首页 > 其他分享 >容器镜像学习笔记

容器镜像学习笔记

时间:2023-07-14 17:22:59浏览次数:38  
标签:容器 isula 笔记 manifest nginx build 镜像 docker

目录

docker

在本地从DockerHub下载镜像的方法

在OpenEuler系统上安装Docker的方法

1、获取安装包,地址:https://download.docker.com/linux/static/stable/aarch64/ (注意架构,链接是arm的)

本次以19.03.5为例:

https://download.docker.com/linux/static/stable/aarch64/docker-19.03.5.tgz

2、安装(把上一步下载的压缩文件,上传到节点上):

# 解压
tar xvpf docker-19.03.5.tgz
# 拷贝
cp -p docker/* /usr/bin
# 制作service
cat >/usr/lib/systemd/system/docker.service <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
[Service]
Type=notify
EnvironmentFile=-/run/flannel/docker
WorkingDirectory=/usr/local/bin
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock --selinux-enabled=false --log-opt max-size=1g
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
# 重启生效
systemctl daemon-reload && systemctl restart docker

3、测试:

[root@doublenet-master-iulob gandalf]# docker version
Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea
 Built:             Wed Nov 13 07:22:27 2019
 OS/Arch:           linux/arm64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.5
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.12
  Git commit:       633a0ea
  Built:            Wed Nov 13 07:28:58 2019
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          v1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc3
  GitCommit:        96b6fe042960db9b65af87b7806955051c19772b
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

docker 镜像的命名规则

1、镜像名称:[a-z0-9]+(?:[._-][a-z0-9]+)*,长度1-256。

The rules for a repository name are as follows:

1、A repository name is broken up into path components. A component of a repository name must be at least one lowercase, alpha-numeric characters, optionally separated by periods, dashes or underscores. More strictly, it must match the regular expression [a-z0-9]+(?:[._-][a-z0-9]+)*.
2、If a repository name has two or more path components, they must be separated by a forward slash (“/”).
3、The total length of a repository name, including slashes, must be less than 256 characters.

2、镜像版本:(目前没找到官方的校验规则,当前版本的FC里面用的是镜像名称的规则增加大写,即:

[a-zA-Z0-9]+(?:[._-][a-zA-Z0-9]+)*

docker dangling 虚悬镜像

1、什么是虚悬镜像(docker镜像)?

2、查看虚悬镜像:

docker images -f dangling=true

举例:
C:\Users\s00574212>docker images -f dangling=true
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
busybox      <none>    7cfbbec8963d   3 weeks ago   4.86MB

3、删除虚悬镜像:

docker image prune     // 会提示是否确定,输入y即可

举例:
[root@docker dangling]# docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Deleted Images:
deleted: sha256:5677308707382034cc80e3ce4ca3e8a8b19548f1de0b89f1318649d15837a86d

Total reclaimed space: 0B
[root@docker dangling]# 

docker manifest multi arch

1、开启实验特性:(docker manifest 是实验功能,需要开启实验特性开关

否则会报下面的错误:

docker manifest create is only supported on a Docker cli with experimental cli features enabled

第一步:
$vim /etc/docker/daemon.json
{
  "experimental": true
}
第二步,两种方式:
1)临时方法:
export DOCKER_CLI_EXPERIMENTAL=enabled
2)永久方法:
$vim ~/.docker/config.json
{
    "experimental": "enabled"
}
第三步:
重启docker:systemctl daemon-reload && systemctl restart docker

2、操作步骤:

1、查看本地镜像仓库的两个版本的nginx镜像:(外面导入,手动load进来的,此时还在本地镜像仓库)
[root@HN01 ~]# docker images
REPOSITORY             TAG                 IMAGE ID            CREATED             SIZE
nginx                  amd64               080ed0ed8312        8 days ago          142MB
nginx                  arm64               f71a4866129b        8 days ago          135MB

2、给这两个镜像打tag,并推送到本地的远端仓库
[root@HN01 ~]# docker images
REPOSITORY             TAG                 IMAGE ID            CREATED             SIZE
127.0.0.1:5001/nginx   amd64               080ed0ed8312        8 days ago          142MB
127.0.0.1:5001/nginx   arm64               f71a4866129b        8 days ago          135MB

3、创建manifest list
[root@HN01 ~]# docker manifest create --insecure 127.0.0.1:5001/nginx:1.0 127.0.0.1:5001/nginx:amd64 127.0.0.1:5001/nginx:arm64
Created manifest list 127.0.0.1:5001/nginx:1.0
说明:
1)A地址 -> 127.0.0.1:5001/nginx:1.0,是manifest list地址,也就是最后统一了架构后的镜像地址。
2)B地址 -> 127.0.0.1:5001/nginx:amd64 和 C地址 -> 127.0.0.1:5001/nginx:arm64 是在本地的远端仓库已经存在的镜像地址。
3)--insecure指令,这个指令主要是用来防止你的本地的远端仓库没有https证书的问题,最好加上(很重要,不加会挂,当然我本地起的registry是http的,没有证书,如果有证书的https,应该就没有这个问题了)
4)如果A地址已经存在,或者说A=B或者A=C,进一步的,也就是你并不想创建一个新的manifest list镜像地址,而是想用已有的镜像地址,那么可以参考这个命令:
$docker manifest create --insecure --amend 127.0.0.1:5001/nginx:arm64 127.0.0.1:5001/nginx:amd64
这样命令通过增加--amend选项,将amd64的架构信息增加到了arm64架构中。

3.1、设置manifest list
# $ docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST
$ docker manifest annotate 127.0.0.1:5001/nginx:1.0 127.0.0.1:5001/nginx:amd64 --arch amd64
$ docker manifest annotate 127.0.0.1:5001/nginx:1.0 127.0.0.1:5001/nginx:arm64 --arch arm64

4、推送manifest list
[root@HN01 ~]# docker manifest push 127.0.0.1:5001/nginx:1.0
sha256:f23a8d452a44913317da82811ec7a06d3c476d47fb93800d67efd7ac7ca8b838
(说明:有时候推送push会报下面的错,不知道啥原因,可以尝试用postman发送put请求来推送这个manifest信息,也能达到目的)
failed to configure transport: error pinging v2 registry: Get https://7.220.62.96:5001/v2/: http: server gave HTTP response to HTTPS client

5、查看已经push的manifest
[root@HN01 ~]# docker manifest inspect 127.0.0.1:5001/nginx:1.0
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1570,
         "digest": "sha256:bfb112db4075460ec042ce13e0b9c3ebd982f93ae0be155496d050bb70006750",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1570,
         "digest": "sha256:3be40d1de9db30fdd9004193c2b3af9d31e4a09f43b88f52f1f67860f7db4cb2",
         "platform": {
            "architecture": "arm64",
            "os": "linux",
            "variant": "v8"
         }
      }
   ]
}

