基本操作命令

docker run --name=test-host -itd centos7.6 /bin/bash??通過鏡像創建容器

登錄容器

[root@docker101 ~]# docker exec -it test-host /bin/bash? （exec是執行，i是交互式。t叫tty）

或者container id

[root@docker101 ~]# docker exec -it 0d371349d2ef /bin/bash

docker search 172.16.8.100:5000/centos 查詢服務器鏡像

docker pull 172.16.8.100:5000/centos7 拉去服務器鏡像

docker? images? ?查詢本地鏡像

docker tag 修改鏡像名稱

[root@docker ~]# docker inspect nginx? ?獲取鏡像的元數據

docker push 上傳數據

docker rmi 刪除鏡像

docker? run? --name=web1? -d? nginx? ? 運行容器

只顯示運行中容器

?docker ps

顯示所有容器

?docker ps --all

docker? stop? web1? （容器名字）

docker? start? ?web1? ? （啟動容器）

docker? pause? web1（容器名字）? ? ?掛起web1

docker? ?kill? ?web 1? （容器名字）? ? 殺死web1

?docker rm? ?web? （容器運行狀態刪不掉）? ??docker rm?-f? web? (強制刪除)

?docker倉庫

Registry Server

服務端(倉庫端): 10.0.0.103

[root@docker103 ~]# docker pull registry? ?（下載倉庫）

[root@docker103 ~]# docker run --name registry_server -d -p 5000:5000 registry （運行倉庫指定端口）

客戶端:

docker軟件安裝

[root@docker101 ~]# vim /usr/lib/systemd/system/docker.service

[Service]

Type=notify

# the default is not to use systemd for cgroups because the delegate issues still

# exists and systemd currently does not support the cgroup feature set required

# for containers run by docker

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 10.0.0.103:5000? ? 信任本地的倉庫，免驗證

重啟服務? ? ?xiiu改完了，要重新加載啟動一些服務

[root@docker101 ~]# systemctl daemon-reload

[root@docker101 ~]# systemctl restart docker

修改需要上傳鏡像名稱:

[root@docker101 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE robinround/centos7.6 latest 0429a3daccd0 13 months ago 433MB vitotp/centos7.6 latest 0429a3daccd0 13 months ago 433MB

修改標簽

[root@docker101 ~]# docker tag vitotp/centos7.6 10.0.0.103:5000/centos7.6

上傳

[root@docker101 ~]# docker push 10.0.0.103:5000/centos7.6

doocker? 倉庫里的鏡像下載方法??

查詢私有倉庫內的鏡像? ? ?

[root@docker102 ~]# curl -XGET http://10.0.0.103:5000/v2/_catalog

{"repositories":["centos7.6"]}

查詢標簽列表

[root@docker102 ~]# curl -XGET http://10.0.0.103:5000/v2/centos7.6/tags/list

{"name":"centos7.6","tags":["latest"]}

docker? pull 10.0.0.103:5000/centos:7.6? ? 下載docker倉庫里的centos

harbor

harbor的部署

更換華為yum安裝源

[root@master ~]# mkdir /etc/yum.repos.d/old

[root@master ~]# mv /etc/yum.repos.d/* /etc/yum.repos.d/old/

[root@master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.huaweicloud.com/repository/conf/CentOS-7-anon.repo

[root@master ~]# yum makecache fast

安裝擴展源

[root@master ~]# yum install epel-release.noarch

安裝docker-ce源

[root@master ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo

[root@master ~]# yum install docker-ce

[root@master ~]# yum install docker-compose

啟動docker

[root@master ~]# systemctl restart docker

?

安裝harbor

https://github.com/vmware/harbor/releases

安裝有兩種方式，一種是off-line ，一種是on-line，即離線和在線安裝，離線安裝需要下載的安裝包較大，在線安裝下載的安裝包很小，可以根據自己的情況選擇，我選擇的是harbor-online-installer-v2.0.0.tgz 版本

[root@master ~]# tar -xvf harbor-online-installer-v2.0.0.tgz;cd harbor/

拷貝配置文件

[root@master harbor]# cp harbor.yml.tmpl harbor.yml

配置https：harbor默認工作方式是http，但是這只能在頁面訪問，默認harbor推送拉取鏡像時走的是https，所以需要配置下https。

1.需要的文件：

1. master.crt：服務器端的證書文件

2. master.key：服務器端的秘鑰

3. ca.crt：客戶端的證書文件

2.生成ca秘鑰和自簽名ca證書：

[root@master harbor]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:BJ

Locality Name (eg, city) [Default City]:BJ

Organization Name (eg, company) [Default Company Ltd]:EAST

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:master.com

Email Address []:

3.生成證書簽名請求（域名訪問，就把common name的值寫為域名）：

[root@master harbor]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout master.com.key -out master.com.csr

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:BJ

Locality Name (eg, city) [Default City]:BJ

Organization Name (eg, company) [Default Company Ltd]:EAST

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:master.com

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

4.生成證書

[root@master harbor]# openssl x509 -req -days 365 -in master.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out master.com.crt

Signature ok

subject=/C=CN/ST=BJ/L=BJ/O=EAST/OU=IT/CN=master.com

Getting CA Private Key

5.將harbor目錄移動到/etc下

[root@master ~]# cp -r /root/harbor /etc/

6.配置證書和私鑰文件位置

[root@master ~]# vim /etc/harbor/harbor.yml

7.執行install.sh安裝harbor

[root@master ~]# /etc/harbor/install.sh

成功后:

? ----Harbor has been installed and started successfully.----

8.

訪問:https://192.168.0.200/harbor

置下host，打開瀏覽器就可以用https訪問了

默認賬號是 admin 密碼 Harbor12345

9.docker登錄

首先配置host，然后在 /etc/docker/certs.d目錄下創建目錄，目錄名稱就是配置的hostname。然后將客戶端證書放入該目錄即可。

[root@master ~]# mkdir -p /etc/docker/certs.d/master.com

[root@master ~]# cp /etc/harbor/ca.crt /etc/docker/certs.d/master.com

[root@master ~]# docker login master.com

Username: admin

Password: Harbor12345

WARNING! Your password will be stored unencrypted in /root/.docker/config.json.

Configure a credential helper to remove this warning. See

docker login | Docker Docs

Login Succeeded

10.docker推送鏡像：

登錄harbor，可以看到有一個預置的項目，library。

11.測試推送

[root@master ~]# docker pull lanvv/centos7.5-yum

[root@master ~]# docker tag lanvv/centos7.5-yum master.com/library/centos7.5

[root@master ~]# docker push master.com/library/centos7.5

The push refers to repository [master.com/library/centos7.5]

214ee3fcbf95: Pushed

1d31b5806ba4: Pushed

latest: digest: sha256:8b6ce104f680f69dd67443068fd92d1692e8eb707d80dbefdff7232570aa907d size: 737

已上傳成功