您的位置:首页 > 汽车 > 时评 > 培训第三十八天(上传镜像,私有仓库下载镜像,跨主机容器间的通信,harbor软件包下载)

培训第三十八天(上传镜像,私有仓库下载镜像,跨主机容器间的通信,harbor软件包下载)

2025/1/15 7:50:09 来源:https://blog.csdn.net/weixin_70693880/article/details/141648315  浏览:    关键词:培训第三十八天(上传镜像,私有仓库下载镜像,跨主机容器间的通信,harbor软件包下载)

1、harbor软件包下载

https://github.com/search?q=harbor&type=repositories

2、出现拒绝连接错误,可能是由于容器没开

 # 问题解决:[root@docker ~]# curl localhost:5000/v2/_catalogcurl: (7) Failed connect to localhost:5000; 拒绝连接[root@docker ~]# netstat -tunlp | grep 5000[root@docker ~]# docker ps -aCONTAINER ID   IMAGE             COMMAND                   CREATED             STATUS                      PORTS     NAMES9d196b7190b3   registry:latest   "/entrypoint.sh /etc…"   About an hour ago   Exited (2) 55 minutes ago             r2[root@docker ~]# docker start r2r2[root@docker ~]# netstat -tunlp | grep 5000tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN      1822/docker-proxy   tcp6       0      0 :::5000                 :::*                    LISTEN      1826/docker-proxy  

3、上传镜像到私有仓库中

 # 打标签[root@docker ~]# docker tag centos:latest 10.0.0.100:5000/registry:v1# 推送[root@docker ~]# docker push 10.0.0.100:5000/registry:v1The push refers to repository [10.0.0.100:5000/registry]74ddd0ec08fa: Mounted from centos v1: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529[root@docker ~]# curl localhost:5000/v2/_catalog{"repositories":["centos","registry"]}

4、从私有仓库中下载镜像到本地

 # 安装docker[root@docker2 ~]# cat << EOF | tee /etc/modules-load.d/k8s.conf overlaybr_netfilterEOFmodprobe overlaymodprobe br_netfilter[root@docker2 ~]# cat << EOF | tee /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-iptables = 1net.bridge.bridge-nf-call-ip6tables = 1net.ipv4.ip_forward = 1EOF[root@docker2 ~]# sysctl --system[root@docker2 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2[root@docker2 ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo[root@docker2 ~]# yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y# 配置/etc/docker/daemon.json ,指定私有仓库的位置[root@docker2 ~]# vim /etc/docker/daemon{"insecure-registries":["http://10.0.0.100:5000"]}# 重启docker[root@docker2 ~]# systemctl restart docker# 拉取私有仓库中的镜像[root@docker2 ~]# docker pull 10.0.0.100:5000/registry:v1v1: Pulling from registrya1d0c7532777: Pull complete Digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dcStatus: Downloaded newer image for 10.0.0.100:5000/registry:v110.0.0.100:5000/registry:v1# 查看镜像列表[root@docker2 ~]# docker imagesREPOSITORY                 TAG       IMAGE ID       CREATED       SIZE10.0.0.100:5000/registry   v1        5d0da3dc9764   2 years ago   231MB

5、安装pip

为什么安装pip,因为后续要安装docker compose,它是docker的编排工具

ansible对多个主机编排

compose

 # 安装python-pip[root@docker ~]# yum -y install python3-pip# 查看所有的所有安装的包以及版本[root@docker ~]# pip listpip (8.1.2)[root@2 ~]# python3 -m pip install --upgrade pip    #将pip工具升级到最新版本[root@2 ~]# pip3 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple #设置pip3的全局配置