注意:上面 manifests 中的 digest 字段的


6、把当前的本地仓库的镜像全部删除,然后从本地的远端仓库拉取符合本机架构和os的nginx镜像下来:
[root@HN01 ~]# docker pull 127.0.0.1:5001/nginx:1.0
1.0: Pulling from nginx
f1f26f570256: Pull complete 
7f7f30930c6b: Pull complete 
2836b727df80: Pull complete 
e1eeb0f1c06b: Pull complete 
86b2457cc2b0: Pull complete 
9862f2ee2e8c: Pull complete 
Digest: sha256:f23a8d452a44913317da82811ec7a06d3c476d47fb93800d67efd7ac7ca8b838
Status: Downloaded newer image for 127.0.0.1:5001/nginx:1.0
[root@HN01 ~]# docker images
REPOSITORY             TAG                 IMAGE ID            CREATED             SIZE
127.0.0.1:5001/nginx   1.0                 080ed0ed8312        8 days ago          142MB

说明:拉取成功,镜像id为080ed0ed8312,根据之前的数据可以看出这个镜像是amd64版本的,符合预期,测试成功。

7、此时还是可以从本地的远端仓库里面,直接把另外两个镜像下载下来,结果如下:
[root@HN01 ~]# docker images
REPOSITORY             TAG                 IMAGE ID            CREATED             SIZE
127.0.0.1:5001/nginx   1.0                 080ed0ed8312        8 days ago          142MB
127.0.0.1:5001/nginx   amd64               080ed0ed8312        8 days ago          142MB
127.0.0.1:5001/nginx   arm64               f71a4866129b        8 days ago          135MB
registry               latest              b8604a3fe854        16 months ago       26.2MB

3、regsitry http 请求步骤:

一句话:rest接口还是那些封装好的接口,只是需要先上传那些异构架构的镜像,然后再创建并推送一个manifest即可。

#docker manifest create --insecure 127.0.0.1:5001/registry:1.0 127.0.0.1:5001/registry:amd64 127.0.0.1:5001/registry:arm64
1、访问v2接口:
GET http://127.0.0.1:5001/v2/
2、获取registry:amd64的元数据manifest信息:
GET http://127.0.0.1:5001/v2/registry/manifests/amd64
3、获取registry:amd64的配置config信息:
GET http://127.0.0.1:5001/v2/registry/blobs/sha256:b8604a3fe8543c9e6afc29550de05b36cd162a97aa9b2833864ea8a5be11f3e2
4、访问v2接口:
GET http://127.0.0.1:5001/v2/
5、获取registry:arm64的元数据manifest信息:
GET http://127.0.0.1:5001/v2/registry/manifests/arm64
6、获取registry:arm64的配置config信息:
GET http://127.0.0.1:5001/v2/registry/blobs/sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412

#docker manifest push 127.0.0.1:5001/registry:1.0
1、访问v2接口:
GET http://127.0.0.1:5001/v2/
2、推送manifest元数据信息:
PUT http://127.0.0.1:5001/v2/registry/manifests/1.0
Content-Type:application/vnd.docker.distribution.manifest.list.v2+json
Body:
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1363,
         "digest": "sha256:36cb5b157911061fb610d8884dc09e0b0300a767a350563cbfd88b4b85324ce4",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 525,
         "digest": "sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      }
   ]
}
返回值:201 Created
响应头:
Docker-Content-Digest: sha256:57492e4c7cebd7529c273ef142a6a4cb47da0ff3275bb287f1716e49ae53db29
Docker-Distribution-Api-Version: registry/2.0
Location:http://127.0.0.1:5001/v2/registry/manifests/sha256:57492e4c7cebd7529c273ef142a6a4cb47da0ff3275bb287f1716e49ae53db29

#docker pull 127.0.0.1:5001/registry:1.0
1、访问v2接口:
GET http://127.0.0.1:5001/v2/
这里注意,响应体中就包含了127.0.0.1:5001/registry:1.0镜像的元数据信息
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1363,
         "digest": "sha256:36cb5b157911061fb610d8884dc09e0b0300a767a350563cbfd88b4b85324ce4",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 525,
         "digest": "sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      }
   ]
}
客户端拿到这些信息之后,从manifests字段中遍历过滤,找到符合自己架构和系统的镜像,然后再发起下载请求。
2、获取manifest元数据信息:
GET http://10.169.62.89:5001/v2/registry/manifests/sha256:36cb5b157911061fb610d8884dc09e0b0300a767a350563cbfd88b4b85324ce4
响应体:
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 3112,
      "digest": "sha256:b8604a3fe8543c9e6afc29550de05b36cd162a97aa9b2833864ea8a5be11f3e2"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 2817409,
         "digest": "sha256:79e9f2f55bf5465a02ee6a6170e66005b20c7aa6b115af6fcd04fad706ea651a"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 299640,
         "digest": "sha256:0d96da54f60b86a4d869d44b44cfca69d71c4776b81d361bc057d6666ec0d878"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 6823927,
         "digest": "sha256:5b27040df4a23c90c3837d926f633fb327fb3af9ac4fa5d5bc3520ad578acb10"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 398,
         "digest": "sha256:e2ead8259a04d39492c25c9548078200c5ec429f628dcf7b7535137954cc2df0"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 214,
         "digest": "sha256:3790aef225b922bc97aaba099fe762f7b115aec55a0083824b548a6a1e610719"
      }
   ]
}
3、分层拉取layer,首先拉取的是config层:
GET http://10.169.62.89:5001/v2/registry/blobs/sha256:b8604a3fe8543c9e6afc29550de05b36cd162a97aa9b2833864ea8a5be11f3e2
然后再是其他层,这里注意,因为有些层是各个镜像之间共享的,所以这里不见得会拉取所有的层,已经在本地仓库存在的就不会拉取了,如果全部存在的话,这个第三步就不用执行了。(这里的存在的判断,是在本地进行的,不与远端仓库交互)

4、其他命令:

docker manifest annotate		Add additional information to a local image manifest
docker manifest create			Create a local manifest list for annotating and pushing to a registry
docker manifest inspect			Display an image manifest, or manifest list
docker manifest push			Push a manifest list to a repository
docker manifest rm				Delete one or more manifest lists from local storage

举例:给127.0.0.1:5001/nginx:arm64镜像,添加额外的arch信息,值为arm
docker manifest annotate 127.0.0.1:5001/nginx:1.0 127.0.0.1:5001/nginx:arm64 --arch arm
127.0.0.1:5001/library/nginx                  amd64               080ed0ed8312
127.0.0.1:5001/library/nginx                  arm64               f71a4866129b        

文件内容说明:
080ed0ed8312,里面是原来的config.json配置信息,也是直接 docker images 命令查看到的 IMAGE ID 字段。
754b702434e0,里面是原来的manifest.json信息

