一、系统基础操作

        1、新装操作系统自启动防火墙，需关闭

<code>systemctl disable --now firewalld.service

Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".

Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".

        2、关闭SElinux

sed -i 's/=enforcing/=disabled/' /etc/selinux/config

setenforce 0

        3、添加docker-社区版仓库,此处使用的华为的yum仓库，将版本改为centos9的yum源

dnf config-manager --add-repo=https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo

sed -i 's+download.docker.com+repo.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo

sed -i 's+$releasever+9+' /etc/yum.repos.d/docker-ce.repo

dnf makecache

二、docker安装

        1、安装docker，此处为方便，用通用符安装了所有docker相关的服务，读者再次可选择性安装docker-ce、docker-compose等软件。

dnf -y install docker*

        2、添加加速仓库，加速仓库可能存在过期特性，读者再此可据情况更换

cat /etc/docker/daemon.json

{

"registry-mirrors": ["https://docker.m.daocloud.io"]

}

        3、docker开启自启动

systemctl enable --now docker.service

Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

        4、检查已安装Docker版本是否正常

docker version

Client: Docker Engine - Community Version: 27.1.1

API version: 1.46

Go version: go1.21.12

Git commit: 6312585

Built: Tue Jul 23 19:58:57 2024

OS/Arch: linux/amd64

Context: default

Server: Docker

Engine - Community

Engine: Version: 27.1.1

API version: 1.46 (minimum version 1.24)

Go version: go1.21.12

Git commit: cc13f95

Built: Tue Jul 23 19:57:11 2024

OS/Arch: linux/amd64

Experimental: false

containerd:

Version: 1.7.19

GitCommit: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41

runc:

Version: 1.7.19

GitCommit: v1.1.13-0-g58aa920

docker-init:

Version: 0.19.0 G

itCommit: de40ad0

        5、启动一个示例容器

docker run --name=nginx -d -p 900:80 nginx

docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

ad6352a3e7de nginx "/docker-entrypoint.…" 9 seconds ago Up 7 seconds 0.0.0.0:900->80/tcp, :::900->80/tcp nginx

三、搭建本地私有仓库（Harbor）

        1、搭建harbor本地仓库，此处为选择最新版的harbor离线安装包harbor-offline-installer-v2.11.1-rc1.tgz，下面是在github中下载此包的流程

        2、解压harbor的离线安装包至/usr/local/路径下

<code>tar zxvf harbor-offline-installer-v2.11.1-rc1.tgz -C harbor /usr/local/

        3、修改harbor配置文档，此处仅展示主要部分，读者可据要求更改其它参数，请注意配置文件中每一行首字母前空格。此配置开启了ssl模式，此处采用自签名证书。

cat /usr/local/harbor/harbor.yml

hostname: 192.168.137.10

http:

  port: 8800

https:

  port: 8443

  certificate: /usr/local/harbor/certs/harbor.crt

  private_key: /usr/local/harbor/certs/harbor.key

        4、自签证书生成

mkdier /usr/local/harbor/certs

openssl req -new -x509 -keyout /usr/local/harbor/certs/harbor.key -out /usr/local/harbor/certs/harbor.crt -days 365 -passout pass:harbor -subj "/C=cn/ST=guizhou/L=guizhou/O=personal/OU=personal/CN=openEuler24"

        5、刷新harbor配置文件并部署harbor仓库，在此处需要停掉之前启用的nginx服务，因为部署harbor时会启用一个新的nginx容器，你至少保证你之前启用的nginx容器名称和端口于harbor使用的nginx不冲突即可

cd /usr/local/harbor/

./prepare

./install.sh

        6、harbor安装成功页面

        7、浏览器访问一下，用户名admin，密码Harbor12345（配置文件中有）

        8、添加一个仓库

四、Harbor与Docker进行联动

        1、将harbor本地仓库配置在docker仓库中，在daemon.json中配置即可

<code>{

"registry-mirrors": ["https://docker.m.daocloud.io"],

  "insecure-registries": ["192.168.137.10:8443"]

}

        2、重启docker

systemctl daemon-reload

systemctl restart docker.service

        3、登录本地仓库

docker login 192.168.137.10:8443

Username:

admin Password:

WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/

#credential-stores Login Succeeded

        4、制作一个自定义nginx镜像

mkdir /home/dockerfile

cd /home/dockerfile

cat Dockerfile

FROM nginx

RUN echo '<h1> This is OpenEuler-24.03 Nginx-service!!! </h1>' >/usr/share/nginx/html/index.html

docker build -t nginx:OpenEuler .

        5、将制作的nginx:OpenEuler镜像上传至本地harbor仓库，需给镜像打标签

docker tag nginx:OpenEuler 192.168.137.10:8443/harbor/nginx:OpenEuler

docker push 192.168.137.10:8443/harbor/nginx:OpenEuler

The push refers to repository [192.168.137.10:8443/harbor/nginx]

47a59b4b527d: Pushed

b90d53c29dae: Pushed

79bfdc61ef6f: Pushed

0c95345509b7: Pushed

14dc34bc60ae: Pushed

45878e4d8341: Pushed

9aa78b86f4b8: Pushed

9853575bc4f9: Pushed

OpenEuler: digest: sha256:d24c28b10520c110d7c18078cc0b552b5a0fb1235dbab217d27f0539ca53e1a2 size: 1985

        6、运行该容器

<code>docker run --name=nginx-OpenEuler -d -p 8383:80 nginx:OpenEuler

        7、浏览器访问该镜像