@zhaikun 2017-07-14T14:56:25.000000Z 字数 7288 阅读 1436

docker仓库harbor搭建及docker安装优化

docker

1、优化

#关闭防火墙
[root@docker03 ~]# systemctl stop firewalld.service
[root@docker03 ~]# systemctl disable firewalld.service
#Yum缓存
[root@docker02 ~]# vim /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1    修改为1
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
#关闭SELINUX
[root@docker03 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
[root@docker03 ~]# setenforce 0

2、安装docker

[root@docker03 ~]# yum install docker
[root@docker03 ~]# systemctl enable docker.service
[root@docker03 ~]# systemctl start docker.service

修改docker为direct-lvm

docker storage driver之devicemapper

1、基于Linux内核中的DeviceMapper框架实现，该框架实现了物理存储设备与虚拟存储设备的映射，或虚拟设备与虚拟设备之间的映射。这使得用户能够用该框架来实现磁盘的自由、动态的划分。LVM2,software RAIDs和dm-cryptdisk encryption等都是基于该框架的实现。更为重要的是，Device Mapper框架中提供两个功能，thin-provisioning和snapshot。
2、thin-provisioning，类似于虚拟内存，提供给使用者的空间只有在使用者进行写操作时才真正进行分配。假设使用者有一块100g的thin块设备，使用了20g，实际系统提供的大小就是20g，只有当使用者进行存储操作时才分配更多的空间，直到100g。
3、snapshot，快照，是一种COW策略的实现，假设从A设备做快照得到B设备时，并未对A进行完整拷贝，而是当对B设备进行写操作时，才将需要改变的那部分做属于B设备的拷贝。
4、devicemapper利用了该框架中的thin-provisioning和snapshot实现了镜像的分层结构和存储优化。在用devicemapper作为graphdriver的docker中，每个镜像和容器都对应一个设备，通过对镜像做snapshot操作得到容器，所以容器中拥有镜像的内容且操作这些内容不影响镜像本身，因为容器和镜像对应不同的设备。
5、devicemapper有两种模式可选，loop-lvm和direct-lvm。devicemapper的大致思路是，先通过虚拟化技术得到一个thin-pool设备（可理解成一个资源池），接着在thin-pool上建立一个基础设备，此后docker上所有镜像和容器都是基于此设备的snapshot。两个模式的区别就在与建立thin-pool的方法不同。

loop-lvm：

创建两个稀疏文件data和metadata
将这两个文件映射成两个块设备（loopback块设备）
将两个设备通过内核中Device Mapper映射成thin-pool
注意！该模式不推荐用于生产环境，因为该模式在宿主机跑高密度容器数量的话，性能下降急剧，生产环境中一台宿主机不可能只跑单个容器

direct-lvm：

(利用了基于Device Mapper的LVM）

将空余块设备（可以是分区）创建成physical volume（pv）
在由这些PV组成volume group（vg）
从vg中建立两个logical volume（lv），data和matedata
将data和matedata映射成thin-pool

[root@docker03 ~]# docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 1.12.6
Storage Driver: devicemapper
 Pool Name: docker-253:0-134322081-pool
 Pool Blocksize: 65.54 kB
 Base Device Size: 10.74 GB
 Backing Filesystem: xfs
 Data file: /dev/loop0         #docker info查看的为设备文件
 Metadata file: /dev/loop1  #docker info查看的为设备文件
1、创建硬盘  （增加的一块新的存储设备）
[root@docker03 ~]# parted /dev/sdb
GNU Parted 3.1
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) mklabel msdos
(parted) mkpart primary 2048s 100%
(parted) toggle 1 lvm
(parted) quit
2、创建PV/VG
[root@docker03 ~]# pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created.
[root@docker03 ~]# vgcreate vg_sxf /dev/sdb1
  Volume group "vg_sxf" successfully created
3、变更配置
[root@docker03 ~]# vim /etc/sysconfig/docker-storage-setup
# Edit this file to override any configuration options specified in
# /usr/lib/docker-storage-setup/docker-storage-setup.
#
# For more details refer to "man docker-storage-setup"
VG=vg_sxf
DATA_SIZE=90%FREE
[root@docker03 ~]# systemctl stop docker
[root@docker03 ~]# rm -rf /var/lib/docker/
[root@docker03 ~]# docker-storage-setup
  Using default stripesize 64.00 KiB.
  Rounding up size to full physical extent 104.00 MiB
  Logical volume "docker-pool" created.
  Logical volume vg_sxf/docker-pool changed.
[root@docker03 ~]# systemctl start docker.service
[root@docker03 ~]# docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 1.12.6
Storage Driver: devicemapper
 Pool Name: vg_sxf-docker--pool
 Pool Blocksize: 524.3 kB
 Base Device Size: 10.74 GB
 Backing Filesystem: xfs
 Data file:
 Metadata file:
 Data Space Used: 20.45 MB
 Data Space Total: 96.41 GB
 Data Space Available: 96.39 GB
 Metadata Space Used: 90.11 kB
 Metadata Space Total: 109.1 MB
 Metadata Space Available: 109 MB
 Thin Pool Minimum Free Space: 9.641 GB
 Udev Sync Supported: true

