CNDBA社区
Docker私有仓库建立以及Mysql的运行
目录
1、Host
2、Install
3、Create Private Registry
4、Test Push To Private Registry
5、Docker Client Pull From Private Registry
6、Check Docker Log
1、Host
当前所有主机是Centos 6,用的是Docker 1.7
Centos 6:
➜ ~ service iptables stop
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
➜ ~ chkconfig iptables off
➜ ~ vi /etc/selinux/config
修改 SELINUX=disabled
➜ ~ setenforce 0
Centos 7:
➜ ~ systemctl stop firewalld.service
➜ ~ systemctl disable firewalld.service
➜ ~ vi /etc/sysconfig/selinux
SELINUX=disabled
➜ ~ setenforce 0
2、Install
Centos 6:
➜ ~ yum install -y http://mirrors.yun-idc.com/epel/6/x86_64/epel-release-6-8.noarch.rpm
➜ ~ yum install -y docker-io
Centos7:由于Centos-Extras源已内置Docker,可直接yum安装
➜ ~ yum install -y docker
3、Create Private Registry
➜ ~ docker search registry
➜ ~ docker pull registry
默认情况,docker会将仓库创建在容器的/var/lib/registry目录下,通过参数-v将镜像文件存放在本地指定的路径上
下面的例子将上传的镜像存放在/opt/docker/registry目录,监听端口5000
➜ ~ docker run -d -p 5000:5000 -v /opt/docker/registry:/var/lib/registry --restart=always registry
b426c82843327c4cfdc726a6f4e492be524f985a880a61d62b312d48da636b8c
###########################################################################################################
➜ docker docker run -d -p 5000:5000 -v /opt/docker/registry:/var/lib/registry --restart=always registry
c23a10db121437e2303820b29e600af92f15d31d43b14288db7dc50aacb65846
Error response from daemon: Cannot start container c23a10db121437e2303820b29e600af92f15d31d43b14288db7dc50aacb65846: Bind for 0.0.0.0:5000 failed: port is already allocated
解决方法:
➜ docker service docker restart
Stopping docker: [ OK ]
Starting docker: [ OK ]
解释原因:
docker 服务启动的时候,docker服务会向iptables注册一个链,以便让docker服务管理的containner所暴露的端口之间进行通信
通过命令iptables -L可以查看iptables 链
在开发环境中,如果你删除了iptables中的docker链,或者iptables的规则被丢失了(例如重启firewalld),docker就会报iptables error例如:failed programming external connectivity … iptables: No chain/target/match by that name
要解决这个问题,只要重启docker服务,之后,正确的iptables规则就会被创建出来
忽视,这是因为该镜像的容器已经正在运行占用了5000端口
➜ docker docker run -d -p 5000:5000 -v /opt/docker/registry:/var/lib/registry --restart=always registry
1901a7cfd27ec62b87cdf3d322e35b34053f682e270becda5fab93ab59dd6b5c
Error response from daemon: Cannot start container 1901a7cfd27ec62b87cdf3d322e35b34053f682e270becda5fab93ab59dd6b5c: Bind for 0.0.0.0:5000 failed: port is already allocated
➜ docker docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b942d838b26 registry "/entrypoint.sh /etc 11 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp clever_brattain
#########################################################################################################################
测试是否成功创建,网页中输入http://主机IP地址:5000 看是否能访问,能访问则成功
在本机查看能否访问该私有库
➜ ~ curl -I 127.0.0.1:5000
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 21 Aug 2018 09:30:54 GMT
Content-Type: text/plain; charset=utf-8
4、Test Push To Private Registry
私有仓库docker主机IP:172.16.10.241
当前docker主机IP:172.16.10.242
测试是否Push成功流程:
1、查看当前主机docker 镜像
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
mysql 5.7 9c0ab5bbe2c0 6 days ago 372 MB
2、mysql的docker镜像在本地,我们需要对其重新打一个tag标记,TAG格式u为 私有仓库IP地址:5000/[USERNAME/]NAME[:TAG]
➜ ~ docker tag mysql:5.7 172.16.10.241:5000/database/mysql:5.7
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
mysql 5.7 9c0ab5bbe2c0 6 days ago 372 MB
172.16.10.241:5000/database/mysql 5.7 9c0ab5bbe2c0 6 days ago 372 MB
3、Push到私有仓库,发生报错
➜ ~ docker push 172.16.10.241:5000/database/mysql:5.7
