Dockerfile构建网站及镜像仓库搭建
Dockerfile构建网站及镜像仓库搭建
准备相应的软件
(1)Java JDK
jdk-8u45-linux-x64.tar.gz /usr/local
(2)Apache
apache-tomcat-8.0.46.tar.gz
编写DockerFile文件
FROM centos:7
MAINTAINER www.aliangedu.com
ADD jdk-8u45-linux-x64.tar.gz /usr/local
ENV JAVA_HOME /usr/local/jdk1.8.0_45
ADD apache-tomcat-8.0.46.tar.gz /usr/local
COPY server.xml /usr/local/apache-tomcat-8.0.46/conf
WORKDIR /usr/local/apache-tomcat-8.0.46
EXPOSE 8080
ENTRYPOINT ["./bin/catalina.sh", "run"]
创建容器
# 采用Dockefile构建,不要漏掉. .表示从当前目录插在Dockerfile文件。
docker image build -t tomcat:v1 -f Dockerfile .
docker run -itd --name=tomcat -p 8081:8080 --mount type=bind,src=/app/webapps/,dst=/usr/local/apache-tomcat-8.0.46/webapps tomcat:v1
注意:/app/webapps/比如实现创建好。并且8081端口必须没有占用的进程。
然后在/app/webapps中创建一个index.html,这样就能通过本机IP:8081端口访问该网址内容。
镜像仓库
官方仓库搭建与使用
(1)Docker Hub
它作为默认的官方公共镜像;如果想自己搭建私有镜像仓库,官方也提供registry,使得搭建私有仓库很简单。
(2)使用步骤
1)注册账号
https://hub.docker.com
2)登录Docker Hub
或者在终端输入
docker login
# Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: gezr17
Password:
# WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
# 稍等片刻,就可以登录成功。
Login Succeeded
# 首先需要打tag
docker tag nginx:v1 gezr17/nginx:v1
# 然后可以上传至个人仓库,其中gezr17为你的dockerhub用户名。
docker push gezr17/nginx:v1
# 然后可以查看你的镜像仓库
docker search gezr17
下载registry镜像并启动
docker pull registry # 拉取镜像仓库镜像
# 创建镜像容器,并设置名称,指定端口,以及包括目录。
docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry
# 查看镜像仓库镜像,一开始为空,如下
curl http://172.16.4.12:5000/v2/_catalog
{"repositories":[]}
# 修改/etc/docker/key.json文件,加入下面条目
"insecure-registries":["172.16.4.12:5000"]
# 给镜像打标记,注意172.16.4.12是你镜像仓库的IP。
docker tag nginx:1.11 172.16.4.12:5000/nginx:1.11
# 将镜像推送到仓库中。
docker push 172.16.4.12:5000/nginx:1.11
# 如果出现下述错误:
The push refers to repository [172.16.4.12:5000/nginx]
Get https://172.16.4.12:5000/v2/: http: server gave HTTP response to HTTPS client
# 修改/etc/docker/daemon.json文件,加入下面条目,如果没有daemon则需要手动创建,并加入以下内容:
"insecure-registries":["172.16.4.12:5000"]
# 再次push就可以成功了
docker push 172.16.4.12:5000/nginx:1.11
# 会显示以下内容。
The push refers to repository [172.16.4.12:5000/nginx]
97b903fe0f6f: Pushed
31fc28b38091: Pushed
aca7b1f22e02: Pushed
5d6cbe0dbcf9: Pushed
1.11: digest: sha256:1deff3ebc773b5d89d20f232994fc81a355d13adac20f28cfde661099e3be8a8 size: 1156
# 再次查看镜像仓库,会发现有nginx:1.11这个镜像了。
curl http://172.16.4.12:5000/v2/_catalog
{"repositories":["nginx"]}
# 也可以通过tag查看具体的版本镜像
curl http://172.16.4.12:5000/v2/nginx/tags/list
{"name":"nginx","tags":["1.11"]}
# 然后就可通过镜像仓库的IP指定版本下载。
docker run -itd --name nginx -p 8082:80 172.16.4.12:5000/nginx:1.11
然后通过访问IP:Port就可以访问nginx网页了。
企业级私有镜像仓库Harbor
硬件配置需求:
| Resource | Capacity | Description |
|---|---|---|
| CPU | minimal 2 CPU | 4 CPU is preferred |
| Mem | minimal 4 GB | 8GB is preferred |
| Disk | minimal 40GB | 160GB is preferred |
软件要求
| Software | Version | Description |
|---|---|---|
