2.11手动制作镜像

2.11.1制作支持ssh远程登陆的docker镜像

1:启动容器安装软件服务
[root@m03 my_dir]# docker run -it -p 1022:22 --name my_ssh centos:6.9
##进入了容器中
[root@26d39f3470fc /]# yum install openssh-server
## 生成秘钥对
[root@26d39f3470fc /]# /etc/init.d/sshd start
Generating SSH2 RSA host key:                              [  OK  ]
Generating SSH1 RSA host key:                              [  OK  ]
Generating SSH2 DSA host key:                              [  OK  ]
Starting sshd:                                             [  OK  ]

## 查看端口
[root@26d39f3470fc /]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      116/sshd            
tcp        0      0 :::22                       :::*                        LISTEN      116/sshd            
[root@26d39f3470fc /]# 

## 设置root密码
[root@26d39f3470fc /]# passwd
Changing password for user root.
New password: 
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: is too simple
Retype new password: 
passwd: all authentication tokens updated successfully.

测试ssh服务
[root@m02 /]# ssh root@10.0.0.63 -p 1022
Warning: Permanently added '[10.0.0.63]:1022' (RSA) to the list of known hosts.
root@10.0.0.63s password: 
[root@26d39f3470fc ~]# 
[root@26d39f3470fc /]# exit      
exit

2:将安装好服务的容器commit提交为镜像

[root@m03 my_dir]# docker commit my_ssh centos6-ssh:v1
sha256:620176578b795ce542ea7e458d87b6f53f963ae6fad0ece05c084e4b5d5230f3
[root@m03 my_dir]# docker images
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
centos6-ssh              v1                  620176578b79        46 seconds ago      312 MB
docker.io/httpd          2.4                 7d85cc3b2d80        5 days ago          154 MB
docker.io/centos         latest              67fa590cfc1c        6 days ago          202 MB
docker.io/nginx          latest              5a3221f0137b        11 days ago         126 MB
docker.io/centos         6.8                 82f3b5f3c58f        5 months ago        195 MB
docker.io/centos         6.9                 2199b8eb8390        5 months ago        195 MB
docker.io/centos/httpd   latest              2cc07fbb5000        8 months ago        258 MB

3:   启动新容器来测试新提交的镜像
/usr/sbin/sshd -D需要让该命令在前端一直处于运行状态,否则容器的状态就是Exit。
[root@m03 my_dir]# docker run -d -p 2022:22 centos6-ssh:v1 /usr/sbin/sshd -D
0aa77ba112dfdf5261da559ae71d006ccf216edcd335ca02d2371b6fb048c579
测试新的容器
[root@m02 /]# ssh root@10.0.0.63 -p 2022
Warning: Permanently added '[10.0.0.63]:2022' (RSA) to the list of known hosts.
root@10.0.0.63 s password: 
Last login: Tue Aug 27 09:15:48 2019 from 10.0.0.62
[root@0aa77ba112df ~]# ls
anaconda-ks.cfg  install.log  install.log.syslog

2.11.2制作支持ssh+httpd双服务的镜像

1:启动容器安装软件服务
docker run -it --name oldgirl centos:6.9 
yum install httpd
yum install openssh-server
/etc/init.d/sshd start
passwd 

###容器启动脚本
vi /init.sh
#!/bin/bash
/etc/init.d/httpd start
/etc/init.d/sshd start
tail -F /var/log/messages
#只要让脚本一直处于运行中就可以,否则容器就是Exit退出状态。


2:将安装好服务的容器commit提交为镜像
docker commit oldgirl centos6-ssh-httpd:v1

3:启动新容器来测试新提交的镜像
docker run -d -p 8080:80 -p 1122:22 centos6-ssh-httpd:v1 /bin/bash /init.sh
测试ssh服务
[root@m02 /]# ssh 10.0.0.63 -p 1122
Warning: Permanently added '[10.0.0.63]:1122' (RSA) to the list of known hosts.
root@10.0.0.63's password: 
[root@9ac3d33f5abc ~]# 

2.12Dockerfile自动构建镜像

2.12.1手动docker镜像的缺点

相对于手动制作的docker镜像,使用dockerfile构建的镜像有以下优点:
1:dockerfile只有几kb,便于传输

2:使用dockerfile构建出来的镜像,在运行容器的时候,不用指定容器的初始命令

3:支持更多的自定义操作

2.12.2dockerfile常用命令

dockerfile常用指令:
	FROM 这个镜像的妈妈是谁?(指定基础镜像)
	MAINTAINER 告诉别人,谁负责养它?(指定维护者信息,可以没有)
	RUN 你想让它干啥(在命令前面加上RUN即可)
	ADD 给它点创业资金(COPY文件,会自动解压)
	WORKDIR 我是cd,今天刚化了妆(设置当前工作目录)
	VOLUME 给它一个存放行李的地方(设置卷,挂载主机目录)
	EXPOSE 它要打开的门是啥(指定对外的端口)(-P 随机端口)
	CMD 奔跑吧,兄弟!(指定容器启动后的要干的事情)(容易被替换)
	
dockerfile其他指令:	
	COPY 复制文件
	ENV  环境变量
	ENTRYPOINT  容器启动后执行的命令(无法被替换,启容器的时候指定的命令,会被当成参数)

2.12.3dockerfile实战1

dockerfile制作docker镜像步骤:
1:编写dockerfile
vi  dockerfile
FROM  centos:6.9
RUN     yum install openssh-server -y
RUN     /etc/init.d/sshd start
RUN     echo 123456|passwd --stdin root 
CMD     ["/usr/sbin/sshd","-D"]

2:docker build构建镜像
docker build -t centos6-ssh:v2  .