Error response from daemon: invalid registry endpoint https://172.16.10.241:5000/v0/: unable to ping registry endpoint https://172.16.10.241:5000/v0/
v2 ping attempt failed with error: Get https://172.16.10.241:5000/v2/: tls: oversized record received with length 20527
v1 ping attempt failed with error: Get https://172.16.10.241:5000/v1/_ping: tls: oversized record received with length 20527. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 172.16.10.241:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/172.16.10.241:5000/ca.crt
这是因为我们启动的registry服务不是安全可信赖的,我们需要在/etc/sysconfig/docker文件上配置一个参数INSECURE_REGISTRY
➜ ~ vi /etc/sysconfig/docker
添加参数
other_args="--insecure-registry 172.16.10.241:5000"
4、查看docker进程-d参数并未指向某个私有仓库
➜ ~ ps -ef|grep docker
root 9833 1 0 15:24 pts/3 00:00:00 /usr/bin/docker -d
root 9924 8024 0 15:30 pts/3 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn docker
5、重启docker服务
Centos 6:
➜ ~service docker restart
Centos 7:
➜ ~systemctl daemon-reload
➜ ~systemctl restart docker
6、在当前机查看能否访问该私有库
➜ ~ curl -I 172.16.10.241:5000
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 21 Aug 2018 07:45:41 GMT
Content-Type: text/plain; charset=utf-8
7、查看docker进程,-d参数指向私有仓库172.16.10.241:5000
➜ ~ ps -ef|grep docker
root 9976 1 1 15:30 pts/3 00:00:00 /usr/bin/docker -d --insecure-registry 172.16.10.241:5000
root 10042 8024 0 15:30 pts/3 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn docker
8、再次Push
➜ ~ docker push 172.16.10.241:5000/database/mysql:5.7
The push refers to a repository [172.16.10.241:5000/database/mysql] (len: 1)
9c0ab5bbe2c0: Image already exists
03b146b52cc9: Image already exists
3913cea44c44: Image already exists
fb9ba1924f0f: Image successfully pushed
237caf07a804: Image successfully pushed
858af7831a30: Image already exists
3de1804662ac: Image successfully pushed
9e4d24413be4: Image successfully pushed
62ce92c9b751: Image already exists
cb7b05ddcc21: Image already exists
b7d6839ca1c8: Image successfully pushed
b5d234346a54: Image successfully pushed
589b8acf5b1e: Image successfully pushed
c7dc2652f454: Image successfully pushed
72ce3064b0e1: Image already exists
f5d085828936: Image successfully pushed
89603b7c797f: Image successfully pushed
412eee97320e: Image already exists
8fb5f8552917: Image successfully pushed
Digest: sha256:5fb5d819cf607df4f571bf4b67b20581fba231c0ea8b9b8543023cf3f75dcb4d
9、私有仓库主机上查看私有仓库push的镜像
➜ ~ curl 172.16.10.241:5000/v2/_catalog
{"repositories":["database/mysql"]}
➜ ~
10、私有仓库主机上查看本地之前映射的目录是否存在对应目录内容
➜ repositories pwd
/opt/docker/registry/docker/registry/v2/repositories
➜ repositories ls
database
可以看到该指定的目录/opt/docker/registry目录下,生成了对应的目录内容,其实该内容是从镜像registry容器中的/var/lib/registry中软链接过来的
11、切换到镜像registry容器中的bash,查看是否/var/lib/registry存在同等目录database/mysql,事实证明存在
➜ repositories docker exec -it 4b942d838b26 /bin/sh
/ # ls
bin entrypoint.sh home linuxrc mnt root sbin sys usr
dev etc lib media proc run srv tmp var
/ # cd var/lib/registry/
/var/lib/registry # ls
docker
/var/lib/registry # cd docker/registry/v2/
blobs/ repositories/
/var/lib/registry # cd docker/registry/v2/repositories/
/var/lib/registry/docker/registry/v2/repositories # ls
database
/var/lib/registry/docker/registry/v2/repositories/database # ls
mysql
#########################################################################################################################
现在问题来了,我们每次在docker私有服务上pull镜像时都需要使用localhost:5000/database/mysql:5.7这样长的tag,可不可以把私有服务的地址去掉呢?答案是可以的(只支持Docker 1.10以上)当前版本Docker 1.7不支持,查看配置文件/etc/sysconfig/docker中没有参数ADD_REGISTRY讲解就知道不支持了该功能了....