在 /root/xxx/docker/registry/v2/repositories/library 下面,使用 tree 命令,查看结构如下: 
                    ── nginx
                        ├── _layers
                        │   └── sha256
                        │       ├── 080ed0ed8312deca92e9a769b518cdfa20f5278359bd156f3469dd8fa532db6b
                        │       │   └── link
                        │       ├── 25ce04aa22b4a1001cf9cc09e6ff038cf5b61cefc0679bcc2ee84ca2f5050dda
                        │       │   └── link
                        │       ├── 3804935bde6232033371fe05e57419a2708f4d771ed7ce3bf83f2821db9ecbd0
                        │       │   └── link
                        │       ├── 3af14c9a24c941c626553628cf1942dcd94d40729777f2fcfbcd3b8a3dfccdd6
                        │       │   └── link
                        │       ├── 4d0bf5b5e17b1bf57a06893ca4cdb58189efcf348b817d33850aa04ab403e4f1
                        │       │   └── link
                        │       ├── 748eb15c313c9805c2d084e182f69fc7dc2271e29ebe43809617131112f6d561
                        │       │   └── link
                        │       ├── 95457f8a16fd7d0e872c8ccd8ffa84b79b8aa56a39ca5a84bf54c1fab9bac712
                        │       │   └── link
                        │       ├── 9c603f82aa71812742cd6204e08c92fbf5138873c609a55537b5729bb07cb563
                        │       │   └── link
                        │       ├── a0b795906dc1f8bb47568da6335c0b5e5049aefc9b0bf3bfe6a9a90e55e8ca36
                        │       │   └── link
                        │       ├── af29ec691175380d67613953dfb815a47cbcdc5a10221ab1047668cda2efc9ee
                        │       │   └── link
                        │       ├── c05840a11ed9714c3d386161962a7108d0c74c7f09c39949f46934ca3b90341e
                        │       │   └── link
                        │       ├── f71a4866129b6332cfd0dddb38f2fec26a5a125ebb0adde99fbaa4cb87149ead
                        │       │   └── link
                        │       ├── f7ec7b6b86f3cc0d3ca9318079b4fbe3d5073fa7421495e9e0b11588f59247e7
                        │       │   └── link
                        │       └── ff4557f62768fd99a55c9596bcc2ade44045c47a089a898a14d73b50a306c74d
                        │           └── link
                        ├── _manifests
                        │   ├── revisions
                        │   │   └── sha256
                        │   │       ├── 754b702434e0aedf41c6c8a27843e3b0ae3d37a98ab6c4e8799d349b931bea77
                        │   │       │   └── link
                        │   │       └── db6e539b7caadb2e3a48d5ef132633db5f82ae0d2acfd9f329dac84c0afb449d
                        │   │           └── link
                        │   └── tags
                        │       ├── amd64
                        │       │   ├── current
                        │       │   │   └── link
                        │       │   └── index
                        │       │       └── sha256
                        │       │           └── db6e539b7caadb2e3a48d5ef132633db5f82ae0d2acfd9f329dac84c0afb449d
                        │       │               └── link
                        │       └── arm64
                        │           ├── current
                        │           │   └── link
                        │           └── index
                        │               └── sha256
                        │                   └── 754b702434e0aedf41c6c8a27843e3b0ae3d37a98ab6c4e8799d349b931bea77
                        │                       └── link
                        └── _uploads
                        
手动创建(未推送)了 manifest list 之后,使用 docker manifest inspect 查看:
[root@HN01 data]# docker manifest create --insecure 127.0.0.1:5001/library/nginx:1.0 127.0.0.1:5001/library/nginx:amd64 127.0.0.1:5001/library/nginx:arm64
Created manifest list 127.0.0.1:5001/library/nginx:1.0
[root@HN01 data]# 
[root@HN01 data]# 
[root@HN01 data]# docker manifest inspect 127.0.0.1:5001/library/nginx:1.0
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1238,
         "digest": "sha256:db6e539b7caadb2e3a48d5ef132633db5f82ae0d2acfd9f329dac84c0afb449d",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1238,
         "digest": "sha256:754b702434e0aedf41c6c8a27843e3b0ae3d37a98ab6c4e8799d349b931bea77",
         "platform": {
            "architecture": "arm64",
            "os": "linux",
            "variant": "v8"
         }
      }
   ]
}

注意:这里的 manifests[0].digest 为 127.0.0.1:5001/library/nginx:amd64 的 manifest 的 hash值,size 为 manifest 文件在 blob 目录下面的文件大小,architecture、os、variant字段都来自于 127.0.0.1:5001/library/nginx:amd64 镜像的 config 文件。

推送了 manifest list 之后:
[root@HN01]# docker manifest push 127.0.0.1:5001/library/nginx:1.0
sha256:d06690ad6d8f5e2359d36d049fd2b7b3a6415ec63e70b339369e0bdf8e7f91b0

相当于只是在 tags 下面新增了一个 1.0 的 manifest 文件
        │   └── tags
        │       ├── 1.0
        │       │   ├── current
        │       │   │   └── link
        │       │   └── index
        │       │       └── sha256
        │       │           └── d06690ad6d8f5e2359d36d049fd2b7b3a6415ec63e70b339369e0bdf8e7f91b0
        │       │               └── link
        │       ├── amd64
        │       │   ├── current
        │       │   │   └── link
        │       │   └── index
        │       │       └── sha256
        │       │           └── db6e539b7caadb2e3a48d5ef132633db5f82ae0d2acfd9f329dac84c0afb449d
        │       │               └── link
        │       └── arm64
        │           ├── current
        │           │   └── link
        │           └── index
        │               └── sha256
        │                   └── 754b702434e0aedf41c6c8a27843e3b0ae3d37a98ab6c4e8799d349b931bea77
        │                       └── link
        
调用获取 manifest 的 get 接口,reference 是 digest,就可以查询到多架构镜像的详情:
GET http://7.220.62.96:5001/v2/library/nginx/manifests/sha256:d06690ad6d8f5e2359d36d049fd2b7b3a6415ec63e70b339369e0bdf8e7f91b0
Accept: application/vnd.docker.distribution.manifest.v2+json

可以得到下面的信息:
{
    "schemaVersion": 2,
    "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
    "manifests": [
        {
            "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
            "size": 1238,
            "digest": "sha256:db6e539b7caadb2e3a48d5ef132633db5f82ae0d2acfd9f329dac84c0afb449d",
            "platform": {
                "architecture": "amd64",
                "os": "linux"
            }
        },
        {
            "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
            "size": 1238,
            "digest": "sha256:754b702434e0aedf41c6c8a27843e3b0ae3d37a98ab6c4e8799d349b931bea77",
            "platform": {
                "architecture": "arm64",
                "os": "linux",
                "variant": "v8"
            }
        }
    ]
}
Response Header:
Content-Type:application/vnd.docker.distribution.manifest.list.v2+json
Docker-Content-Digest:sha256:d06690ad6d8f5e2359d36d049fd2b7b3a6415ec63e70b339369e0bdf8e7f91b0
Content-Length:772