3、安装docker-compose

[root@docker02 ~]# yum install epel-release
[root@docker02 ~]# yum install epel-release
[root@docker02 ~]# pip install docker-compose

4、安装harbor

[root@docker02 ~]# mv harbor-offline-installer-0.5.0.tgz  /opt/
[root@docker02 opt]# tar zxvf harbor-offline-installer-0.5.0.tgz 
[root@docker02 harbor]# vim harbor.cfg
## Configuration file of Harbor
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = 172.16.138.101   修改hostname
#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = http
#Email account settings for sending out password resetting emails.
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
#Identity left blank to act as username.
email_identity = 
email_server = smtp.mydomain.com

5、使用docker节点push 镜像到harbor

#修改docker仓库地址
[root@docker03 images]# vim /etc/sysconfig/docker
....
# If you want to add your own registry to be used for docker search and docker
# pull use the ADD_REGISTRY option to list a set of registries, each prepended
# with --add-registry flag. The first registry added will be the first registry
# searched.
ADD_REGISTRY='--add-registry harbor.suixingpay.com'
# If you want to block registries from being used, uncomment the BLOCK_REGISTRY
# option and give it a set of registries, each prepended with --block-registry
# flag. For example adding docker.io will stop users from downloading images
# from docker.io
# BLOCK_REGISTRY='--block-registry'
# If you have a registry secured with https but do not have proper certs
# distributed, you can tell docker to not look for full authorization by
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
INSECURE_REGISTRY='--insecure-registry harbor.suixingpay.com'
# On an SELinux system, if you remove the --selinux-enabled option, you
.....
[root@docker03 images]# systemctl restart docker.service
#登录harbor(密码：Harbor12345)
[root@docker03 images]# docker login harbor.suixingpay.com
Username: admin
Password:
Login Succeeded
[root@docker03 images]#
#导入镜像
[root@docker03 images]# docker load -i heapster_grafana_v2.6.0-2.tar
78dbfa5b7cbc: Loading layer [==================================================>] 130.9 MB/130.9 MB
5f70bf18a086: Loading layer [==================================================>] 1.024 kB/1.024 kB
0828a6c7d921: Loading layer [==================================================>] 90.27 MB/90.27 MB
8683f0f614c9: Loading layer [==================================================>] 2.048 kB/2.048 kB
a89b3190964f: Loading layer [==================================================>] 16.26 MB/16.26 MB
ca627f7178ed: Loading layer [==================================================>] 110.1 kB/110.1 kB
edec8b16494f: Loading layer [==================================================>] 4.096 kB/4.096 kB
Loaded image ID: sha256:b4344393062633aad3f68fdee2ac195cfe9d618d6994ef3f3e03dba088a15fa8
[root@docker03 images]#
#给镜像打tag
[root@docker03 images]# docker images
REPOSITORY                                         TAG                 IMAGE ID            CREATED             SIZE
harbor.suixingpay.com/kube/dnsmasq-metrics-amd64   1.0                 5271aabced07        8 months ago        14 MB
<none>                                             <none>              b43443930626        16 months ago       230 MB
[root@docker03 images]# docker tag b43443930626 harbor.suixingpay.com/kube/heapster_grafana:v2.6.0-2
[root@docker03 images]# docker images
REPOSITORY                                         TAG                 IMAGE ID            CREATED             SIZE
harbor.suixingpay.com/kube/dnsmasq-metrics-amd64   1.0                 5271aabced07        8 months ago        14 MB
harbor.suixingpay.com/kube/heapster_grafana        v2.6.0-2            b43443930626        16 months ago       230 MB
[root@docker03 images]#
#导入镜像
[root@docker03 images]# docker push harbor.suixingpay.com/kube/heapster_grafana:v2.6.0-2
The push refers to a repository [harbor.suixingpay.com/kube/heapster_grafana]
5f70bf18a086: Mounted from kube/dnsmasq-metrics-amd64
edec8b16494f: Pushed
ca627f7178ed: Pushed
a89b3190964f: Pushed
8683f0f614c9: Pushed
0828a6c7d921: Pushed
78dbfa5b7cbc: Pushed
v2.6.0-2: digest: sha256:daea3fd319873e0f460b26885698a18c0dfcea404d0e03969aeaefeb35d4c278 size: 3018
[root@docker03 images]#
其他的镜像以此类推