服务
[root@dockerB ~]#  docker login -u admin -p Harbor12345 192.168.1.1
//登录到harbor服务器
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded                   //登录成功
[root@dockerB ~]# docker pull 192.168.1.1/test/centos:7
//下载镜像进行测试
[root@dockerB ~]# docker images            //确保镜像已经下载完成
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
192.168.1.1/test/centos   7                   5e35e350aded        5 weeks ago         203MB

---------- article. Thank reading ----------