错误信息:

1、unsupported manifest media type and no default available: application/vnd.docker.distribution.manifest.v1+prettyjws

[root@doublenet-master-iulob gandalf]# docker manifest create 110.1.28.12:7443/library/nginx:2.0 110.1.28.12:7443/library/nginx:arm64 110.1.28.12:7443/library/nginx:amd64
unsupported manifest media type and no default available: application/vnd.docker.distribution.manifest.v1+prettyjws

用的是18.09.0的版本的docker。(用最新的24.0.4版本也是同样的错误)

docker desktop配置

1、配置本地代理:

docker desktop -> settings -> Resources -> PROXIES -> Web Server(HTTP) + Secure Web Server(HTTPS)

http://域账号:密码@proxyhk.huawei.com:8080   4.3.2版本
http://proxyhk.huawei.com:8080              4.17.0版本
注:4.17.0版本的输入域账号和密码,点击保存会自动清除掉,不知道什么原因,导致拉镜像报错,举例如下:

C:\Users\s00574212>docker pull hello-world
Using default tag: latest
[2023-04-06T03:33:36.904409200Z][docker-credential-desktop][W] Windows version might not be up-to-date: The system cannot find the file specified.
Error response from daemon: Get "https://registry-1.docker.io/v2/": writing response to registry-1.docker.io:443: connecting to 172.18.100.92:8080: dial tcp 172.18.100.92:8080: connectex: An attempt was made to access a socket in a way forbidden by its access permissions.


ping proxyhk.huawei.com
C:\Users\s00574212>ping proxyhk.huawei.com
正在 Ping proxyhk.huawei.com.web3.hwgslb.com [172.18.100.92] 具有 32 字节的数据

说明是docker desktop访问代理时,没有权限导致的,怎么解决不清楚?换到低版本的?

需要把Docker Engine里面的 registry-mirrors 配置改为空,这样可以从默认的官方的镜像仓拉取镜像。

使用 curl 访问 registry 的命令

1、带鉴权头信息登录:

curl -H "Authorization: Basic cm9vdDpodWF3ZWlAMTIz" http://localhost:5000/v2 -v

2、使用用户名和密码登录:

curl -u root:huawei@123 [http://localhost:5000/v2 -v](http://localhost:5000/v2 -v)


举例:
1、用户名,shenjl;密码:weihua@123
2、将用户名和密码拼接为字符串A(即用冒号相连),shenjl:weihua@123
3、将拼接出来的字符串使用Base64编码,得到字符串B,c2hlbmpsOndlaWh1YUAxMjM=
4、第三方仓库的地址C,https://51.32.18.77:7443
5、将字符串B和C,替换到下面的位置:curl -H "Authorization: Basic <B>" <C>/v2/ -v
举例:
curl -H "Authorization: Basic c2hlbmpsOndlaWh1YUAxMjM=" https://51.32.18.77:7443/v2/ -v
6、上一步的操作,如果调用成功,返回状态码为200,且返回值为{},则表示登录成功。

curl -H "Authorization: Basic c2hlbmpsOndlaWh1YUAxMjM=" https://51.32.18.77:7443/v2/_catalog -v

使用 postman 访问 registry 的 urls

docker 重启命令

说明:当修改了 docker 的配置文件时,需要重启进程才会生效。

# docker
systemctl daemon-reload
systemctl restart docker.service

docker 的常见命令

docker pull

1、功能:拉取镜像。

2、语法:docker pull [OPTIONS] NAME[:TAG|@DIGEST]

3、操作方式举例:

docker pull nginx                                   // 从默认镜像仓拉取nginx镜像,默认latest版本
docker pull nginx:1.0                               // 从默认镜像仓拉取nginx镜像,指定1.0版本
docker pull 51.32.18.120:7443/library/nginx:1.0     // 从指定镜像仓拉取nginx镜像,指定1.0版本
docker pull --platform=amd64 nginx:1.0              // 指定架构为amd64
docker pull -a nginx                                // 拉取全部版本
docker pull nginx@sha256:b7d7a3945c3689bff125769372bd0ac99d4980719a463108038d5d9d7084dcda     // 拉取指定digest版本
docker pull nginx:1.0@sha256:b7d7a3945c3689bff125769372bd0ac99d4980719a463108038d5d9d7084dcda // 拉取指定digest版本
注:上面的按照digest拉取的镜像,到本地镜像仓后,没有tag信息,显示为<none>。
注:存在相同镜像仓库名称,相同镜像版本的不同内容的镜像,此时可以通过指定digest值来拉取特定的版本,否则会拉取最新覆盖的版本。

docker tag

1、功能:给已有镜像打tag。

2、语法:docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

3、操作方式举例:

docker tag nginx:1.0 nginx:2.0      // 基于nginx的1.0版本,新增一个tag版本为2.0,实际上两个版本的imageDigest是一样的
docker tag nginx nginx:2.0          // 基于nginx的latest版本,新增一个tag版本为2.0,实际上两个版本的imageDigest是一样的

docker login

1、登录 https 的 harbor 镜像仓报错,x509: certificate signed by unknown authority

[root@HN01 ~]# docker login -u admin -p weihua@123 7.220.62.96:4443
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://7.220.62.96:4443/v2/: x509: certificate signed by unknown authority

解决方案:把 ca.crt 保存到下面的目录即可

/etc/docker/certs.d/7.220.62.96:4443/ca.crt

其中:7.220.62.96:4443,为 registry 的地址

docker 的配置文件

1、路径:/etc/docker/daemon.json

registry-mirrors: # 数组格式,需要有schema,跟isula不一样,否则会报错:failed to start daemon: invalid mirror: "51.32.17.130:7443" is not a valid URI

{
    "registry-mirrors":[
       "https://51.32.17.130:7443"
     ]
}

insecure-registries:# 数组格式,docker 会先尝试 https,失败后再尝试 http。

if HTTPS is available but the certificates is invalid, ignore the error about the certificate.
if HTTPS is not available, fall back to HTTP.