3:   启动新容器来测试新构建的镜像
docker run -d -p 1322:22 centos6-ssh:v2  

2.13.4dockerfile实战2

dockerfile制作docker镜像步骤:
1:编写dockerfile
FROM  centos:6.9
RUN     yum install openssh-server httpd -y
RUN     /etc/init.d/sshd start
ADD      init.sh   /init.sh 
# 两个服务的端口,用于做端口映射
EXPOSE  22 80
#设置登录进容器后,当前的工作目录
WORKDIR /root
# 创建容器的时候,可以指定该变量的值,也可以不指定,就使用这里的默认值
ENV     SSH_PASSWD=123456
CMD     ["/bin/bash","/init.sh"]

###容器启动脚本
vi /init.sh
#!/bin/bash
echo $SSH_PASSWD|passwd --stdin root
/etc/init.d/httpd start
/usr/sbin/sshd -D


2:docker build构建镜像
docker build -t centos6-ssh-httpd:v5

3:启动新容器来测试新提交的镜像
[root@m03 opt]# docker run -d -p 1222:22 -p 8880:80 --env "SSH_PASSWD=123456" centos6-ssh:v5
005341d6fb11a0207384e77afcb9ed026a41ee4fe3306734f94c82dc80e9da6b
[root@m03 opt]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                                        NAMES
005341d6fb11        centos6-ssh:v5      "/bin/bash /init.sh"   8 seconds ago       Up 7 seconds        0.0.0.0:1222->22/tcp, 0.0.0.0:8880->80/tcp   elated_goldstine


2.13.5dockerfile部署

把项目封装成docker镜像的步骤:
1:先运行一个基础容器,手动制作docker镜像,把操作命令复制出来,用于书写dockerfile
[root@fbf9f4df96d1 html]# history
    1  yum install -y httpd php php-cli -y
    2  cd /var/www/html/
    3  curl -o http://static.kodcloud.com/update/download/kodexplorer4.37.zip
    4  curl -o kodexplorer4.37.zip http://static.kodcloud.com/update/download/kodexplorer4.37.zip
    5  ll
    6  yum install unzip
    7  unzip kodexplorer4.37.zip 
    8  ll
    9  yum install php-gd php-mbstring
   10  service httpd start
   11  chmod -R 777 /var/www/html/
   12  history

2:编写dockerfile,构建镜像

3:测试运行

[root@m03 opt]# cat dockerfile 
FROM centos:6.9
RUN yum install -y httpd php php-cli php-gd php-mbstring  unzip
WORKDIR /var/www/html/
COPY  kodexplorer4.37.zip .
RUN unzip kodexplorer4.37.zip 
RUN chmod -R 777 /var/www/html/
ADD init.sh /init.sh
EXPOSE 80
CMD ["/bin/bash", "/init.sh"]

[root@m03 opt]# cat init.sh 
#!/bin/bash
/etc/init.d/httpd start
tail -F /var/log/messages
[root@m03 opt]# 

构建镜像
[root@m03 opt]# docker build -t kodyun:v1 .

创建容器
[root@m03 opt]# docker run -d -p 80:80 kodyun:v1
04e02985a4db2a5674c227c6fc7fb56609c98aa12f0c49739ccb7452b61a8352
[root@m03 opt]# docker ps -a 
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                NAMES
04e02985a4db        kodyun:v1           "/bin/bash /init.sh"   5 seconds ago       Up 4 seconds        0.0.0.0:80->80/tcp   upbeat_cori
[

2.14docker镜像的分层

2.14.1分层的好处

分层的好处:共享资源,节省资源
有多个镜像都从相同的 base 镜像构建而来,那么 Docker Host 只需在磁盘上保存一份 base 镜像;同时内存中也只需加载一份 base 镜像,就可以为所有容器服务了

2.14.2dockerfile run的原理

在运行过程中,会创建临时容器
--no-trunc可以看到完整的命令

2.14.3docker简单总结

2.15容器间的互联

2.15.1--link完成荣期间的互联

容器间互联的方法:--link  单方向的创建Link的容器能连接之前创建的容器
docker run -d --name my_httpd  httpd:latest 
docker run -it --link my_httpd:web01 centos:6.8
测试:
curl   my_httpd
curl  web01

原理:
cat /etc/hosts

[root@m03 lib]# docker run -d --name my_httpd  httpd:latest
Unable to find image 'httpd:latest' locally
Trying to pull repository docker.io/library/httpd ... 
latest: Pulling from docker.io/library/httpd
Digest: sha256:98caed3e3a90ed9db8d25dcbb98eebe0ce56358a9dbbc940d7eb66a8e2b88252
Status: Downloaded newer image for docker.io/httpd:latest
db023fbf798d872cbbb5303f6899635bc550a5a35e4b7d1bb2246ea0dc8a8a2f

[root@m03 lib]# docker run -it --link my_httpd:web01 centos:6.9
#访问容器的name也可以
[root@37811b332ce4 /]# curl my_httpd
<html><body>It works!</body></html>

#访问主机名也可以
[root@37811b332ce4 /]# curl web01
<html><body>It works!</body></html>

#原理是--link添加了主机名映射
[root@37811b332ce4 /]# cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.3	web01 db023fbf798d my_httpd
172.17.0.4	37811b332ce4
[root@37811b332ce4 /]# ^C
[root@37811b332ce4 /]# 


2.15.2容器间互联的应用-zabbix安装

体验一下即可,不要再生产环境中把zabbix搭建在容器中,由于容器精简,在配置邮件告警的时候,不能配置。
docker run --name mysql-server -t \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      -d mysql:5.7 \
      --character-set-server=utf8 --collation-server=utf8_bin

docker run --name zabbix-java-gateway -t \
      -d zabbix/zabbix-java-gateway:latest

docker run --name zabbix-server-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      -e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
      --link mysql-server:mysql \
      --link zabbix-java-gateway:zabbix-java-gateway \
      -p 10051:10051 \
      -d zabbix/zabbix-server-mysql:latest

docker run --name zabbix-web-nginx-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      --link mysql-server:mysql \
      --link zabbix-server-mysql:zabbix-server \
      -p 80:80 \
      -d zabbix/zabbix-web-nginx-mysql:latest