在docker-engine的配置文件/etc/sysconfig/docker中配置参数ADD_REGISTRY
ADD_REGISTRY='--add-registry 172.16.10.241:5000'
同样重启docker服务
Centos 6:
➜ ~service docker restart
Centos 7:
➜ ~systemctl daemon-reload
➜ ~systemctl restart docker
先把原来从docker公网pull下载的mysql:5.7删掉
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
172.16.10.241:5000/database/mysql 5.7 9c0ab5bbe2c0 6 days ago 372 MB
mysql 5.7 9c0ab5bbe2c0 6 days ago 372 MB
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
同一docker镜像,多个tag,删除tag不会影响原有的镜像,除非删除的镜像只有唯一的tag
➜ ~ docker rmi mysql:5.7
Untagged: mysql:5.7
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
172.16.10.241:5000/database/mysql 5.7 9c0ab5bbe2c0 6 days ago 372 MB
➜ ~ docker rmi 9c0ab5bbe2c0
Untagged: 172.16.10.241:5000/database/mysql:5.7
Deleted: 9c0ab5bbe2c048e3de92c170224dfbde38cb4a7c10c541548b4f8f0af384fdd0
Deleted: 03b146b52cc9c1ae702a7cb572250231980cf1bd783fb1da37cac7fc5196f86a
Deleted: 3913cea44c44a2f36672834f814b8b0ced66d90eb4ded0ca7c10f6b34352713a
Deleted: fb9ba1924f0fa07490c79fbb9968e2b3a3e81921dd380663496e6985c45062eb
Deleted: 237caf07a804ac793242e57cc216a20d1e2fefa666dfe7fce0dfcfe8097f4e0f
Deleted: 858af7831a305781d6452912c4f8302e4041fa08e66c8ed45ae5626b8c56c93c
Deleted: 3de1804662acdb4ce8ce3141e54655a466d2f1d97e7b3f36fd2de32e92818648
Deleted: 9e4d24413be48fa7f14f8dececbf13cfa26728a11b22148e38de80c790e26c09
Deleted: 62ce92c9b751e4c13df75d3dbb9c8230323e3d3c1c2a73628437647eff8a6dd7
Deleted: cb7b05ddcc21c3cc9d6367966d6265aaa187d5bc43e14d3cd786f65eb4384529
Deleted: b7d6839ca1c86bd824b862972c0c972cfc7b1a357225934778120ff026f90494
Deleted: b5d234346a54fb932a0b47df14480e8a9cc3bc1b9f8c10234e03fe14f3f44ec7
Deleted: 589b8acf5b1e0bfb6e3eb92c1b5238893e54a13f434de88a7a18c5aaf5c9d439
Deleted: c7dc2652f45459ce8c7e5a3d50ed684b7aaa0b05a8cf36adb0dd207b07102065
Deleted: 72ce3064b0e1523128f9992286fe134dfc62eea1cd9920d95e0f3bcc12053e01
Deleted: f5d085828936996eb292390e53a066df7d51487c4d8541f4ec08901e9cdda912
Deleted: 89603b7c797f11e375e2d46c63c6a64198ccf9fc188efa98ecfb4d4039129a24
Deleted: 412eee97320e3604bfb2d20cb7f87fdda09733f44f2b4f14ae3e44602be5c6f3
Deleted: 8fb5f8552917aaf3822e216bb9f72c9eabf9c8476e8b2501b6a98cae7d0c5c6c
现在我们就可以使用database/mysql:5.7来替代localhost:5000/database/mysql:5.7了
docker pull /database/mysql:5.7
5、Docker Client Pull From Private Registry
1、拉取Mysql镜像
➜ ~ docker pull 172.16.10.241:5000/database/mysql:5.7
5.7: Pulling from 172.16.10.241:5000/database/mysql
8fb5f8552917: Pull complete
412eee97320e: Pull complete
89603b7c797f: Pull complete
f5d085828936: Pull complete
72ce3064b0e1: Pull complete
c7dc2652f454: Pull complete
589b8acf5b1e: Pull complete
b5d234346a54: Pull complete
b7d6839ca1c8: Pull complete
cb7b05ddcc21: Pull complete
62ce92c9b751: Pull complete
9e4d24413be4: Pull complete
3de1804662ac: Pull complete
858af7831a30: Pull complete
237caf07a804: Pull complete
fb9ba1924f0f: Pull complete
3913cea44c44: Pull complete
03b146b52cc9: Pull complete