2、docker 的鉴权文件:/root/.docker/config.json

[root@HN01 .docker]# cat config.json 
{
        "auths": {
                "10.169.62.89:5001": {
                        "auth": "YWRtaW46d2VpaHVhQDEyMw=="
                },
                "127.0.0.1:5000": {
                        "auth": "cm9vdDpodWF3ZWlAMTIz"
                },
                "7.220.62.96:5000": {
                        "auth": "cm9vdDpodWF3ZWlAMTIz"
                },
                "7.220.62.96:5005": {
                        "auth": "cm9vdDpodWF3ZWlAMTIz"
                }
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/18.09.0 (linux)"
        },
        "experimental": "enabled"
}

注:执行 docker logout 7.220.62.96:5005,会从上面的config.json文件中移除对应条目

docker save 打包不同后缀的镜像

1、tar:(默认)

docker save <image>:<tag> -o /xxx_dir/xxx_name.tar

2、tar.gz:

# 导出镜像并进行压缩保存:
docker save <image>:<tag> | gzip > /xxx_dir/xxx_name.tar.gz
# 恢复镜像文件
gunzip -c /xxx_dir/xxx_name.tar.gz | docker load

docker 快速删除所有的容器

1、删除全部容器,如果容器已经全部停止的话可以这样使用:

docker rm $(docker ps -aq)  // -q :静默模式,只显示容器编号。

2、停止并删除全部容器,如果不想挨个去停用容器,可以使用这条命令:

docker stop $(docker ps -q) & docker rm $(docker ps -aq)

3、删除所有镜像,需要保证镜像没有被使用:

docker rmi -f $(docker images -qa)  // -q :静默模式,只显示镜像ID。

4、删除所有的标签为none的镜像:

docker rmi $(docker images -f "dangling=true" -q)

docker的文件组织结构

/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx

VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx # tree
.
├── _layers
│   └── sha256
│       ├── 080ed0ed8312deca92e9a769b518cdfa20f5278359bd156f3469dd8fa532db6b
│       │   └── link
│       ├── 0ed5ae6eff71083dc1d5a2f96cb7dfbf2b8bae00c5bdaa51801b339ed1c74132
│       │   └── link
│       ├── 1f2e49eb7fad1d23992cd1b12b4e474a0eab02180607669190fae2fff11e002d
│       │   └── link
│       ├── 2ef0e55c2efc4704cbf06538e2712bed5b42dac7e612c9e2171603307ce403e0
│       │   └── link
│       ├── 4d12160cd24e0ed72716aff832e81e5c5ced3c89bb092c97ebf99876dd9b6b1a
│       │   └── link
│       ├── 4ecc17102fe86f7fb76274c5ef3d05f3bb42a584652d9b6a1e101a8db750ae69
│       │   └── link
│       ├── 65c0f28e542218041d83b367bca3bd730faa0000ce90cb871af50beefe004bba
│       │   └── link
│       ├── 6f261895b0297065c1e3b91453a9f4fb37b91235bba02a71e241715dd9204b33
│       │   └── link
│       ├── 7b9a682f912461bb9667583f06835ae7172b5fc244ead83d375df4ebc1e7fdd2
│       │   └── link
│       ├── 811f3caa888b1ee5310e2135cfd3fe36b42e233fe0d76d9798ebd324621238b9
│       │   └── link
│       ├── 86fa88bbfb867d867df7a225105615d79e95f6d62d1250be877d99318ffab27c
│       │   └── link
│       ├── 8c8ee3407f3623fe51674138bba540c279b1bb4fea49fc8fd1306a235abab027
│       │   └── link
│       ├── 9bf4fc579eaa72564c27534cf799d106db752dbaadcc1a668288b5f7141947f2
│       │   └── link
│       ├── a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
│       │   └── link
│       ├── ca0963c4743907a54a066b92476aa74af5519da43f30c2840a8a170db12097ed
│       │   └── link
│       ├── e2bcc14dbbeedea44072a7e6876c8980413e90fc1a5eda744a3abf7fe03255ca
│       │   └── link
│       ├── f71a4866129b6332cfd0dddb38f2fec26a5a125ebb0adde99fbaa4cb87149ead
│       │   └── link
│       └── feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412
│           └── link
├── _manifests
│   ├── revisions
│   │   └── sha256
│   │       ├── 28a1207f180f1062559d6140e60de73b3ef1bb1e013fe84d7b183597cc134c7a
│   │       │   └── link
│   │       ├── 7f1b8416a3abaf76840af573c44263667f34e5a4885f5c480464e1da3b01f4a0
│   │       │   └── link
│   │       ├── 89f40c947313d60d446ba4a9fea35a8ba8f9c99288258747b0720d883e5c348d
│   │       │   └── link
│   │       └── 95e8d2787de93054db7726a2604ff77ce1e4f0861a74b7eed6f571edc130c0c5
│   │           └── link
│   └── tags
│       ├── 2.0
│       │   ├── current
│       │   │   └── link
│       │   └── index
│       │       └── sha256
│       │           └── 89f40c947313d60d446ba4a9fea35a8ba8f9c99288258747b0720d883e5c348d
│       │               └── link
│       ├── amd64
│       │   ├── current
│       │   │   └── link
│       │   └── index
│       │       └── sha256
│       │           ├── 28a1207f180f1062559d6140e60de73b3ef1bb1e013fe84d7b183597cc134c7a
│       │           │   └── link
│       │           └── 95e8d2787de93054db7726a2604ff77ce1e4f0861a74b7eed6f571edc130c0c5
│       │               └── link
│       ├── arm64
│       │   ├── current
│       │   │   └── link
│       │   └── index
│       │       └── sha256
│       │           └── 7f1b8416a3abaf76840af573c44263667f34e5a4885f5c480464e1da3b01f4a0
│       │               └── link
│       └── normalpush
│           ├── current
│           │   └── link
│           └── index
│               └── sha256
│                   └── 7f1b8416a3abaf76840af573c44263667f34e5a4885f5c480464e1da3b01f4a0
│                       └── link
└── _uploads

50 directories, 31 files
结论:
1、tags下面的各个版本包含current和index两个子目录,用来处理镜像的版本相同但实际的内容不同的情况,每次都会用最新的覆盖。以上面的amd64版本为例,存在两个版本的tag相同,但实际的内容不一样,28*的是后面push的,会覆盖原来的,也就是说current里面的存放的是最新的link,此时通过docker pull xxx/shenjl2/nginx:amd64 拿到的是最后上传的那个版本,但是也可以用下面的方式来获取原来的那个版本:
docker pull xxx/shenjl2/nginx:amd64@sha256:95e8d2787de93054db7726a2604ff77ce1e4f0861a74b7eed6f571edc130c0c5
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # tree
.
├── current
│   └── link
└── index
    └── sha256
        └── 95e8d2787de93054db7726a2604ff77ce1e4f0861a74b7eed6f571edc130c0c5
            └── link

4 directories, 2 files
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # cat current/link 
sha256:95e8d2787de93054db7726a2604ff77ce1e4f0861a74b7eed6f571edc130c0c5VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # 
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # 
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # cat index/sha256/95e8d2787de93054db7726a2604ff77ce1e4f0861a74b7eed6f571edc130c0c5/link 
sha256:95e8d2787de93054db7726a2604ff77ce1e4f0861a74b7eed6f571edc130c0c5VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # 
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # 
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # 
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # tree
.
├── current
│   └── link
└── index
    └── sha256
        ├── 28a1207f180f1062559d6140e60de73b3ef1bb1e013fe84d7b183597cc134c7a
        │   └── link
        └── 95e8d2787de93054db7726a2604ff77ce1e4f0861a74b7eed6f571edc130c0c5
            └── link