6、配置跨主机的容器网络连接

(1)使用本机的ip地址和端口发布任务和通信

A=》mysql B=》java容器

 [root@docker ~]# systemctl start docker# mtu 1500表示一次接收不能超过1500[root@docker ~]# ip a s3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:a7:5c:14:b0 brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft forever inet6 fe80::42:a7ff:fe5c:14b0/64 scope link valid_lft forever preferred_lft forever
 # 运行一个nginx容器[root@docker ~]# docker run -d -p80:80 centos:nginx# 查看容器状态[root@docker ~]# docker ps# 查看容器IP地址[root@docker ~]# docker inspect 57"IPAddress": "172.17.0.2",# 停止容器服务[root@docker ~]# systemctl stop dockerWarning: Stopping docker.service, but it can still be activated by:docker.socket# 安装前是没有docker0的网卡的# bridge-utils是用于创建和管理Linux网络桥接设备的工具[root@docker ~]# yum -y install bridge-utils# 用于显示系统中已创建的网络桥接设备的信息[root@docker ~]# brctl showbridge name bridge id       STP enabled interfacesdocker0     8000.0242a75c14b0   no  # 开启docker服务[root@docker ~]# systemctl start docker# 查看容器状态[root@docker ~]# docker ps -aCONTAINER ID   IMAGE             COMMAND                   CREATED       STATUS                     PORTS     NAMES9d196b7190b3   registry:latest   "/entrypoint.sh /etc…"   2 hours ago   Exited (2) 3 minutes ago             r2# 开启r2容器[root@docker ~]# docker start r2r2# 查看网络桥接设备信息,此时有桥接接口[root@docker ~]# brctl showbridge name bridge id       STP enabled interfacesdocker0     8000.0242a75c14b0   no      vethd5daedb# 查看network的帮助信息[root@docker ~]# docker network --helpUsage:  docker network COMMANDManage networksCommands:connect     Connect a container to a networkcreate      Create a networkdisconnect  Disconnect a container from a networkinspect     Display detailed information on one or more networksls          List networksprune       Remove all unused networksrm          Remove one or more networksRun 'docker network COMMAND --help' for more information on a command.# 列出当前 Docker 守护进程中存在的所有网络# bridge:这是默认的网络驱动程序,它创建一个虚拟网络桥接,容器连接到这个桥接,并且可以通过 IP 地址相互通信。# host:使用宿主机的网络堆栈,容器直接使用宿主机的网络接口,没有网络隔离。# none:容器没有网络连接,只有一个环回接口。[root@docker ~]# docker network lsNETWORK ID     NAME      DRIVER    SCOPE5af3831f7474   bridge    bridge    local7e7f01e3bc3a   host      host      local2d54c66fa7ca   none      null      local# 创建两个容器,并查看它们的IP地址,发现它们是连续的[root@docker ~]# docker run -it centos:latest /bin/bash[root@5246f78f2d7d /]# [root@docker ~]# [root@docker ~]# docker inspect 52"IPAddress": "172.17.0.3",[root@docker ~]# docker run -it centos:latest /bin/bash[root@d0094ac22554 /]# [root@docker ~]# [root@docker ~]# docker inspect d0"IPAddress": "172.17.0.4",# 创建一个network模式是host的容器[root@docker ~]# docker run -it --network host centos:latest /bin/bash[root@docker /]# [root@docker ~]# # 查看容器的id号[root@docker ~]# docker psCONTAINER ID   IMAGE             COMMAND                   CREATED              STATUS              PORTS                                       NAMES64d033715cae   centos:latest     "/bin/bash"               About a minute ago   Up About a minute # 查看容器的IP地址,发现并没有ip地址[root@docker ~]# docker inspect 64"IPAddress": "",# 又创建一个network为host的容器[root@docker ~]# docker run -it --network host centos:yum /bin/bash# 容器直接覆盖源主机上[root@docker /]# lsbin  etc   lib    lost+found  mnt  proc  run   srv  tmp  vardev  home  lib64  media       opt  root  sbin  sys  usr# 下载安装iproute[root@docker /]# yum -y install iproute# 查看ip地址,发现IP地址为本机的地址,与源主机完全重合[root@docker /]# ip a s# 安装httpd[root@docker /]# yum -y install httpd# 首页输入数据[root@docker /]# echo "hh" > /var/www/html/index.html# 开启httpd服务,容器中不能使用systemctl[root@docker /]# systemctl start httpd报错# 强制开启httpd服务[root@docker /]# httpd -k start成功# 容器中访问[root@docker /]#curl localhosthh# ctrl p q退出容器# 关闭防火墙[root@docker ~]# systemctl stop filewalld到浏览器访问自己ip地址curl 自己ip地址(可以访问到页面)
(2)使用etcd数据库与flannel实现容器间的相互通信
1)node11配置

(搭建etcd数据库规定ip地址的范围,搭建flannel连通etcd数据库实现容器ip地址的规定范围分配)

