Day05-docker-compose与私有仓库
- 3.4 Docker Compose
- 1)compose极速上手指南
- 案例28-初步上手docker-compose
- 2)compose文件的常用指令
- 3)案例29-docker-compose部署kodexp
- 5)小结
- 3.5 docker镜像仓库之registry仓库
- 1)仓库选型与概述
- 2)环境规划
- 3)极速上手指南
- 4)小结
- 3.6 docker企业级镜像仓库-harbor仓库
- 1)环境准备
- 2)浏览器访问
- 3)仓库使用指南
- 4)用户管理
- 5)harbor高可用
- 6)小结
- docker尾巴
3.4 Docker Compose
-
docker镜像可以通过Dockerfile一键创建.
-
目前问题:docker容器的管理(启动,关闭,重启),需要手动执行,如何管理多个容器
-
单机容器编排工具
- docker compose
-
容器集群管理
- ansible+docker compose+dockerfile
- docker swarm实现集群管理.
- mesos
- 未来我们通过k8s kubernetes(船舵)实现集群管理.
-
了解:docker三剑客之一:docker machine(管理虚拟机),docker compose(容器编排),docker swarm(集群)
-
docker compose需要单独安装(epel源中就有),语法yaml格式.
1)compose极速上手指南
yum install -y docker-compose
环境准备
mkdir -p /server/compose/01-run-nginx
docker-compose -v
docker-compose version 1.18.0, build 8dd22a9
- 书写docker-compose
案例28-初步上手docker-compose
- docker-compose默认文件名:docker-compose.yaml或docker-compose.yml
[root@docker01.oldboylinux.cn /app/docker/compose/01-ngx]# cat docker-compose.yml
version: "3.3"
services:
nginx_compose:
image: "nginx:1.22.1-alpine"
ports:
- "18848:80"
[root@docker01 01-ngx]# docker-compose up -d
Creating network "01ngx_default" with the default driver
Pulling nginx_compose (nginx:1.22.1-alpine)...
1.22.1-alpine: Pulling from library/nginx
f56be85fc22e: Pull complete
902afa68ca51: Pull complete
b0a3a88d1edf: Pull complete
51509a9feac5: Pull complete
2dcba36d07e0: Pull complete
0665eda1eb4f: Pull complete
034c69766aa3: Pull complete
Digest: sha256:8745c93f1a1c33a8ec8c82707b9bb1c8fe9ebf2b5d82e9480e78625d809855a1
Status: Downloaded newer image for nginx:1.22.1-alpine
Creating 01ngx_nginx_compose_1 ... done
[root@docker01 01-ngx]# docker-compose
build config down exec images logs port pull restart run start top up
bundle create events help kill pause ps push rm scale stop unpause version
[root@docker01 01-ngx]# docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------------------
01ngx_nginx_compose_1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:18848->80/tcp,:::18848->80/tcp
docker-compose命令格式 | 这个命令包含了docker container和docker image 命令。 |
---|---|
容器 | |
up -d | up==run 创建并运行容器 启动的时候后台运行类似于docker run -d |
down | 关闭容器,删除容器,及相关资源 |
stop/start/restart | docker container 关闭、开启、重启容器 |
ps | 查看容器运行情况 只有-q选项 |
top | 容器进程信息 |
logs | 容器日志 |
rm | 删除容器(需要容器已经关闭) |
镜像 | |
images | 查看镜像 |
PS:只能在对应的目录下用
- 修改docker-compose与生效
2)compose文件的常用指令
-
挂载数据卷
-
容器之间的依赖,先后顺序。
depends_on: 依赖,先启动指定的容器然后再启动当前容器.