5 directories, 3 files
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # cat index/sha256/28a1207f180f1062559d6140e60de73b3ef1bb1e013fe84d7b183597cc134c7a/link 
sha256:28a1207f180f1062559d6140e60de73b3ef1bb1e013fe84d7b183597cc134c7aVRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # 
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # 
VRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # cat current/link 
sha256:28a1207f180f1062559d6140e60de73b3ef1bb1e013fe84d7b183597cc134c7aVRM01:/opt/krm/registry/docker/registry/v2/repositories/shenjl2/nginx/_manifests/tags/amd64 # 

isula

isula 重启命令

说明:当修改了 isula 的配置文件时,需要重启进程才会生效。

# isula 
systemctl daemon-reload
systemctl restart isulad.service

isula 的常见命令

1、查看是否安装成功:isula version

2、登录/登出本地镜像仓:

登录:isula login -u username registryAddress ,如:isula login -u admin 51.32.18.113:7443

登出:isula logout registryAddress,如:isula logout -u 51.32.18.113:7443

[root@fasfasfasf-fasfasf-folhz isula]# isula login -u admin 51.32.18.113:7443
Password: Login Succeeded
[root@fasfasfasf-fasfasf-folhz isula]# cat /root/.isulad/auths.json
{
    "auths": {
        "51.32.18.113:7443": {
            "auth": "MDAwMDAwMDIwMDAwMDAwMTY4OUQwOTg1QkEwQkI0QUMwNTA1Q0Y0MTRDRjg3RTQ3MDIyMzBCQjYxMTZDOEZDRDZDRTdEQUZFMjVGMDA5NzcwMDAwMDAwMjAwMDAyODAwQzNENkU2Njc3RkNDOUZCQzYxOUNDMTZEMEY5REY5QTdBNjI4MDcyNkIwQzU4Q0U5Njg4NDZBQ0JCM0UxQzMzMjAwMDAwMDA0NDUwODNERjI0OEEzRTI0ODM0QTEyQThEQjM1RDMzNkZDNUU0MDNENzQwMjU1N0VCM0RFNDlDMzcyRkI0N0U2NkM1RjA3MzYxQjc4Mjc5RTQ2REY4MkFEQzVCQjdFMjA5RUY1REE5OEUxM0IwRTUzMTU4RTkxQjNCRTQxMzc0Q0E="
        }
    }
}
[root@fasfasfasf-fasfasf-folhz isula]# isula logout -u 51.32.18.113:7443
Logout Succeeded
[root@fasfasfasf-fasfasf-folhz isula]# cat /root/.isulad/auths.json
{
    "auths":{}
}
[root@nic-many-master-azbii .isulad]# isula pull 51.32.18.120:7443/shenjl/shenjl/busybox:latest
Image "51.32.18.120:7443/shenjl/shenjl/busybox:latest" pulling
Failed to pull image 51.32.18.120:7443/shenjl/shenjl/busybox:latest with error: registry response invalid status code 401

3、查看本地镜像列表:isula images

4、将镜像包 load 到本地镜像仓库:isula load -i /home/gandalf/docker_auth_2.0.tar

5、给本地镜像仓库的镜像打 tag:isula tag busybox:1.0 51.32.18.113:7443/library/busybox:1.0

6、从其他镜像仓拉取镜像:isula pull 51.32.18.113:7443/library/busybox:1.0

注:isula 没有 push 的命令。

isula 的配置文件

1、isulad 的配置文件:/etc/isulad/daemon.json

{
    "group": "isula",
    "default-runtime": "lcr",
    "graph": "/opt/k8s/cri/isulad",
    "state": "/var/run/isulad",
    "engine": "lcr",
    "log-level": "ERROR",
    "pidfile": "/var/run/isulad.pid",
    "log-opts": {
        "log-file-mode": "0600",
        "log-path": "/var/lib/isulad",
        "max-file": "1",
        "max-size": "30KB"
    },
    "log-driver": "stdout",
    "container-log": {
        "driver": "json-file"
    },
    "hook-spec": "/etc/default/isulad/hooks/default.json",
    "start-timeout": "2m",
    "storage-driver": "overlay2",
    "storage-opts": [
        "overlay2.override_kernel_check=true"
    ],
    "registry-mirrors": [
        "51.32.18.113:7443"
    ],
    "pod-sandbox-image": "registry.simbaos.com/pause:3.5",
    "native.umask": "secure",
    "network-plugin": "cni",
    "cni-bin-dir": "/opt/cni/bin",
    "cni-conf-dir": "/etc/cni/net.d",
    "image-layer-check": false,
    "use-decrypted-key": true,
    "insecure-skip-verify-enforce": false
}

2、isula 的鉴权文件:/root/.isulad/auths.json

该记录了 isula 的登录信息,登录成功一次之后就不用重复登录了,后面可以直接访问第三方镜像仓库。

root@fasfasfasf-fasfasf-folhz isulad]# cat /root/.isulad/auths.json
{
    "auths": {
        "51.32.18.113:7443": {
            "auth": "MDAwMDAwMDIwMDAwMDAwMTQ2RjcxNjE2N0EwRDk3MjhCMERFNjY0QkQyRTdGMjZFREUxMTkyMTVBQ0EzNjYwQTcxOUFENEQ2NTc4NjE1MkYwMDAwMDAwMjAwMDAyODAwM0RBQzEzQkY1NUJFOTJBQTkwMUM0OTQ5NjNFQkQ4NEI5OTI1MzQyQjRDMjU4NDZCMDI1NUMyODI0MzZDMjVFNTAwMDAwMDA0RTZGNTcxMDk0QkEyQjAyMzkxREFBRUQ2NjFFNzVBRUQ4NENCRDE0NzgxNEE4NTk1ODVFOUY5OUQ3M0U1RUExNjk3MERCOTU0RTg3MEY4QjMwRTc1MjQ3MTA0NjBGRTMwNEMwNzk3QkI2N0VBN0QyRg=="
        }
    }
}

isula-build

isula-build 重启命令

说明:当修改了 isula-build 的配置文件时,需要重启进程才会生效。

# isula-build
systemctl daemon-reload
systemctl restart isula-build.service

isula-build 工具安装

说明:创建的集群的节点,默认只安装了 isula,没有安装 isula-build,如果需要推送镜像,需要手动安装 isula-build 工具。

注:isula 和 isula-build 不是一个东西,事实上,这俩关系不大(怨念.jpg

注:isulad 是容器引擎,isula 是配套的客户端工具,isula-build 是 isula 推出的容器镜像构建工具,主要是为了构建的镜像能在 docker 上面跑。