| Python | version 2.7 or higher | Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by default |
| Docker engine | version 17.03.0-ce+ or higher | For installation instructions, please refer to: https://docs.docker.com/engine/installation/ |
| Docker Compose | version 1.18.0 or higher | For installation instructions, please refer to: https://docs.docker.com/compose/install/ |
| Openssl | latest is preferred | Generate certificate and keys for Harbor |
网络端口
| Port | Protocol | Description |
|---|---|---|
| 443 | HTTPS | Harbor portal and core API will accept requests on this port for https protocol |
| 4443 | HTTPS | Connections to the Docker Content Trust service for Harbor, only needed when Notary is enabled |
| 80 | HTTP | Harbor portal and core API will accept requests on this port for http protocol |
这里只介绍Docker Compose的安装方式
首先安装依赖包:py-pip, python-dev, libffi-dev, openssl-dev, gcc, libc-dev, and make。
# 先安装pip
yum install -y epel-release
yum install -y yum-utils && yum-config-manager --enable epel
yum install -y python-pip
pip install --upgrade pip
# 安装python-dev
yum install python-devel
# 安装libffi-dev
yum install -y libffi libffi-devel
# 安装openssl-dev
yum install -y openssl-devel
# 安装gcc
yum install gcc
#
yum install -y libc-client-devel
# 开始安装docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 更改权限
chmod +x /usr/local/bin/docker-compose
# 测试安装是否成功
docker-compose --version
# 显示docker-compose version 1.24.0, build 0aa59064则表明成功。
# 解压离线安装包
tar xvf harbor-offline-installer-v1.7.5.tgz
# 修改配置文件,并配置必要的配置参数详见:
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
# 自签TLS证书
openssl genrsa -out private_key.pem 4096
# 进入目录并安装
cd harbor && ./install.sh
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:XXX
Locality Name (eg, city) [Default City]:XXX
Organization Name (eg, company) [Default Company Ltd]:XXX
Organizational Unit Name (eg, section) []:XXX
Common Name (eg, your name or your server's hostname) []:docker-vm1
Email Address []:XXXXXX
# 完成上述操作,输入ls命令,可以在本目录下看到 private_key.pem和root.crt两个文件再次执行安装
./install.sh
# 记住需要关闭已开启的nginx服务。
# 当出现下述输出是表明安装成功。
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://172.16.4.12 .
For more details, please visit https://github.com/goharbor/harbor .
# 然后就可以在浏览器中打开
172.16.4.12:80
# 这里要注意,如果修改了自定义端口,或者想用域名访问,那么需要在C:\Windows\System32\drivers\etc的hosts文件末尾加入类似下述的描述:
172.16.4.12 reg.gezr17.edu.cn 其中后面的为你要解析的域名
# 然后在浏览器可以登录,默认账号和密码:admin:Harbor12345
# 给镜像打标签
docker tag tomcat:v1 172.16.4.12/test/tomcat:v1
# 把镜像push到镜像仓库,172.16.4.12是镜像仓库的IP,当然也可以用域名。
docker push 172.16.4.12/test/tomcat:v1
The push refers to repository [172.16.4.12/test/tomcat]
dc78d67b319a: Pushed
208469e47f23: Pushed
efe66202f49b: Pushed
d69483a6face: Pushed
v1: digest: sha256:38bc4b06992af9a9530ccd9fb5ce84f323d96a458082df29db06b5a3f8fa5e40 size: 1161
输入镜像仓库的地址,就可以查看到刚才的镜像了。
# 下载镜像命令,如果该镜像的权限没有放开,则下载会失败。
docker pull 172.16.4.12/test/tomcat:v1