9c0ab5bbe2c0: Already exists
Digest: sha256:5fb5d819cf607df4f571bf4b67b20581fba231c0ea8b9b8543023cf3f75dcb4d
Status: Downloaded newer image for 172.16.10.241:5000/database/mysql:5.7
2、查看Mysql镜像
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
172.16.10.241:5000/database/mysql 5.7 9c0ab5bbe2c0 7 days ago 371.3 MB
3、运行容器(运行容器可使用镜像ID或者Repositry名启动)
➜ ~ docker run 9c0ab5bbe2c0
error: database is uninitialized and password option is not specified
You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD
首次运行报错,这是因为Docker中未设置Mysql 用户Root的密码,
-d 以守护姿态运行容器 ,内部文件系统一直保留
--rm 只是在开发调试过程中短期运行,其用户数据并无保留的必要,因而可以在容器启动时设置--rm选项,这样在容器退出时就能够自动清理容器内部的文件系统
--name 容器别名
➜ ~ docker run --name mysql5.7 -p 3306:53306 -e MYSQL_ROOT_PASSWORD=123456 -d 172.16.10.241:5000/database/mysql:5.7
218752c5f03b6a8c4d6fd14ac69b66705baed3042d389eb6fc5adab20204c4f5
查看正在运行的容器
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
218752c5f03b 172.16.10.241:5000/database/mysql:5.7 "docker-entrypoint.s 7 seconds ago Up 5 seconds 3306/tcp, 33060/tcp, 0.0.0.0:3306->53306/tcp mysql5.7
mysql5.7: 容器别名
123456:初始化设置的root用户的密码
tag:mysql的版本,不写默认使用最新版(可以使用Repositry或者镜像ID)
-p 3306:53306:表示在这个容器中使用3306端口(第二个)映射到本机的端口号也为3306(第一个)
4、运行Docker内部的Mysql
4.1、第一种方式,切换到Mysql容器内部bash,然后可以像之前正常操作一样操作
➜ ~ docker exec -it mysql5.7 bash
root@218752c5f03b:/# mysql -uroot -p123456 -P53306
4.2、第二种方式,利用docker命令直接连接数据库,看起来还是第一种书写方便
➜ ~ docker run -it --link mysql5.7:mysql --rm mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"'
###################################################################################################################
Links运行container之间发现彼此并且彼此间安全的通讯。使用 --link可以创建一个link. 让我们创建一个运行数据库的container
--link name:alias
这里 name 是我们要连接的container的名字, alias 是一link的别名.
下面让我们用 docker ps 看看被连接到一起的container们。
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
349169744e49 training/postgres:latest su postgres -c '/usr About a minute ago Up About a minute 5432/tcp db
aed84ee21bde training/webapp:latest python app.py 16 hours ago Up 2 minutes 0.0.0.0:49154->5000/tcp db/web,web
这里我们可以看到我们创建的两个分别叫 db 和 web 的container, 注意 web container 在name列里还显示了另外一个名字db/web。 这个名字告诉我们 web container 被连接到了 db container, 并且建立了一种父子关系。
linking到底有什么用呢?我们已经看到了link在两个container间创建了一个 父子 关系. 父container 这个例子里的 db 可以得到他的子container web上的信息. Docker是通过在 两个container建立了一个安全通道来实现的, 这样container就不用对外暴露端口了. 你可能已经注意到了 我们在启动 db container的时候没有使用 -p 或者 -P。 因为我们已经吧两个container通过 link连接起来了, 所以没必要通过端口暴露数据库的服务了
#########################################################################################################################
5、连接其他地方的mysql(non-Docker or remote MySQL instances)
This image can also be used as a client for non-Docker or remote MySQL instances
➜ ~ docker run -it --rm mysql mysql -hsome.mysql.host -usome-mysql-user -p
6、Check Docker Log
➜ ~ docker logs mysql5.7
Initializing database
docker logs --name 容器别名
版权声明:本文为博主原创文章,未经博主允许不得转载。
安装 私有仓库 Mysql