2.16私有仓库registry

2.16.1没有认证的私有仓库

m02服务器10.0.0.62
m03服务器10.0.0.63

m02服务器上
运行docker私有仓库:
[root@m02 /]# mkdir /opt/myregistry
[root@m02 /]# docker run -d -p 5000:5000 --restart=always  -v /opt/myregistry:/var/lib/registry  registry
5258714d435c133670d04c00784c8f10b018224525a522770a1a88a7d3155237
当容器启动完成,私有仓库就可以使用了

m03服务器上
a:给要上传的镜像打tag
[root@m03 opt]# docker image tag httpd:latest 10.0.0.62:5000/httpd:latest
[root@m03 opt]# docker images
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
docker.io/httpd          2.4                 7d85cc3b2d80        5 days ago          154 MB
docker.io/httpd          latest              7d85cc3b2d80        5 days ago          154 MB
10.0.0.62:5000/httpd     latest              7d85cc3b2d80        5 days ago          154 MB

b:上传
[root@m03 opt]# docker push 10.0.0.62:5000/httpd:latest
The push refers to a repository [10.0.0.62:5000/httpd]
Get https://10.0.0.62:5000/v1/_ping: http: server gave HTTP response to HTTPS client

报错解决方法,在m03服务器上:
[root@m03 opt]# vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["10.0.0.62:5000"]
}
[root@m03 opt]# systemctl restart docker

[root@m03 opt]# docker push 10.0.0.62:5000/httpd:latest
The push refers to a repository [10.0.0.62:5000/httpd]
9e0ab3afff15: Pushed 
7a0960d9b679: Pushed 
8b16516271d6: Pushed 
5bcb93651a74: Pushed 
1c95c77433e8: Pushed 
latest: digest: sha256:90cca2f9c32ad25afa180da6b14f35de9990cb02b9007350a5bccef4cac1e1c9 size: 1367
[root@m03 opt]# 

#再上传一个
[root@m03 opt]# docker tag centos:6.8 10.0.0.62:5000/centos:6.8
[root@m03 opt]# docker push 10.0.0.62:5000/centos:6.8
The push refers to a repository [10.0.0.62:5000/centos]
ad337ac82f03: Pushed 
6.8: digest: sha256:3e472cabf40e9beee56affc1fdce0e897dadc4e6063c00cd16bcbdbd3ba96864 size: 529
[root@m03 opt]# 

#在m02端查看push的镜像
[root@m02 repositories]# ll
total 0
drwxr-xr-x 5 root root 55 Aug 27 22:53 centos
drwxr-xr-x 5 root root 55 Aug 27 22:48 httpd
[root@m02 repositories]# pwd
/opt/myregistry/docker/registry/v2/repositories
[root@m02 repositories]# 
[root@m02 repositories]# tree centos
centos
├── _layers
│   └── sha256
│       ├── 7ce0cebb9dca298e1b098715615f8acb6bb6ccc449e765e6448dd2120cdf9fd2
│       │   └── link
│       └── 82f3b5f3c58f22e50d6b05f227c675af504cffc9dff7e318df5fc40faee6410e
│           └── link
├── _manifests
│   ├── revisions
│   │   └── sha256
│   │       └── 3e472cabf40e9beee56affc1fdce0e897dadc4e6063c00cd16bcbdbd3ba96864
│   │           └── link
│   └── tags
│       └── 6.8
│           ├── current
│           │   └── link
│           └── index
│               └── sha256
│                   └── 3e472cabf40e9beee56affc1fdce0e897dadc4e6063c00cd16bcbdbd3ba96864
│                       └── link
└── _uploads

15 directories, 5 files
[root@m02 repositories]#

2.16.2有认证的私有仓库

a:base认证密码文件准备
[root@m02 repositories]# yum install httpd-tools -y
[root@m02 repositories]# mkdir /opt/registry-var/auth/ -p
[root@m02 repositories]# htpasswd  -Bbn vita 123456  >> /opt/registry-var/auth/htpasswd

b:启动docker私有仓库
[root@m02 repositories]# docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry 


[root@m03 opt]# docker pull 10.0.0.62:5000/centos:6.8
Trying to pull repository 10.0.0.62:5000/centos ... 
Pulling repository 10.0.0.62:5000/centos
Error: image centos:6.8 not found
#登录
[root@m03 opt]# docker login 10.0.0.62:5000
#输入用户名和密码
Username: vita
Password: 
Login Succeeded
[root@m03 opt]# docker pull 10.0.0.62:5000/centos:6.8
Trying to pull repository 10.0.0.62:5000/centos ... 
6.8: Pulling from 10.0.0.62:5000/centos
7ce0cebb9dca: Pull complete 
Digest: sha256:3e472cabf40e9beee56affc1fdce0e897dadc4e6063c00cd16bcbdbd3ba96864
Status: Downloaded newer image for 10.0.0.62:5000/centos:6.8
[root@m03 opt]# 

2.17容器编排工具docker-compose

安装:
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install -y python2-pip
pip install docker-compose

检查是否安装成功
docker-compose -v

#名字只能是这个
vi docker-compose.yml
version: '3'
services:
   db:
     image: mysql:5.7
     volumes:
       - db_data:/var/lib/mysql
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: somewordpress
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: wordpress
   wordpress:
     depends_on:
       - db
     image: wordpress:latest
     volumes:
       - web_data:/var/www/html
     ports:
       - "80"
     restart: always
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: wordpress
volumes:
    db_data:
    web_data:

配置nginx负载均衡

2.18docker容器的四种网络类型

None:不为容器配置任何网络功能,--net=none

Container:与另一个运行中的容器共享Network Namespace,--net=container:containerID

Host:与主机共享Network Namespace,--net=host

Bridge:Docker设计的NAT网络模型

None:不为容器配置任何网络功能,--net=none
[root@m02 ~]# docker run -it --network none busybox:latest
/ # ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
					
