Build a private docker image repository-Alibaba Cloud Developer Community

Public and private repositories:

speed: The public warehouse runs through the public network, which is slow; The private warehouse runs through the internal network, that is, the local area network;

security: public warehouses are stored on public hard disks. Private warehouses are stored on their own server hard disks.

Public Warehouse:

the most authoritative but slower:

https://hub.docker.com/

log in first:

$ docker login -usmallsoup 
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
tag and push the image to the hub repository:
docker tag zookeeper:3.5 smallsoup/zookeeper:3.5
docker push smallsoup/zookeeper:3.5
the push is successful. You can see the following information on The hub:

private warehouse:

use the registry provided by docker to build a private warehouse locally:

docker pull registry:2.5.2
docker run -d -p 5000:5000 registry:2.5.2
docker tag zookeeper:3.5 localhost:5000/zookeeper:3.5
docker push zookeeper:3.5 localhost:5000/zookeeper:3.5

because security is not set, you can directly push it up.

Because it is a local repository, the pull speed is very fast.

[root@localhost micro-service]# docker pull localhost:5000/zookeeper:3.5
3.5: Pulling from zookeeper
Digest: sha256:3474ec46da9db9dc27a431f9645a2df9c91d5b969f591fe0ccd4c40f2bfd1579
Status: Image is up to date for localhost:5000/zookeeper:3.5

However, this private warehouse cannot meet our needs. In case the private warehouse server fails on the production line, other servers cannot take over. In addition, there is no page for easy management.

harbor in the industry mainly provides Dcoker Registry management UI, which can be based on role access control, AD/LDAP integration, log review and other functions. It fully supports Chinese and is very suitable for production environments.

harbor private warehouse construction

github address:

https://github.com/goharbor/harbor/releases

download URL:

https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz

this link is too slow, you can download it here:

http://harbor.orientsoft.cn/

the following harbor versions are harbor-offline-installer-v1.5.0.tgz

decompress:

tar -zxf harbor-offline-installer-v1.5.0.tgz
then run the./install script to install the file. If you need special settings, you can modify harbor.cfg and docker-compose.yml first and then install the file./install file.
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... 
Creating redis              ... error
Creating harbor-db          ... 
Creating registry           ... 
Creating harbor-adminserver ... done
ERROR: for redis  Cannot create container for service redis: b'Conflict. The container name "/redis" is already in use
Creating harbor-db          ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating nginx              ... done

ERROR: for redis  Cannot create container for service redis: b'Conflict. The container name "/redis" is already in use by container "c3813d66ccad284d3529227fabf3d5c19cb991237de8d3e72fc470ffd2cbfa99". You have to remove (or rename) that container to be able to reuse that name.'
ERROR: Encountered errors while bringing up the project.

The preceding error is reported during installation because the server already has a container name named redis and the same name as the redis container to be installed in harbor. You need to rename the existing redis container name micro-service-redis:

$ docker ps -a --filter name=redis
CONTAINER ID        IMAGE                              COMMAND             CREATED             STATUS              PORTS                    NAMES
c3813d66ccad        hub.c.163.com/public/redis:2.8.4   "/run.sh"           2 days ago          Up 42 hours         0.0.0.0:6379->6379/tcp   redis

$ docker rename redis micro-service-redis 
$ docker ps -aq --filter name=redis
c3813d66ccad

$ docker ps -a --filter name=redis
CONTAINER ID        IMAGE                              COMMAND             CREATED             STATUS              PORTS                    NAMES
c3813d66ccad        hub.c.163.com/public/redis:2.8.4   "/run.sh"           2 days ago          Up 42 hours         0.0.0.0:6379->6379/tcp   micro-service-redis
run the./install command again.
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis              ... done
Creating harbor-db          ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... 
Creating nginx              ... 

ERROR: for harbor-jobservice  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

ERROR: for nginx  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

ERROR: for jobservice  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

ERROR: for proxy  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
If you encounter this issue regularly because of slow network conditions, consider setting COMPOSE_HTTP_TIMEOUT to a higher value (current value: 60).

The above error is reported again, which may be caused by network problems. Try again./install:


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis              ... done
Creating harbor-db          ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating nginx              ... done
Creating harbor-jobservice  ... done

 ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://hub.smallsoup.com. 
For more details, please visit https://github.com/vmware/harbor .

successful.

