Technical work, should be praised and then see, form a habitCopy the code
Docker use tutorial related series of directories
A,
Cho Chul-joo, A citizen, works as A development engineer at company A.
The technical manager asked Zhao Tiezhu to find the Docker open source image warehouse suitable for the company and form an analysis report to submit to the manager. Zhao tiezhu decided on four types of warehouses after consulting his contacts and searching online.
1, the Docker Registry
2, VMware Harbor
3, Sonatype Nexus
4, SUSE Portus
Ii. Conclusion of the analysis report
Overall analysis table
Program features | Docker Registry | VMware Harbor | Sonatype Nexus | SUSE Portus |
---|---|---|---|---|
System complexity | simple | complex | simple | general |
Configuration difficulty | simple | complex | general | general |
Web UI management interface | There is no | There are | There are | There are |
Integration with external LDAP/AD | There is no | There are | There are | There are |
Access control | weak | strong | weak | strong |
The mirror copy | There is no | Supports copying to another Harbor mirror library | Proxy to another mirror library is supported | weak |
Image scanning | There is no | Can be integrated Clair | There is no | Can be integrated Clair |
1, the Docker Registry
Docker Registry is the most popular open source private image repository. It is distributed in image format. After downloading, you can start a private image repository service by running a Docker Registry container.
Docker Registry has the following features:
- The biggest advantage of Docker Registry is its simplicity. You only need to run a container to centrally manage a cluster-wide image, so that other machines can download images from the image repository.
- In terms of security, Docker Registry supports TLS and signature-based authentication.
- Docker Registry also provides Restful apis to provide external system calls and manage images in the image library
2, VMware Harbor
VMware Harbor (Harbor for short) project is an open source container image repository system developed by VMware China R&D team. It is based on Docker Registry and has made many enhancements to it. The main features include:
- Role-based access control
- The mirror copy
- Web UI management interface
- LDAP or AD user authentication systems can be integrated
- The audit log
- Provide RESTful apis to provide external client calls
- Image security Vulnerability scanning (integrated with Clair Scene scanning tool since v1.2)
Compared with Docker Registry, Harbor provides better user management, role permission management, audit logs, and image replication between multiple Harbor image repositories, which can be used as a server for enterprise private image libraries. However, due to the large number of components in Harbor, the integration with the outside world is complicated.
3, Sonatype Nexus
Sonatype Nexus is a software warehouse manager available in 2.X and 3.X versions. 2. The X version mainly supports Maven, P2, OBR, Yum and other warehouse software. 3. Version X mainly supports Docker, NuGet, NPM, Bower, PyPI, Ruby Gems, Apt, Conam, R, CPAN, Raw, Helm and other warehouse software, and also supports the building tool Maven.
The Sonatype Nexus has the following features:
- Deployment is simple and can be done by starting a container
- Supports TLS security authentication
- Provides the Web UI management interface
- Support for Docker Proxy, you can Proxy operations to the Nexus mirror repository to another remote mirror library
- Support warehouse Group (Docker Group), can combine multiple warehouses into one address to provide services
- In addition to supporting Docker images, it also supports the management of other software repositories, such as Yum and Npm.
4, SUSE Portus
SUSE Portus is another open source image library with features such as:
- Fine-grained access control based on teams and namespaces
- Web UI management interface
- Can integrate LDAP user authentication system and also support OAuth
- The audit log
- Provide RESTful apis for external clients to call
- Image Vulnerability Scanning (integrated with Clair Image Scanning tool)
Iii. Summary of technical manager
1. The company is already using Nexus as a private server for Maven, and Nexus3 supports Docker, so you can do multiple things with a private server repository.
2. Harbor has powerful functions, but there are many components, and the complexity of configuration and operation and maintenance is high, which increases the difficulty of operation and maintenance.
3. Docker Registry does not meet the needs of the company, and there is no graphical interface management; SUSE Portus has similar features to the Nexus, so the company chose the Nexus3.
Iv. Introduction to Nexus
The “Official Docker image repository” is very slow to access. Sonatype Nexus allows us to build our own image repository to facilitate image pulling and pushing.
Sonatype Nexus is a software warehouse manager available in 2.X and 3.X versions. 2. The X version mainly supports Maven, P2, OBR, Yum and other warehouse software. 3. Version X mainly supports Docker, NuGet, NPM, Bower, PyPI, Ruby Gems, Apt, Conam, R, CPAN, Raw, Helm and other warehouse software, and also supports the building tool Maven.