[root@m02 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
1081758c9f32        busybox:latest      "sh"                     2 minutes ago       Up 2 minutes                                 awesome_albattani
bc7598d59d99        registry            "/entrypoint.sh /e..."   9 hours ago         Up 9 hours          0.0.0.0:5000->5000/tcp   practical_meninsky
[root@m02 ~]# docker inspect 1081758c9f32
.......................
 "Networks": {
                "none": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "7c8ca554183c5fb6e2d60ec953d10f535512cc1c8a2634ecd22001a4e72b62f6",
                    "EndpointID": "4305ad25bfb7cfc603e29e7abc2a3c18b29e944b879d30ecf9016995afe7fb7d",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": ""
                }

Container:与另一个运行中的容器共享Network Namespace,--net=container:containerID
[root@m02 ~]# docker run -d httpd:latest
27e313f7f1faee636791efba8b3e07043b8a2aa654b16858f59204883f152575
[root@m02 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS               NAMES
27e313f7f1fa        httpd:latest        "httpd-foreground"   13 seconds ago      Up 12 seconds       80/tcp              agitated_wescoff
[root@m02 ~]# docker inspect 27e313f7f1fa
[
    {
        "Id": "27e313f7f1faee636791efba8b3e07043b8a2aa654b16858f59204883f152575",
        "Created": "2019-08-28T00:21:11.762275464Z",
        "Path": "httpd-foreground",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 3168,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2019-08-28T00:21:12.169841859Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
"Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "0c7c6a23a122615a75e9015898472666ba5bd944a21900dddcfce33d2b28159c",
                    "EndpointID": "75b8d08b72591e315765b9625ebbfc768bebba65faa1b68ce5a0f9e2eff9ad22",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02"
                }
            }
        }
    }
]

#新建一个容器,使用刚刚的容器的网络
[root@m02 ~]# docker run -it --network container:agitated_wescoff centos:6.8
[root@27e313f7f1fa /]# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02  
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:648 (648.0 b)  TX bytes:648 (648.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

[root@27e313f7f1fa /]# 
#因为共用网络,端口也是共用杠杠的容器
[root@27e313f7f1fa /]# netstat -antlp|grep 80
tcp        0      0 :::80                       :::*                        LISTEN      -                   
[root@27e313f7f1fa /]# 
#查看新建的容器信息
[root@m02 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS                     PORTS               NAMES
3a531547b73e        centos:6.8          "/bin/bash"          2 minutes ago       Exited (0) 4 seconds ago                       tender_borg
27e313f7f1fa        httpd:latest        "httpd-foreground"   7 minutes ago       Up 7 minutes               80/tcp              agitated_wescoff
[root@m02 ~]# docker inspect 3a531547b73e
[
    {
        "Id": "3a531547b73eb6433e3810872172b35d4ac3850103ccd47d719adf6261e8ea59",
        "Created": "2019-08-28T00:26:25.077298262Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
            "Status": "exited",
            "Running": false,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2019-08-28T00:26:25.469976229Z",
            "FinishedAt": "2019-08-28T00:29:01.072285007Z"
        },
 "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": null,
            "SandboxKey": "",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {}
        }
    }
]

Host:与主机共享Network Namespace,--net=host
所有的都共用宿主机的,连主机名都相同

[root@m02 ~]# docker run -it --network host centos:6.8
[root@m02 /]# ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:AD:A4:9A:88  
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:adff:fea4:9a88/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:11733 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14400 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:141160524 (134.6 MiB)  TX bytes:127797476 (121.8 MiB)

eth0      Link encap:Ethernet  HWaddr 00:0C:29:E1:5B:21  
          inet addr:10.0.0.62  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fee1:5b21/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:376726 errors:0 dropped:0 overruns:0 frame:0
          TX packets:152587 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:534721552 (509.9 MiB)  TX bytes:282402392 (269.3 MiB)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:E1:5B:2B  
          inet addr:172.16.1.62  Bcast:172.16.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fee1:5b2b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:938 (938.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:200 (200.0 b)  TX bytes:200 (200.0 b)

[root@m02 /]# exit
exit

[root@m02 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS                     PORTS               NAMES
1d73f7bdbfa6        centos:6.8          "/bin/bash"         About a minute ago   Exited (0) 6 seconds ago                       determined_hopper
[root@m02 ~]# docker inspect 1d73f7bdbfa6
[
    {
        "Id": "1d73f7bdbfa6240eae5ccb28e1f71e0c861003df0c37d12e67890c0cd1e4583e",
        "Created": "2019-08-28T00:32:55.945298156Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
            "Status": "exited",
            "Running": false,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2019-08-28T00:32:56.280099664Z",
            "FinishedAt": "2019-08-28T00:34:43.941655105Z"
        },
"Networks": {
                "host": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "15e1f917a440af4fd581f1f1558d614d544c009bba9c7e1a45896dd2a4b77866",
                    "EndpointID": "",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": ""
                }
            }
        }
    }
]

Bridge:Docker设计的NAT网络模型

[root@m02 ~]# docker run -it --network bridge centos:6.8
[root@e6d67d5940dd /]# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02  
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:578 (578.0 b)  TX bytes:578 (578.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
[root@e6d67d5940dd /]# exit
exit

[root@m02 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS                     PORTS               NAMES
e6d67d5940dd        centos:6.8          "/bin/bash"         About a minute ago   Exited (0) 3 seconds ago                       loving_wescoff
1d73f7bdbfa6        centos:6.8          "/bin/bash"         6 minutes ago        Exited (0) 4 minutes ago                       determined_hopper
[root@m02 ~]# docker inspect e6d67d5940dd
[
    {
        "Id": "e6d67d5940dd450e51e3f63030afff780e46878028e9bc42681f864b94314245",
        "Created": "2019-08-28T00:38:03.085308573Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
            "Status": "exited",
            "Running": false,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2019-08-28T00:38:03.556114819Z",
            "FinishedAt": "2019-08-28T00:39:16.185458418Z"
        },
"Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "0c7c6a23a122615a75e9015898472666ba5bd944a21900dddcfce33d2b28159c",
                    "EndpointID": "",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": ""
                }
            }
        }
    }
]