一句话安装:
rpm -ivh isula-build-0.9.5-6.oe1.x86_64.rpm && systemctl start isula-build && isula-build version
一句话卸载:
rpm -qa | grep isula-build && rpm -e $(rpm -qa | grep isula-build)

1、下载 isula-build 的安装包,比如:isula-build-0.9.5-6.oe1.x86_64.rpm

2、拷贝文件到服务器上,如:/home/gandalf/isula-build-0.9.5-6.oe1.x86_64.rpm

3、使用 root 账户进行安装:rpm -ivh isula-build-0.9.5-6.oe1.x86_64.rpm

[root@test-master-piovk gandalf]# rpm -ivh isula-build-0.9.5-6.oe1.x86_64.rpm 
warning: isula-build-0.9.5-6.oe1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID b25e7f66: NOKEY
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:isula-build-0.9.5-6.oe1          ################################# [100%]

4、验证是否安装成功:isula-build version

[root@test-master-piovk gandalf]# isula-build version
Client:
  Version:       0.9.5-6
  Go Version:    go1.15.7
  Git Commit:    b82408f
  Built:         Tue Mar 30 11:08:00 2021
  OS/Arch:       linux/amd64
invalid socket path: unix:///var/run/isula_build.sock

5、如果第四步执行失败,报错:invalid socket path: unix:///var/run/isula_build.sock,则需要手动执行:systemctl start isula-build,原因是 isula-build 安装之后默认是不启动的。

[root@test-master-piovk gandalf]# systemctl start isula-build
[root@test-master-piovk gandalf]# isula-build version
Client:
  Version:       0.9.5-6
  Go Version:    go1.15.7
  Git Commit:    b82408f
  Built:         Tue Mar 30 11:08:00 2021
  OS/Arch:       linux/amd64

Server:
  Version:       0.9.5-6
  Go Version:    go1.15.7
  Git Commit:    b82408f
  Built:         Tue Mar 30 11:08:00 2021
  OS/Arch:       linux/amd64

注:

1)isula-build 和 isula 的 login 动作区分,后者登录了不代表前者已登录。

2)isula-build 和 isula 的 本地镜像仓区分,两者的 images 命令得到的结果不一样。

isula-build 的常见命令

0、重启isula-build服务:

systemctl daemon-reload && systemctl restart isula-build

1、查看是否安装成功:isula-build version

2、登录本地镜像仓:isula-build login -u admin 51.32.18.113:7443

[root@fasfasfasf-fasfasf-folhz gandalf]# isula-build login -u admin 51.32.18.113:7443
Password: 
Login Succeeded
[root@fasfasfasf-fasfasf-folhz gandalf]#

3、查看本地镜像列表:isula-build ctr-img images

4、将镜像包 load 到本地镜像仓库:isula-build ctr-img load -i /home/gandalf/docker_auth_2.0.tar

5、给本地镜像仓库的镜像打 tag:isula-build ctr-img tag busybox:1.0 51.32.18.113:7443/library/busybox:1.0

6、推送镜像到其他镜像仓:isula-build ctr-img push 51.32.18.113:7443/library/busybox:1.0

isula-build 的配置文件

根目录:/etc/isula-build

[root@fasfasfasf-fasfasf-fcvej gandalf]# ll /etc/isula-build
total 32
-rw------- 1 root root   85 Apr 17 17:13 auth.json              // 登录鉴权文件
-rw------- 1 root root 1056 Apr 17 17:25 configuration.toml     // isula-builder 总体配置文件,用于设置 isula-builder 日志级别、持久化目录和运行时目录、OCI runtime等。
-r--r--r-- 1 root root  459 Apr 17 17:26 isula-build.pub
-rw------- 1 root root   94 Mar 30  2021 policy.json			 // 镜像pull/push策略文件
-rw------- 1 root root 5488 Mar 30  2021 registries.toml         // 针对各个镜像仓库的配置文件
-rw------- 1 root root 6222 Mar 30  2021 storage.toml            // 本地持久化存储的配置文件,包含所使用的存储驱动的配置。

1、isula-build 的镜像仓库的配置文件:/etc/isula-build/registries.toml

[registries.insecure]
registries = ["51.32.12.106:5000"]           # Registries that do not use TLS when pulling images or uses self-signed certificates.

insecure = true                              # 仅上面的配置不够,需要找到这行,去掉前面的注释,将值改为true才可以

2、isula-build 的鉴权文件:/etc/isula-build/auth.json

该记录了 isula-build 的登录信息,登录成功一次之后就不用重复登录了,后面可以直接访问第三方镜像仓库。

[root@fasfasfasf-fasfasf-folhz isula-build]# cat auth.json 
{
        "auths": {
                "51.32.18.113:7443": {
                        "auth": "YWRtaW46d2VpaHVhQDEyMw=="
                }
        }
}
[root@fasfasfasf-fasfasf-folhz isula-build]# pwd
/etc/isula-build
[root@fasfasfasf-fasfasf-folhz isula-build]# 

注:base64解码之后,admin:weihua@123,说明isula-build的鉴权信息是明文存放的。

3、isula-build 的总体配置文件:/etc/isula-build/configuration.toml

###############################################################################
# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
# isula-build licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
#     http://license.coscl.org.cn/MulanPSL2
# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
# PURPOSE.
# See the Mulan PSL v2 for more details.
# Author: iSula Team
# Create: 2020-1-20
# Description: This is config file for isula-build
################################################################################

debug = false   					// 设置是否打开debug日志
loglevel = ""						// 设置日志级别
group = "isula"

# Temporary storage location
run_root = "/var/run/isula-build/"  // 设置运行时数据根目录

# Primary Read/Write location of isula-build
data_root = "/var/lib/isula-build/"  // 设置本地持久化目录

# Default "runc" found in $PATH
runtime = ""

experimental = true                  // Indicates whether to enable experimental features.

isula-build的manifest list启用

说明:manifest为实验特性,使用时需开启客户端和服务端的实验选项,方式详见客户端总体说明和配置服务章节。

方式一:临时方案,export临时变量(有效)

export ISULABUILD_CLI_EXPERIMENTAL=enabled

方式二:永久方案,修改isula-build的总体配置文件(无效,不知道还差什么)

vim /etc/isula-build/configuration.toml
// 增加下面的描述
experimental = true                  // Indicates whether to enable experimental features.
// 重启isula-build
systemctl daemon-reload && systemctl restart isula-build
// 验证
[root@fasfasfasf-fasfasf-fcvej isula-build]# isula-build info
General:
  MemTotal:     7708155904
  MemFree:      255885312
  SwapTotal:    0
  SwapFree:     0
  OCI Runtime:  runc
  DataRoot:     /var/lib/isula-build/
  RunRoot:      /var/run/isula-build/
  Builders:     0
  Goroutines:   11
  Experimental: true             // 看这里看这里
Store:
  Storage Driver:     overlay
  Backing Filesystem: extfs
Registry:
  Search Registries:
  Insecure Registries:

操作步骤:

1、
isula-build manifest create 51.32.17.130:7443/shenjl1/busybox:1.0 51.32.17.130:7443/shenjl1/busybox:amd64 51.32.17.130:7443/shenjl1/busybox:arm64
>3f26aa36a10cb06b443c8bb8597cad4595fda5e0f3477cc063b4b534c7da600a

2、isula-build manifest inspect 51.32.17.130:7443/shenjl2/nginx:1.0
>
{
    "schemaVersion": 2,
    "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
    "manifests": [
        {
            "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
            "size": 1238,
            "digest": "sha256:ac676386fd60b9aa2454feb5ec8b7addb2e4d183095891bee2739e7ad8a9f681",
            "platform": {
                "architecture": "amd64",
                "os": "linux"
            }
        },
        {
            "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
            "size": 1238,
            "digest": "sha256:212674a7bd7f500330233e849c2d74d6504267c9b4c6228368a1df9e5e55fe7a",
            "platform": {
                "architecture": "arm64",
                "os": "linux"
            }
        }
    ]
}

3、isula-build manifest push 51.32.17.130:7443/shenjl2/nginx:1.0 51.32.17.130:7443/shenjl2/nginx:2.0
注:这里跟docker不一样,主要指定本地镜像的名称版本,以及远端镜像的名称版本

Q:isula的daemon.json配置文件

位置:/etc/isulad/daemon.json

{
    "group": "isula",
    "default-runtime": "lcr",
    "graph": "/opt/k8s/cri/isulad",
    "state": "/var/run/isulad",
    "engine": "lcr",
    "log-level": "ERROR",
    "pidfile": "/var/run/isulad.pid",
    "log-opts": {
        "log-file-mode": "0600",
        "log-path": "/var/lib/isulad",
        "max-file": "1",
        "max-size": "30KB"
    },
    "log-driver": "stdout",
    "container-log": {
        "driver": "json-file"
    },
    "hook-spec": "/etc/default/isulad/hooks/default.json",
    "start-timeout": "2m",
    "storage-driver": "overlay2",
    "storage-opts": [
        "overlay2.override_kernel_check=true"
    ],
    "registry-mirrors": [
        "51.32.18.113:7443"
    ],
    "insecure-registries": [
        "51.32.18.114:32500"
    ]
    "pod-sandbox-image": "registry.simbaos.com/pause:3.5",
    "native.umask": "secure",
    "network-plugin": "cni",
    "cni-bin-dir": "/opt/cni/bin",
    "cni-conf-dir": "/etc/cni/net.d",
    "image-layer-check": false,
    "use-decrypted-key": true,
    "insecure-skip-verify-enforce": false
}

标签:容器,isula,笔记,manifest,nginx,build,镜像,docker
From: https://www.cnblogs.com/selonsy/p/17554539.html

相关文章

  • hadoop 笔记本配置
    Hadoop笔记本配置指南1.简介Hadoop是一个开源的分布式计算系统,用于处理大规模数据集。它提供了一种可靠的、可扩展的、高性能的分布式存储和计算解决方案。本篇文章将介绍如何配置Hadoop笔记本环境,让你顺利开始使用Hadoop进行开发。2.配置流程下面是配置Hadoop笔记本的步骤,具......
  • AJAX笔记
    第一章:原生AJAX1.1AJAX简介AJAX全称为AsynchronousJavaScriptAndXML,就是异步的JS和XML。通过AJAX可以在浏览器中向服务器发送异步请求,最大的优势:无刷新获取数据。AJAX不是新的编程语言,而是一种将现有的标准组合在一起使用的新方式。1.2XML简介XML可扩展标......
  • 在 3ds max 中创建逼真的镜像材质
    推荐:NSDT场景编辑器助你快速搭建可二次开发的3D应用场景选项1.平面镜面材料步骤1首先,我们需要包含镜像对象和一个或多个镜像对象的场景。您可以在此处下载本教程中使用的场景,也可以使用您自己的场景和对象。对于第一个镜像选项,我们将镜像材质分配给对象MirrorPlane,顾名思义,它......
  • 【阅读笔记】Rapid, Detail-Preserving Image Downscaling
    Rapid,Detail-PreservingImageDownscaling(快速的图像缩放技术)该论文提出了一种基于卷积滤波器的算法,并确定滤波器的权值,使重要的细节保留在缩小比例的图像。更具体地说,它为更偏离局部图像邻域的像素分配更大的权重。从信息论的角度来看,偏离中心像素的邻域的一些像素数据可能......
  • Oracle学习笔记:parallel并行处理 --转载 https://blog.csdn.net/w892824196/article/
    在使用oracel查询时,可以通过并行提高查询速度。例如:select/*+parallel(a,6)*/count(1)fromtable_namea;强行启用并行度来执行当前SQL。加上这个说明之后,可以强行启用Oracle的多线程处理功能,提高效率。但本身启动这个功能,也是要消耗资源与性能的。所有,一般都会在返回记......
  • 2023 长郡暑期集训 DAY-2 数学专题笔记
    2023长郡暑期集训DAY-2数学质数和约数质数是指除了\(1\)和它本身之外没有其他因数的自然数。质数判定判定单个自然数是否为质数,可以使用试除法,在这里不多描述。boolis_prime(intn){if(n<2)return0;//如果n小于2,不是质数,返回0for(inti=2;i<=n......
  • STM32笔记(3) RS485&MODBUS
    RS485通信以及modbus通信协议硬件层:rs485解决的是数据传输的问题,如何将0/1传输到另一端主机或从机将TTL电平通过485芯片转换成差分信号抗干扰能力强,传输距离远485芯片中集成了发送器和接收器:连接单片机io引脚通过高低电平来决定是发送方还是接收方两线半双工软件......
  • 使用Debian 11基础镜像制作java8镜像
    下面是dockerfile内容:FROMdebian:bullseye#切换apt源为清华源,并安装vimpingtelnet命令RUNapt-getupdate&&aptinstall-yapt-transport-httpsca-certificates&&\cp/etc/apt/sources.list/etc/apt/sources.list.bak&&\echo"debhttps:......
  • CentOS 空环境安装容器
    #安装gitsudoyuminstall-ygit#安装mavensudoyuminstall-ymaven#安装依赖sudoyuminstall-yyum-utilsdevice-mapper-persistent-datalvm2#设置源sudoyum-config-manager--add-repohttp://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#下面......
  • Miller_rabin 素数测试 学习笔记
    Miller_rabin素数测试一种用来判断素数的算法。前置芝士威尔逊定理若\(p\)为素数,\((p-1)!\equiv-1(\modp)\)。证明:充分性证明:如果\(p\)不是素数,那么他的因数必定存在于$1,2,3,\dots,p−1$之中,所以\(\gcd((p-1)!,p)\),那么\((p-1)!\not\equiv-1\)。必要性证......