 # etcd是一个数据库,flannel负责ip的分配[root@node11 ~]# yum -y install flannel etcd # 修改etcd的配置文件,配置etcd的监听和通告客户端URL[root@node11 ~]# vim /etc/etcd/etcd.conf# 指定了etcd服务在哪些地址和端口上监听来自客户端的连接请求ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"# 指定etcd向其他节点和客户端通告的地址和端口ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379,http://10.0.0.11:4001"# 启动etcd服务[root@node11 ~]# systemctl start etcd# 查看端口是否启用[root@node11 ~]# netstat -lntup | grep 4001tcp6       0      0 :::4001                 :::*                    LISTEN      1549/etcd           [root@node11 ~]# netstat -lntup | grep 2379tcp6       0      0 :::2379                 :::*                    LISTEN      1549/etcd # 设置etcd服务开机自启[root@node11 ~]# systemctl enable etcdCreated symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.# 数据库测试,使用etcdctl工具进行键值对的设置和获取操作# 将键为testdir/testkey0的值设置为1000[root@node11 ~]# etcdctl set testdir/testkey0 10001000# 获取键为testdir/testkey0的值[root@node11 ~]# etcdctl get testdir/testkey01000# 检查etcd集群的健康状态,通过指定-C http://10.0.0.11:4001参数,连接到IP地址为10.0.0.11的节点的4001端口进行检查[root@node11 ~]# etcdctl -C http://10.0.0.11:4001 cluster-healthmember 8e9e05c52164694d is healthy: got healthy result from http://10.0.0.11:2379cluster is healthy# 配置flanneld要访问的etcd数据库所在的位置[root@node11 ~]# vim /etc/sysconfig/flanneldFLANNEL_ETCD_ENDPOINTS="http://10.0.0.11:2379"# 在etcd中创建一个特定路径的键值对,用于存储网络配置信息[root@node11 ~]# etcdctl mk /atomic.io/network/config '{ "Network" : "172.20.0.0/16" }'{ "Network" : "172.20.0.0/16" }[root@node11 ~]# etcdctl get /atomic.io/network/config{ "Network" : "172.20.0.0/16" }# 启动flanneld[root@node11 ~]# systemctl start flanneld# 设置flanneld开机自启[root@node11 ~]# systemctl enable flanneldCreated symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.# 查看flanneld为本机分配的ip网段[root@node11 ~]# ip a s3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.13.0/16 scope global flannel0# 安装docker[root@node11 ~]# sh docker.sh # 开启容器[root@node11 ~]# systemctl start docker# 查看容器的所属网段[root@node11 ~]# ip a s4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:88:a7:c7:69 brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft forever[root@node11 ~]# cat /run/flannel/subnet.env # 定义了Flannel网络的整体IP地址范围。在一个使用Flannel的容器网络环境中,所有容器的IP地址都将从这个范围内分配FLANNEL_NETWORK=172.20.0.0/16# 指定了当前节点在Flannel网络中的子网。这个子网将用于为当前节点上的容器分配IP地址FLANNEL_SUBNET=172.20.13.1/24# 设置了网络的最大传输单元(Maximum Transmission Unit)大小。MTU决定了一次可以在网络上传输的最大数据包大小。调整MTU可以优化网络性能,特别是在使用特定网络设备或协议时FLANNEL_MTU=1472# 当设置为false时,指示Flannel不进行IP伪装(IP Masquerading)。IP伪装通常用于在容器或虚拟机环境中,将内部网络的IP地址转换为外部可路由的 IP地址。在某些情况下,可能不需要进行IP伪装,或者有其他网络配置方式来处理网络通信FLANNEL_IPMASQ=false# 将flanneld分配的网段写入到daemon.json文件中[root@node11 ~]# vim /etc/docker/daemon.json{"registry-mirrors" : ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"],"host" : ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries" : ["http://10.0.0.100:5000"],"bip" : "172.20.13.1/24","mtu" : 1472    }     # 重启docker,如果重启不了,就修改一下远程管理[root@node11 ~]# systemctl restart dockerJob for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.[root@node11 ~]# vim /usr/lib/systemd/system/docker.serviceExecStart=/usr/bin/dockerd# 重启失败,配置文件没有更新[root@node11 ~]# systemctl restart docker[root@node11 ~]# systemctl daemon-reload# 重启成功[root@node11 ~]# systemctl restart docker# flannel0的IP地址与docker0的IP地址属于一个网段[root@node11 ~]# ip a s3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.13.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::a46d:9cf3:16c5:23d7/64 scope link flags 800 valid_lft forever preferred_lft forever4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default link/ether 02:42:88:a7:c7:69 brd ff:ff:ff:ff:ff:ffinet 172.20.13.1/24 brd 172.20.13.255 scope global docker0valid_lft forever preferred_lft forever# 拉取一个centos镜像[root@node11 ~]# docker pull centos# 关闭防火墙[root@node11 ~]# systemctl stop firewalld[root@node11 ~]# systemctl disable firewalldRemoved symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.# 关闭selinux[root@node11 ~]# setenforce 0# 创建一个容器[root@node11 ~]# docker run -it centos:latest /bin/bash[root@d89a648c9278 /]# [root@node11 ~]# # 查看容器的ip地址,是属于被flanneld分配网段的ip地址[root@node11 ~]# docker inspect d89"IPAddress": "172.20.13.2",
2)node22配置