2.19跨主机通信之macvlan

性能比较好

创建macvlan:
docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1

测试:
m02:
docker run -it --network macvlan_1 --ip=10.0.0.111 busybox:latest /bin/sh
m03:
docker run -it --network macvlan_1 --ip=10.0.0.112 busybox:latest /bin/sh

两个虚拟机中的容器网络不能互通,可以开启混杂模式.
[root@m02 ~]# ip link set eth0 promisc on
[root@m02 ~]# ip link show eth0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:e1:5b:21 brd ff:ff:ff:ff:ff:ff
[root@m02 ~]# 

#关闭混杂模式
[root@m02 ~]# ip link set eth0 promisc off
[root@m02 ~]# ip link show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:e1:5b:21 brd ff:ff:ff:ff:ff:ff
[root@m02 ~]# 

m02和m03上都执行下面的命令
docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1

[root@m03 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
76fe5d619a55        bridge              bridge              local
7f1efb6dc734        host                host                local
fd980e8f4294        macvlan_1           macvlan             local
82a72dedf7e6        none                null                local
b4fb0955463c        opt_default         bridge              local
[root@m03 ~]# 

#m02:
[root@m02 ~]# docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
43b7a844e32523b3cfd88ebf4cc922b84c42f10c95b02fc297cba3ab2abc935a
[root@m02 ~]# docker run -it --network macvlan_1 --ip=10.0.0.111 busybox:latest /bin/sh
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:0A:00:00:6F  
          inet addr:10.0.0.111  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::42:aff:fe00:6f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:60 (60.0 B)  TX bytes:648 (648.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # 


#m03:
[root@m03 ~]# docker run -it --network macvlan_1 --ip=10.0.0.112 busybox:latest /bin/sh
Unable to find image 'busybox:latest' locally
Trying to pull repository docker.io/library/busybox ... 
latest: Pulling from docker.io/library/busybox
ee153a04d683: Pull complete 
Digest: sha256:9f1003c480699be56815db0f8146ad2e22efea85129b5b5983d0e0fb52d9ab70
Status: Downloaded newer image for docker.io/busybox:latest
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:0A:00:00:70  
          inet addr:10.0.0.112  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::42:aff:fe00:70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:60 (60.0 B)  TX bytes:648 (648.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
					
#ping另一个主机上的容器
/ # ping 10.0.0.112
PING 10.0.0.112 (10.0.0.112): 56 data bytes
64 bytes from 10.0.0.112: seq=0 ttl=64 time=0.155 ms
64 bytes from 10.0.0.112: seq=1 ttl=64 time=0.180 ms
^C
--- 10.0.0.112 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.155/0.167/0.180 ms
/ # 

#笔记本ping虚拟机中的容器,网络也是互通的
[c:\~]$ ping 10.0.0.112

正在 Ping 10.0.0.112 具有 32 字节的数据:
来自 10.0.0.112 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.0.112 的回复: 字节=32 时间<1ms TTL=64

10.0.0.112 的 Ping 统计信息:
    数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
    最短 = 0ms,最长 = 0ms,平均 = 0ms
^C

2.20跨主机通信之overlay

1)准备工作
m04-10.0.0.64上
[root@m04 ~]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
4ace81ed1bf02a4fdb736d79380de93ca14fabeb55d671c45681c4d51e207d82

m02-10.0.0.62上:
[root@m02 ~]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@m02 ~]# cat /etc/docker/daemon.json 
{
  "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
  "cluster-store": "consul://10.0.0.64:8500",
  "cluster-advertise": "10.0.0.62:2376"
}
[root@m02 ~]# 

m03-10.0.0.63上
[root@m03 ~]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@m03 ~]# cat /etc/docker/daemon.json 
{
  "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
  "cluster-store": "consul://10.0.0.64:8500",
  "cluster-advertise": "10.0.0.63:2376"
}
[root@m03 ~]# 

2)创建overlay网络,在一台虚拟机中操作即可,两台虚拟机中都会有该网络,因为数据存储在64服务器上,数据共享
docker network create -d overlay ol1
创建设置网段的overlay
docker network create -d overlay --subnet 172.16.0.0/16 ol4

3)启动容器测试,两个虚拟机m02和m03中都要操作
docker run -it --network ol1 --name vita  busybox:latest /bin/sh


#m04-10.0.0.64上
[root@m04 ~]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
4ace81ed1bf02a4fdb736d79380de93ca14fabeb55d671c45681c4d51e207d82

#m02-10.0.0.62上:
[root@m02 ~]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@m02 ~]# cat /etc/docker/daemon.json 
{
  "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
  "cluster-store": "consul://10.0.0.64:8500",
  "cluster-advertise": "10.0.0.62:2376"
}
[root@m02 ~]# 

#m03-10.0.0.63上
[root@m03 ~]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@m03 ~]# cat /etc/docker/daemon.json 
{
  "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
  "cluster-store": "consul://10.0.0.64:8500",
  "cluster-advertise": "10.0.0.63:2376"
}
[root@m03 ~]# 

http://10.0.0.64:8500/ui/#/dc1/kv/docker/nodes/

看到两个节点,说明没问题

#m02上操作
[root@m02 ~]# docker network create -d overlay ol1
534fbb9508eb9b0011ff80178e901a71e00c740ef37b52b9fe8e9d2fea2c1030
[root@m02 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
b03ef5e1e672        bridge              bridge              local
15e1f917a440        host                host                local
43b7a844e325        macvlan_1           macvlan             local
7c8ca554183c        none                null                local
534fbb9508eb        ol1                 overlay             global
[root@m02 ~]# 
[root@m02 ~]# docker run -it --network ol1 --name m02  busybox:latest /bin/sh
/ # 