volumes: 数据卷
links: 容器连接,本质hosts解析
链接: https://docs.docker.com/compose/compose-file/compose-file-v3/
3)案例29-docker-compose部署kodexp
-
nginx
-
php
-
配置文件
-
代码目录
-
书写docker run指令
docker run -d --name "kodexp_php" \
-v `pwd`/conf/www.conf:/usr/local/etc/php-fpm.d/www.conf \
-v `pwd`/code:/app/code/kodexp \
php:7-fpm-alpine
docker run -d Վʔname "kodexp_nginx" -p 10086:80 \
--link kodexp_php:php \
-v `pwd`/conf/nginx.conf:/etc/nginx/nginx.conf \
-v `pwd`/conf/kodexp.conf:/etc/nginx/conf.d/kodexp.conf \
-v `pwd`/code:/app/code/kodexp/ \
nginx:1.22.1-alpine
5)小结
- docker build构建镜像/docker run 运行容器
- 书写docker compose的时候,通过docker run自行测试
- docker-compose指令:
- 容器:
- image
- ports
- links
- depends_on
- volumes
- build
- 容器:
- docker-compose指令:
dockercompose指令说明
链接: https://docs.docker.com/compose/compose-file/compose-file-v3/
3.5 docker镜像仓库之registry仓库
1)仓库选型与概述
- 应用场景:
- 未来docker官方的镜像无法直接满足我们需求
- 我们企业内部也要定制很多镜像
- 而且这些镜像不想公开,都是私有的
docker镜像仓库方案 | 应用场景与特点 |
---|---|
镜像保存为压缩包 | 使用的时候,sl(save/load),仅适用于节点极少的情况,很不方便 |
registry镜像仓库 | 使用方便,适用于小型网站集群(镜像不多,环境不复杂),命令行操作 |
harbor镜像仓库 | 企业级镜像仓库(docker,k8s)都可用,图形化页面 |
公有云的镜像服务 | 在公有云上申请个人,企业 |
2)环境规划
主机名 | 环境与ip地址 |
---|---|
docker01.oldboylinux.cn | docker环境 10.0.0.81/172.16.1.81 |
reg.oldboylinux.cn | registry环境 10.0.0.82/172.16.1.82 |
所有主机对应主机名能够解析
cat >>/etc/hosts<<EOF
10.0.0.81 docker01.oldboylinux.cn
10.0.0.82 docker02.oldboylinux.cn reg.oldboylinux.cn
EOF
3)极速上手指南
安,配,用
1. 下载registry #镜像仓库服务器配置
docker pull registry
2. 配置(docker服务端准许使用http) (未来所有使用私有镜像仓库的节点都要配置)
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://o0ot3ltv.mirror.aliyuncs.com"],
"insecure-registries": ["reg.oldboylinux.cn:5000"]
}
EOF
温馨提示:
注意第2行结尾的逗号.
注意reg.oldboylinux.cn域名解析.hosts解析.
systemctl restart docker
#镜像仓库服务器
3. 使用启动registry(未来可以docker compose实现)
指定端口号5000:5000
映射随机数据卷 容器中的/var/lib/registry/
docker volume create registry
docker volume ls
docker run -d --name "oldboy_registry" -p 5000:5000 -v registry:/var/lib/registry \
--restart=always registry:latest
--restart表示容器异常退出,会自动重启容器.
查看私有仓库镜像信息
http://reg.oldboylinux.cn:5000/v2/_catalog/ #默认没有有用信息
[root@docker02 ~]# curl -L 10.0.0.82:5000/v2/_catalog
{"repositories":[]}
- 把镜像上传到私有仓库registry中
4. (上传镜像到私有仓库全流程)
tag 给镜像打上标签(地址/路径/名字:版本)
push 镜像 上传镜像到私有仓库
#打标签
docker tag mysql:5.7-debian reg.oldboylinux.cn:5000/oldboyedu/mysql:5.7-debian
[root@docker01 ~]# docker tag mariadb:latest reg.oldboylinux.cn:5000/oldboyedu/db:mariadb_latest
#推送到私有仓库
docker push reg.oldboylinux.cn:5000/oldboyedu/mysql:5.7-debian
[root@docker01 ~]# docker push reg.oldboylinux.cn:5000/oldboyedu/db:mariadb_latest
The push refers to repository [reg.oldboylinux.cn:5000/oldboyedu/db]
c359e781d90a: Pushed
f95954e05332: Pushed
060b534c4abd: Pushed
672465781193: Pushed
6c649bbdd7d6: Pushed
286a90349ea9: Pushed
eb3b55e3972c: Pushed
8f2689356f7c: Pushed
657a7983a5d3: Pushed
9f54eef41275: Pushed
mariadb_latest: digest: sha256:528cfe83d93caba437e75039b606a4637dd5c724c6a25d7c7b64ec2e9eb11303 size: 2412
- 查看打上标签后的镜像的信息
[root@docker01 ~]# docker images|grep 5000
reg.oldboylinux.cn:5000/oldboyedu/db mariadb_latest e2278f24ac88 2 years ago 410MB
[root@docker02 ~]# curl -L 10.0.0.82:5000/v2/_catalog
{"repositories":["oldboyedu/db"]}
docker01
docker pull reg.oldboylinux.cn:5000/oldboyedu/mysql:5.7-debian
docker images |grep reg
4)小结
- 实现registry镜像私有仓库即可.
- 补充: -v 随机挂载容器中的/data/registry/:/var/lib/registry/目录.