(搭建flannel连通etcd数据库实现容器ip地址的规定范围分配,最后两个主机的容器进行相互通信)

 # 修改flanneld配置文件,指定etcd数据库所在位置和所开放端口号[root@node22 ~]# vim /etc/sysconfig/flanneld FLANNEL_ETCD_ENDPOINTS="http://10.0.0.11:2379"# 开启flanneld服务[root@node22 ~]# systemctl start flanneld# 查看flanneld为本机所分配的网段信息[root@node22 ~]# ip a s5: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.82.0/16 scope global flannel0# 安装配置docker[root@node22 ~]# sh docker.sh # 开启docker服务(守护进程)[root@node22 ~]# systemctl start docker# 查看docker的ip网段[root@node22 ~]# ip a s3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:ce:a7:7c:ea brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0[root@node22 ~]# scp 10.0.0.11:/etc/docker/daemon.json /etc/docker/# 查看flanneld的环境变量信息[root@node22 ~]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16FLANNEL_SUBNET=172.20.82.1/24FLANNEL_MTU=1472FLANNEL_IPMASQ=false# 配置deamon文件[root@node22 ~]# vim /etc/docker/daemon.json {"registry-mirrors" : ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"],"host" : ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries" : ["http://10.0.0.100:5000"],#  "bip"代表 Backend IP,Flannel为所在节点分配的子网的起始IP地址"bip" : "172.20.82.1/24","mtu" : 1472}# 修改docker.sock[root@node22 ~]# vim /usr/lib/systemd/system/docker.serviceExecStart=/usr/bin/dockerd # 重载deamon文件[root@node22 ~]# systemctl daemon-reload# 重启docker服务[root@node22 ~]# systemctl restart docker# 查看docker的IP地址与flannel的IP地址,它们属于同一网段[root@node22 ~]# ip a s3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default link/ether 02:42:ce:a7:7c:ea brd ff:ff:ff:ff:ff:ffinet 172.20.82.1/24 brd 172.20.82.255 scope global docker05: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.82.0/16 scope global flannel0# 拉取镜像[root@node22 ~]# docker pull centos# 创建容器[root@node22 ~]# docker run -it centos:latest # ping node11中的容器的ip地址[root@2b47b26a7286 /]# ping 172.20.13.2PING 172.20.13.2 (172.20.13.2) 56(84) bytes of data.64 bytes from 172.20.13.2: icmp_seq=1 ttl=60 time=8.16 ms64 bytes from 172.20.13.2: icmp_seq=2 ttl=60 time=0.717 ms^C--- 172.20.13.2 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1002msrtt min/avg/max/mdev = 0.717/4.440/8.163/3.723 ms
3)总结,工作原理

1、使用flanneld为docker主机(宿主)分配网段

2、网段的信息以及ip的信息保存在etcd数据库中

3、当flanneld开始运行的时候,会从etcd数据库中读取{ “Network” : “172.20.0.0/16” },随机为当前的主机添加一个flannel0网卡

4、配置docker的daemon文件,让docker0网卡变成和flanneld的网段一致,之后docker下创建的容器的ip就在flanneld的网段控制之内

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com