#m03上操作
[root@m03 ~]# docker run -it --network ol1 --name m03  busybox:latest /bin/sh
#测试网络是否互通,可以通过容器名称进行互通,因为数据存储在84服务器的服务中
/ # ping m02
PING m02 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=64 time=4.153 ms
64 bytes from 10.0.0.2: seq=1 ttl=64 time=3.596 ms
64 bytes from 10.0.0.2: seq=2 ttl=64 time=0.309 ms
^C
--- m02 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.309/2.686/4.153 ms
/ # 
/ # ping www.baidu.com
PING www.baidu.com (180.101.49.11): 56 data bytes
64 bytes from 180.101.49.11: seq=0 ttl=127 time=17.118 ms
64 bytes from 180.101.49.11: seq=1 ttl=127 time=105.181 ms

#笔记本ping m02上创建的容器,网络不通
[c:\~]$ ping 10.0.0.2

正在 Ping 10.0.0.2 具有 32 字节的数据:
来自 10.0.0.1 的回复: 无法访问目标主机。
请求超时。

10.0.0.2 的 Ping 统计信息:
    数据包: 已发送 = 2,已接收 = 1,丢失 = 1 (50% 丢失),

[c:\~]$ 

#在m02中
[root@m02 ~]# docker run -d -p 8080:80 httpd
2b7d07f25a5d762ac9691ee46c4afb754a91cfc6eb35370da07d5f0745a97975
[root@m02 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS                      PORTS                  NAMES
2b7d07f25a5d        httpd               "httpd-foreground"   11 seconds ago      Up 10 seconds               0.0.0.0:8080->80/tcp   zealous_bohr
4d430358e388        httpd               "httpd-foreground"   21 seconds ago      Created                                            cocky_boyd
c341b13ca489        busybox:latest      "/bin/sh"            7 minutes ago       Exited (0) 33 seconds ago                          m02
[root@m02 ~]# 

2.21企业级镜像仓库harbor


第一步:安装docker和docker-compose
安装docker:
yum install -y docker-io
安装docker-compose:
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install -y python2-pip
pip install docker-compose

检查是否安装成功
docker-compose -v

第二步:下载harbor-offline-installer-v1.5.1.tgz

第三步:上传到/opt,并解压

第四步:修改harbor.cfg配置文件
hostname = 10.0.0.63
harbor_admin_password = 123456

第五步:执行install.sh

[root@m03 opt]# docker rm -f `docker ps -a -q`
33dc41530c38
57ea913e407d
[root@m03 opt]# tar -xvf harbor-offline-installer-v1.5.1.tgz 
harbor/common/templates/
harbor/common/templates/nginx/
harbor/common/templates/nginx/nginx.https.conf
harbor/common/templates/nginx/notary.server.conf
harbor/common/templates/nginx/nginx.http.conf
harbor/common/templates/nginx/notary.upstream.conf
harbor/common/templates/ui/
harbor/common/templates/ui/env
harbor/common/templates/ui/private_key.pem
harbor/common/templates/ui/app.conf
harbor/common/templates/notary/
harbor/common/templates/notary/mysql-initdb.d/
harbor/common/templates/notary/mysql-initdb.d/initial-notarysigner.sql
harbor/common/templates/notary/mysql-initdb.d/initial-notaryserver.sql
harbor/common/templates/notary/notary-signer.crt
harbor/common/templates/notary/signer-config.json
harbor/common/templates/notary/notary-signer-ca.crt
harbor/common/templates/notary/signer_env
harbor/common/templates/notary/server-config.json
harbor/common/templates/notary/notary-signer.key
harbor/common/templates/adminserver/
harbor/common/templates/adminserver/env
harbor/common/templates/db/
harbor/common/templates/db/env
harbor/common/templates/registry/
harbor/common/templates/registry/root.crt
harbor/common/templates/registry/config.yml
harbor/common/templates/registry/config_ha.yml
harbor/common/templates/log/
harbor/common/templates/log/logrotate.conf
harbor/common/templates/jobservice/
harbor/common/templates/jobservice/env
harbor/common/templates/jobservice/config.yml
harbor/common/templates/clair/
harbor/common/templates/clair/postgres_env
harbor/common/templates/clair/config.yaml
harbor/common/templates/clair/postgresql-init.d/
harbor/common/templates/clair/postgresql-init.d/README.md
harbor/common/templates/clair/clair_env
harbor/harbor.v1.5.1.tar.gz
harbor/prepare
harbor/NOTICE
harbor/LICENSE
harbor/install.sh
harbor/harbor.cfg
harbor/docker-compose.yml
harbor/ha/
harbor/ha/sample/
harbor/ha/sample/active_active/
harbor/ha/sample/active_active/keepalived_active_active.conf
harbor/ha/sample/active_active/check.sh
harbor/ha/sample/active_standby/
harbor/ha/sample/active_standby/keepalived_active_standby.conf
harbor/ha/sample/active_standby/check_harbor.sh
harbor/ha/registry.sql
harbor/ha/docker-compose.tpl
harbor/ha/docker-compose.clair.yml
harbor/ha/docker-compose.clair.tpl
harbor/ha/docker-compose.yml
harbor/docker-compose.notary.yml
harbor/docker-compose.clair.yml
[root@m03 opt]# ll
total 858200
-rw-r--r-- 1 root root       603 Aug 27 23:24 docker-compose.yml
-rw-r--r-- 1 root root       255 Aug 27 19:56 dockerfile
drwxr-xr-x 4 root root       229 Aug 28 09:59 harbor
-rw-r--r-- 1 root root 864933610 Aug 28 09:58 harbor-offline-installer-v1.5.1.tgz
-rw-r--r-- 1 root root        62 Aug 27 19:57 init.sh
-rw-r--r-- 1 root root  13845184 Aug 27 19:55 kodexplorer4.37.zip
drwxr-xr-x 2 root root        24 Aug 27 16:26 my_dir
drwxr-xr-x 2 root root         6 Aug 27 22:27 myregistry
[root@m03 opt]# cd harbor/
[root@m03 harbor]# ll
total 856136
drwxr-xr-x 3 root root        23 Aug 28 09:58 common
-rw-r--r-- 1 root root      1185 May 31  2018 docker-compose.clair.yml
-rw-r--r-- 1 root root      1725 May 31  2018 docker-compose.notary.yml
-rw-r--r-- 1 root root      3596 May 31  2018 docker-compose.yml
drwxr-xr-x 3 root root       156 May 31  2018 ha
-rw-r--r-- 1 root root      6687 May 31  2018 harbor.cfg
-rw-r--r-- 1 root root 876607879 May 31  2018 harbor.v1.5.1.tar.gz
-rwxr-xr-x 1 root root      5773 May 31  2018 install.sh
-rw-r--r-- 1 root root     10771 May 31  2018 LICENSE
-rw-r--r-- 1 root root       482 May 31  2018 NOTICE
-rwxr-xr-x 1 root root     27379 May 31  2018 prepare
[root@m03 harbor]# vim harbor.cfg 
[root@m03 harbor]# sh install.sh 