Five, pull mirror image
1. Find the mirror
docker search nexus3
Copy the code
2. Pull the mirror
docker pull docker.io/sonatype/nexus3
Copy the code
6. Start the container
Specify a data volume to prevent data loss in the container every time the container is started, and implement data sharing between the container and the VM
Specify the virtual machine and container Shared folder mkdir/usr/local/docker/nexus/nexus - dataCopy the code
You need to modify folder permissions
chmod 777 /usr/local/docker/nexus/nexus-data
Copy the code
8716903D1912 is the image ID of the Nexus
docker run -p 8081:8081 --name nexus -v /usr/local/docker/nexus/nexus-data:/nexus-data 8716903d1912
Copy the code
Error starting container
Error: No permission to create
mkdir: cannot create directory '.. /sonatype-work/nexus3/log': Permission denied mkdir: cannot create directory '.. /sonatype-work/nexus3/tmp': Permission denied OpenJDK 64-Bit Server VM warning: Cannot open file .. /sonatype-work/nexus3/log/jvm.log due to No such file or directory Warning: Cannot open log file: .. /sonatype-work/nexus3/log/jvm.log Warning: Forcing option -XX:LogFile=/tmp/jvm.log java.io.FileNotFoundException: .. /sonatype-work/nexus3/tmp/i4j_ZTDnGON8hezynsMX2ZCYAVDtQog=.lock (No such file or directory) at java.io.RandomAccessFile.open0(Native Method) at java.io.RandomAccessFile.open(RandomAccessFile.java:316) at java.io.RandomAccessFile.<init>(RandomAccessFile.java:243) at com.install4j.runtime.launcher.util.SingleInstance.check(SingleInstance.java:72) at com.install4j.runtime.launcher.util.SingleInstance.checkForCurrentLauncher(SingleInstance.java:31) at com.install4j.runtime.launcher.UnixLauncher.checkSingleInstance(UnixLauncher.java:88) at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:67) java.io.FileNotFoundException: /nexus-data/karaf.pid (Permission denied) at java.io.FileOutputStream.open0(Native Method) at java.io.FileOutputStream.open(FileOutputStream.java:270) at java.io.FileOutputStream.<init>(FileOutputStream.java:213) at java.io.FileOutputStream.<init>(FileOutputStream.java:101) at org.apache.karaf.main.InstanceHelper.writePid(InstanceHelper.java:127) at org.apache.karaf.main.Main.launch(Main.java:243) at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113) at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85) at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69) java.lang.RuntimeException: /nexus-data/log/karaf.log (No such file or directory) at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:102) at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlersInternal(BootstrapLogManager.java:137) at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlers(BootstrapLogManager.java:70) at org.apache.karaf.main.util.BootstrapLogManager.configureLogger(BootstrapLogManager.java:75) at org.apache.karaf.main.Main.launch(Main.java:244) at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113) at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85) at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69) Caused by: java.io.FileNotFoundException: /nexus-data/log/karaf.log (No such file or directory) at java.io.FileOutputStream.open0(Native Method) at java.io.FileOutputStream.open(FileOutputStream.java:270) at java.io.FileOutputStream.<init>(FileOutputStream.java:213) at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.open(BootstrapLogManager.java:193) at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.<init>(BootstrapLogManager.java:182) at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:100) ... 12 more Error creating bundle cache.Copy the code
Solution:
Let’s delete the container
docker rm nexus
Copy the code
Then run the new start command
Added “– Privileged =true” to the original command
docker run -p 8081:8081 --privileged=true --name nexus -v /usr/local/docker/nexus/nexus-data:/nexus-data 8716903d1912
Copy the code
Note: — Privileged, this parameter can be set whether to grant docker container privileges. If this parameter is true, the root permission in the Docker container is the root permission of the host, not only the root permission in the container
Check whether the service starts normally
docker ps
Copy the code
7. Access and configure the Nexus
Open your browser and visit http://:8081/
Note: : Sometimes the start will be slow, wait. If you can’t wait, check the log
docker logs nexus
Copy the code
If this screen appears, the startup is successful
Administrator login password in/usr/local/docker/nexus/nexus – data admin in the beginning of the file, its copy input
After entering the account password, enter the boot
Set a new password
Whether to allow anonymous access
The setup is complete, so we have the Docker Private Image repository Nexus installed on the server
To be continued.
I found several Docker open source image repositories for the technical manager. Why did the manager choose Sonatype Nexus?
Reference: Introduction to several common open source image repositories
Blog.csdn.net/Andriy_dang…