You can access the IP address of the harbor Deployment Server: Port 80 mapped to the host in docker-compose.yml;

the username is admin and the password is harbor_admin_password in harbor.cfg:

you can create a private repository micro-service:

in the system management-> User management dialog box that appears, add a user, click the project created in the previous step->> member->> Create member, and set permissions.

Project Administrator: has the pull, push, and other project management permissions;

developer: has the pull and push permissions;

visitor: only the pull permission is allowed.

Of the item various micro-service image push to harbor micro-service project:

$ docker images |grep -v "vmware"
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
api-gateway-zuul                latest              8a814cf9bb65        23 hours ago        476MB
course-service                  latest              673d4501353e        23 hours ago        462MB
course-edge-service             latest              854d5d8bddaa        23 hours ago        484MB
message-thrift-python-service   latest              4317a76b387e        24 hours ago        926MB
user-edge-service               latest              ff07d54a02ba        25 hours ago        469MB
user-thrift-service             latest              02dd6fd0f239        26 hours ago        456MB
python-base                     latest              81ad8926a9d9        26 hours ago        926MB
zookeeper                       3.5                 c41e1dcd86e4        2 weeks ago         128MB
smallsoup/zookeeper             3.5                 c41e1dcd86e4        2 weeks ago         128MB
localhost:5000/zookeeper        3.5                 c41e1dcd86e4        2 weeks ago         128MB
elasticsearch                   latest              5acf0e8da90b        2 weeks ago         486MB
registry                        2.5.2               96ca477b7e56        3 weeks ago         37.8MB
registry                        2                   2e2f252f3c88        3 weeks ago         33.3MB
python                          3.6                 4f13b7f2138e        4 weeks ago         918MB
openjdk                         8-jre               66bf39162ea7        4 weeks ago         443MB
mysql                           latest              6a834f03bd02        4 weeks ago         484MB
hub.c.163.com/public/redis      2.8.4               4888527e1254        2 years ago         190MB

tag:

docker tag openjdk:8-jre 192.168.1.103:80/micro-service/openjdk:8-jre
view images:
$ docker images |grep -v "vmware" | grep open
openjdk                                    7-jre               e4c851ec3393        4 weeks ago         329MB
192.168.1.103:80/micro-service/openjdk   8-jre               66bf39162ea7        4 weeks ago         443MB
openjdk                                    8-jre               66bf39162ea7        4 weeks ago         443MB
push image:
$ docker push 192.168.1.103:80/micro-service/openjdk:8-jre
The push refers to repository [192.168.1.103:80/micro-service/openjdk]
Get https://192.168.1.103:80/v2/: http: server gave HTTP response to HTTPS client

push error. By default, the http protocol is used, that is, the ui_url_protocol value in harbor.cfg. https is troublesome. You need to generate a certificate. For more information, see:

set Https for Harbor

http://gapme.cn/2017/10/25/harbor-ui-https/

for the time being, http is used.

Solution to the preceding error:

in the/etc/docker/directory, create the daemon.json file. Write to the file:

{
  "insecure-registries": [
        "hub.smallsoup.com:80",
        "192.168.1.103:80"
  ]
}
restart docker:
systemctl restart docker

after docker restarts,./install or docker-compose down;docker-compose up -d restart harbor.

push basic images and Service images to the repository:

digression:

during installation, port 80 is mapped to Port 8081 of the host. Many problems are encountered during push (port 80 connection rejection is reported, which is probably the issue

https://github.com/goharbor/harbor/issues/192), found a lot of data, but still gave up, finally mapped to the host port 80, push everything OK.

It is troublesome to set hosts and PORT forwarding to push by using a domain name. The IP:PORT method is used as follows:

delete a tag with a domain name:

docker rmi -f hub.smallsoup.com:80/micro-service/openjdk:8-jre

the original text was released on October 6, 2018.

Author: Small Bowl soup

this article comes from "my small Bowl soup", a partner of Yunqi community. For more information, please pay attention to "my small Bowl soup"

Selected, One-Stop Store for Enterprise Applications
Support various scenarios to meet companies' needs at different stages of development

Start Building Today with a Free Trial to 50+ Products

Learn and experience the power of Alibaba Cloud.

Sign Up Now