[Step 0]: checking installation environment ...

Note: docker version: 1.13.1

Note: docker-compose version: 1.24.1

[Step 1]: loading Harbor images ...
52ef9064d2e4: Loading layer [==================================================>] 135.9 MB/135.9 MB
4a6862dbadda: Loading layer [==================================================>] 23.25 MB/23.25 MB
58b7d0c522b2: Loading layer [==================================================>]  24.4 MB/24.4 MB
9cd4bb748634: Loading layer [==================================================>] 7.168 kB/7.168 kB
c81302a14908: Loading layer [==================================================>] 10.56 MB/10.56 MB
7848e9ba72a3: Loading layer [==================================================>] 24.39 MB/24.39 MB
Loaded image: vmware/harbor-ui:v1.5.1
f1691b5a5198: Loading layer [==================================================>] 73.15 MB/73.15 MB
a529013c99e4: Loading layer [==================================================>] 3.584 kB/3.584 kB
d9b4853cff8b: Loading layer [==================================================>] 3.072 kB/3.072 kB
3d305073979e: Loading layer [==================================================>] 4.096 kB/4.096 kB
c9e17074f54a: Loading layer [==================================================>] 3.584 kB/3.584 kB
956055840e30: Loading layer [==================================================>] 9.728 kB/9.728 kB
Loaded image: vmware/harbor-log:v1.5.1
185db06a02d0: Loading layer [==================================================>] 23.25 MB/23.25 MB
835213979c70: Loading layer [==================================================>]  20.9 MB/20.9 MB
f74eeb41c1c9: Loading layer [==================================================>]  20.9 MB/20.9 MB
Loaded image: vmware/harbor-jobservice:v1.5.1
9bd5c7468774: Loading layer [==================================================>] 23.25 MB/23.25 MB
5fa6889b9a6d: Loading layer [==================================================>]  2.56 kB/2.56 kB
bd3ac235b209: Loading layer [==================================================>]  2.56 kB/2.56 kB
cb5d493833cc: Loading layer [==================================================>] 2.048 kB/2.048 kB
557669a074de: Loading layer [==================================================>]  22.8 MB/22.8 MB
f02b4f30a9ac: Loading layer [==================================================>]  22.8 MB/22.8 MB
Loaded image: vmware/registry-photon:v2.6.2-v1.5.1
5d3b562db23e: Loading layer [==================================================>] 23.25 MB/23.25 MB
8edca1b0e3b0: Loading layer [==================================================>] 12.16 MB/12.16 MB
ce5f11ea46c0: Loading layer [==================================================>]  17.3 MB/17.3 MB
93750d7ec363: Loading layer [==================================================>] 15.87 kB/15.87 kB
36f81937e80d: Loading layer [==================================================>] 3.072 kB/3.072 kB
37e5df92b624: Loading layer [==================================================>] 29.46 MB/29.46 MB
Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.1
0a2f8f90bd3a: Loading layer [==================================================>] 401.3 MB/401.3 MB
41fca4deb6bf: Loading layer [==================================================>] 9.216 kB/9.216 kB
f2e28262e760: Loading layer [==================================================>] 9.216 kB/9.216 kB
68677196e356: Loading layer [==================================================>]  7.68 kB/7.68 kB
2b006714574e: Loading layer [==================================================>] 1.536 kB/1.536 kB
Loaded image: vmware/mariadb-photon:v1.5.1
a8c4992c632e: Loading layer [==================================================>] 156.3 MB/156.3 MB
0f37bf842677: Loading layer [==================================================>] 10.75 MB/10.75 MB
9f34c0cd38bf: Loading layer [==================================================>] 2.048 kB/2.048 kB
91ca17ca7e16: Loading layer [==================================================>] 48.13 kB/48.13 kB
5a7e0da65127: Loading layer [==================================================>]  10.8 MB/10.8 MB
Loaded image: vmware/clair-photon:v2.0.1-v1.5.1
0e782fe069e7: Loading layer [==================================================>] 23.25 MB/23.25 MB
67fc1e2f7009: Loading layer [==================================================>] 15.36 MB/15.36 MB
8db2141aa82c: Loading layer [==================================================>] 15.36 MB/15.36 MB
Loaded image: vmware/harbor-adminserver:v1.5.1
3f87a34f553c: Loading layer [==================================================>] 4.772 MB/4.772 MB
Loaded image: vmware/nginx-photon:v1.5.1
Loaded image: vmware/photon:1.0
ad58f3ddcb1b: Loading layer [==================================================>] 10.95 MB/10.95 MB
9b50f12509bf: Loading layer [==================================================>]  17.3 MB/17.3 MB
2c21090fd212: Loading layer [==================================================>] 15.87 kB/15.87 kB
38bec864f23e: Loading layer [==================================================>] 3.072 kB/3.072 kB
6e81ea7b0fa6: Loading layer [==================================================>] 28.24 MB/28.24 MB
Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.1
897a26fa09cb: Loading layer [==================================================>] 95.02 MB/95.02 MB
16e3a10a21ba: Loading layer [==================================================>] 6.656 kB/6.656 kB
85ecac164331: Loading layer [==================================================>] 2.048 kB/2.048 kB
37a2fb188706: Loading layer [==================================================>]  7.68 kB/7.68 kB
Loaded image: vmware/postgresql-photon:v1.5.1
bed9f52be1d1: Loading layer [==================================================>] 11.78 kB/11.78 kB
d731f2986f6e: Loading layer [==================================================>]  2.56 kB/2.56 kB
c3fde9a69f96: Loading layer [==================================================>] 3.072 kB/3.072 kB
Loaded image: vmware/harbor-db:v1.5.1
7844feb13ef3: Loading layer [==================================================>] 78.68 MB/78.68 MB
de0fd8aae388: Loading layer [==================================================>] 3.072 kB/3.072 kB
3f79efb720fd: Loading layer [==================================================>]  59.9 kB/59.9 kB
1c02f801c2e8: Loading layer [==================================================>] 61.95 kB/61.95 kB
Loaded image: vmware/redis-photon:v1.5.1
454c81edbd3b: Loading layer [==================================================>] 135.2 MB/135.2 MB
e99db1275091: Loading layer [==================================================>] 395.4 MB/395.4 MB
051e4ee23882: Loading layer [==================================================>] 9.216 kB/9.216 kB
6cca4437b6f6: Loading layer [==================================================>] 9.216 kB/9.216 kB
1d48fc08c8bc: Loading layer [==================================================>]  7.68 kB/7.68 kB
0419724fd942: Loading layer [==================================================>] 1.536 kB/1.536 kB
543c0c1ee18d: Loading layer [==================================================>] 655.2 MB/655.2 MB
4190aa7e89b8: Loading layer [==================================================>] 103.9 kB/103.9 kB
Loaded image: vmware/harbor-migrator:v1.5.0