- 自己把启动registry写成docker compose
docker volume create registry
docker run -d --name "oldboy_registry" -p 5000:5000 -v registry:/var/lib/registry \
--restart=always registry:latest
#registry-docker-compose
version: "3.3"
services:
oldboy_registry:
container_name: "oldboy_reg"
image: "registry:latest"
ports:
- "5000:5000"
restart: always
volumes:
- "registry:/var/lib/registry"
volumes:
registry:
[root@docker01 04_registry]# docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------
oldboy_reg /entrypoint.sh /etc/docker ... Up 0.0.0.0:5000->5000/tcp,:::5000->5000/tcp
[root@docker01 04_registry]# docker volume ls
DRIVER VOLUME NAME
local 04registry_registry
local oldboy_data
[root@docker01 04_registry]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6051560376e registry:latest "/entrypoint.sh /etc…" 55 seconds ago Up 53 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp oldboy_reg
3.6 docker企业级镜像仓库-harbor仓库
1)环境准备
2C4G(1C2G)
tar xf harbor-offline-installer-v2.3.1.tgz -C /app/tools/
#目录结构
common.sh
harbor.v2.3.1.tar.gz
harbor.yml.tmpl #临时配置文件 正式配置文件 叫harbor.yml
install.sh #每次修改配置 需要执行下
LICENSE
prepare
- 配置文件
cat >>/etc/hosts<<EOF
10.0.0.81 docker01.oldboylinux.cn
10.0.0.82 docker02.oldboylinux.cn reg.oldboylinux.cn harbor.oldboylinux.cn
EOF
- 准备配置文件
cp harbor.yml.tmpl harbor.yml
- 修改域名部分
hostname: harbor.oldboylinux.cn
- 禁用https功能
注释掉了 https相关的内容
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
- 修改了harbor仓库的默认的密码
harbor_admin_password: admin
- 进行安装
./install.sh
#注意要检查80是否被占用
提示successfully
? ----Harbor has been installed and started
successfully.----
成功
需要安装docker和docker-compose
[root@docker02 harbor]# docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up
harbor-db /docker-entrypoint.sh 96 13 Up
harbor-jobservice /harbor/entrypoint.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up
nginx nginx -g daemon off; Up 0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis redis-server /etc/redis.conf Up
registry /home/harbor/entrypoint.sh Up
registryctl /home/harbor/start.sh Up
2)浏览器访问
- 输入用户名admin,密码admin进入harbor仓库
3)仓库使用指南
[root@docker01 04_registry]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://o0ot3ltv.mirror.aliyuncs.com"],
"insecure-registries": ["harbor.oldboylinux.cn"]
}
docker login -uadmin -padmin harbor.oldboylinux.cn
[root@docker01 04_registry]# docker login -uadmin -padmin harbor.oldboylinux.cn
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://harbor.oldboylinux.cn/v2/": dial tcp 10.0.0.82:443: connect: connection refused
[root@docker01 04_registry]# systemctl restart docker
[root@docker02 harbor]# systemctl restart docker
[root@docker02 harbor]# docker-compose up -d
harbor-log is up-to-date
registryctl is up-to-date
registry is up-to-date
Starting harbor-portal ...
Starting redis ...
Starting harbor-db ... done
harbor-core is up-to-date
harbor-jobservice is up-to-date
nginx is up-to-date
[root@docker01 04_registry]# docker login -uadmin -padmin harbor.oldboylinux.cn
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
docker tag oldboy_web:tengine_2.3.3-v2 harbor.oldboylinux.cn/library/tengine:2.3.3_v2
docker push harbor.oldboylinux.cn/library/tengine:2.3.3_v2
[root@docker01 ~]# docker tag centos:latest harbor.oldboylinux.cn/library/centos:latest
[root@docker01 ~]# docker push harbor.oldboylinux.cn/library/centos:latest
The push refers to repository [harbor.oldboylinux.cn/library/centos]
74ddd0ec08fa: Pushed
latest: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529
4)用户管理
系统管理里面创建用户
项目管理中成员关联用户
5)harbor高可用
可以通过harbor自带的镜像同步工具实现.(搭建2个harbor服务器)
找出harbor的镜像目录(registry目录),目录备份/同步
/data/registry/docker/registry/v2/repositories
6)小结
通过脚本/配置一键搭建即可.
简单使用与用户管理即可.
安全:https,避免公网访问.
docker尾巴
- docker不同的网络模式
- docker底层原理 namespace,cgroups,文件系统
链接: https://www.processon.com/view/link/6347dbb207912921d8137498