[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db          ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating redis              ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... done
Creating nginx              ... done

? ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://10.0.0.63. 
For more details, please visit https://github.com/vmware/harbor .

[root@m03 harbor]# 

[root@m03 harbor]# docker ps -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS                   PORTS                                                              NAMES
37544fd2c13c        vmware/harbor-jobservice:v1.5.1        "/harbor/start.sh"       4 minutes ago       Up 4 minutes                                                                                harbor-jobservice
f00947bed9a5        vmware/nginx-photon:v1.5.1             "nginx -g 'daemon ..."   4 minutes ago       Up 4 minutes (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
41557d762965        vmware/harbor-ui:v1.5.1                "/harbor/start.sh"       4 minutes ago       Up 4 minutes (healthy)                                                                      harbor-ui
a3c898719acc        vmware/redis-photon:v1.5.1             "docker-entrypoint..."   4 minutes ago       Up 4 minutes             6379/tcp                                                           redis
695450e513b5        vmware/registry-photon:v2.6.2-v1.5.1   "/entrypoint.sh se..."   4 minutes ago       Up 4 minutes (healthy)   5000/tcp                                                           registry
f9dfba519084        vmware/harbor-adminserver:v1.5.1       "/harbor/start.sh"       4 minutes ago       Up 4 minutes (healthy)                                                                      harbor-adminserver
b9ea4272cc9a        vmware/harbor-db:v1.5.1                "/usr/local/bin/do..."   4 minutes ago       Up 4 minutes (healthy)   3306/tcp                                                           harbor-db
2c63ffb9f6b2        vmware/harbor-log:v1.5.1               "/bin/sh -c /usr/l..."   4 minutes ago       Up 4 minutes (healthy)   127.0.0.1:1514->10514/tcp                                          harbor-log
[root@m03 harbor]# 

m02服务器上push镜像
[root@m02 ~]# docker tag busybox:latest 10.0.0.63/library/busybox:latest
[root@m02 ~]# docker push 10.0.0.63/library/busybox:latest
The push refers to a repository [10.0.0.63/library/busybox]
Get https://10.0.0.63/v1/_ping: dial tcp 10.0.0.63:443: connect: connection refused
[root@m02 ~]# 
[root@m02 ~]# cat /etc/docker/daemon.json 
{
 "insecure-registries": ["10.0.0.63"]
}

[root@m02 ~]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@m02 ~]# docker push 10.0.0.63/library/busybox:latest
The push refers to a repository [10.0.0.63/library/busybox]
0d315111b484: Preparing 
denied: requested access to the resource is denied

[root@m02 ~]# docker login 10.0.0.63
Username: admin
Password: 
Login Succeeded
[root@m02 ~]# docker push 10.0.0.63/library/busybox:latest
The push refers to a repository [10.0.0.63/library/busybox]
0d315111b484: Pushed 
latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527
[root@m02 ~]# 

在m04服务器上,pull不需要账号密码
[root@m04 ~]# vim /etc/docker/daemon.json 
[root@m04 ~]# cat /etc/docker/daemon.json 
{
 "insecure-registries": ["10.0.0.63"]
}
[root@m04 ~]# 
[root@m04 ~]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@m04 ~]# docker pull 10.0.0.63/library/busybox:latest
Trying to pull repository 10.0.0.63/library/busybox ... 
latest: Pulling from 10.0.0.63/library/busybox
ee153a04d683: Pull complete 
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Downloaded newer image for 10.0.0.63/library/busybox:latest