forked from opsnull/follow-me-install-kubernetes-cluster
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Zhang Jun
committed
Jul 9, 2018
1 parent
de81103
commit 74d9059
Showing
1 changed file
with
99 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -189,7 +189,7 @@ EOF | |
|
|
||
| ``` bash | ||
| ssh [email protected] | ||
| $ docker run -d -p 8000:8000 \ | ||
| $ docker run -d -p 8000:8000 --privileged \ | ||
| -v /opt/k8s/registry/auth/:/auth \ | ||
| -v /opt/k8s/registry/certs:/certs \ | ||
| -v /opt/k8s/registry/config.yml:/etc/docker/registry/config.yml \ | ||
|
|
@@ -232,17 +232,17 @@ $ cat ~/.docker/config.json | |
| 将本地的 image 打上私有 registry 的 tag | ||
|
|
||
| ``` bash | ||
| $ docker tag docker.io/kubernetes/pause 172.27.132.67:8000/zhangjun3/pause | ||
| $ docker tag prom/node-exporter:v0.16.0 172.27.132.67:8000/prom/node-exporter:v0.16.0 | ||
| $ docker images |grep pause | ||
| docker.io/kubernetes/pause latest f9d5de079539 2 years ago 239.8 kB | ||
| 172.27.132.67:8000/zhangjun3/pause latest f9d5de079539 2 years ago 239.8 kB | ||
| prom/node-exporter:v0.16.0 latest f9d5de079539 2 years ago 239.8 kB | ||
| 172.27.132.67:8000/prom/node-exporter:v0.16.0 latest f9d5de079539 2 years ago 239.8 kB | ||
| ``` | ||
|
|
||
| 将 image push 到私有 registry | ||
|
|
||
| ``` bash | ||
| $ docker push 172.27.132.67:8000/zhangjun3/pause | ||
| The push refers to a repository [172.27.132.67:8000/zhangjun3/pause] | ||
| $ docker push 172.27.132.67:8000/prom/node-exporter:v0.16.0 | ||
| The push refers to a repository [172.27.132.67:8000/prom/node-exporter:v0.16.0] | ||
| 5f70bf18a086: Pushed | ||
| e16a89738269: Pushed | ||
| latest: digest: sha256:9a6b437e896acad3f5a2a8084625fdd4177b2e7124ee943af642259f2f283359 size: 916 | ||
|
|
@@ -251,42 +251,42 @@ latest: digest: sha256:9a6b437e896acad3f5a2a8084625fdd4177b2e7124ee943af642259f2 | |
| 查看 ceph 上是否已经有 push 的 pause 容器文件 | ||
|
|
||
| ``` bash | ||
| $ rados lspools | ||
| [k8s@kube-node1 ~]$ rados lspools | ||
| rbd | ||
| cephfs_data | ||
| cephfs_metadata | ||
| .rgw.root | ||
| k8s | ||
| default.rgw.control | ||
| default.rgw.data.root | ||
| default.rgw.gc | ||
| default.rgw.meta | ||
| default.rgw.log | ||
| default.rgw.users.uid | ||
| default.rgw.users.keys | ||
| default.rgw.users.swift | ||
| default.rgw.buckets.index | ||
| default.rgw.buckets.data | ||
|
|
||
| $ rados --pool default.rgw.buckets.data ls|grep pause | ||
| 9c2d5a9d-19e6-4003-90b5-b1cbf15e890d.4310.1_files/docker/registry/v2/repositories/zhangjun3/pause/_layers/sha256/f9d5de0795395db6c50cb1ac82ebed1bd8eb3eefcebb1aa724e01239594e937b/link | ||
| 9c2d5a9d-19e6-4003-90b5-b1cbf15e890d.4310.1_files/docker/registry/v2/repositories/zhangjun3/pause/_layers/sha256/f72a00a23f01987b42cb26f259582bb33502bdb0fcf5011e03c60577c4284845/link | ||
| 9c2d5a9d-19e6-4003-90b5-b1cbf15e890d.4310.1_files/docker/registry/v2/repositories/zhangjun3/pause/_layers/sha256/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/link | ||
| 9c2d5a9d-19e6-4003-90b5-b1cbf15e890d.4310.1_files/docker/registry/v2/repositories/zhangjun3/pause/_manifests/tags/latest/current/link | ||
| 9c2d5a9d-19e6-4003-90b5-b1cbf15e890d.4310.1_files/docker/registry/v2/repositories/zhangjun3/pause/_manifests/tags/latest/index/sha256/9a6b437e896acad3f5a2a8084625fdd4177b2e7124ee943af642259f2f283359/link | ||
| 9c2d5a9d-19e6-4003-90b5-b1cbf15e890d.4310.1_files/docker/registry/v2/repositories/zhangjun3/pause/_manifests/revisions/sha256/9a6b437e896acad3f5a2a8084625fdd4177b2e7124ee943af642259f2f283359/link | ||
| [k8s@kube-node1 ~]$ rados --pool default.rgw.buckets.data ls|grep node-exporter | ||
| 1f3f02c4-fe58-4626-992b-c6c0fe4c8acf.34107.1_files/docker/registry/v2/repositories/prom/node-exporter/_layers/sha256/cdb7590af5f064887f3d6008d46be65e929c74250d747813d85199e04fc70463/link | ||
| 1f3f02c4-fe58-4626-992b-c6c0fe4c8acf.34107.1_files/docker/registry/v2/repositories/prom/node-exporter/_manifests/revisions/sha256/55302581333c43d540db0e144cf9e7735423117a733cdec27716d87254221086/link | ||
| 1f3f02c4-fe58-4626-992b-c6c0fe4c8acf.34107.1_files/docker/registry/v2/repositories/prom/node-exporter/_manifests/tags/v0.16.0/current/link | ||
| 1f3f02c4-fe58-4626-992b-c6c0fe4c8acf.34107.1_files/docker/registry/v2/repositories/prom/node-exporter/_manifests/tags/v0.16.0/index/sha256/55302581333c43d540db0e144cf9e7735423117a733cdec27716d87254221086/link | ||
| 1f3f02c4-fe58-4626-992b-c6c0fe4c8acf.34107.1_files/docker/registry/v2/repositories/prom/node-exporter/_layers/sha256/224a21997e8ca8514d42eb2ed98b19a7ee2537bce0b3a26b8dff510ab637f15c/link | ||
| 1f3f02c4-fe58-4626-992b-c6c0fe4c8acf.34107.1_files/docker/registry/v2/repositories/prom/node-exporter/_layers/sha256/528dda9cf23d0fad80347749d6d06229b9a19903e49b7177d5f4f58736538d4e/link | ||
| 1f3f02c4-fe58-4626-992b-c6c0fe4c8acf.34107.1_files/docker/registry/v2/repositories/prom/node-exporter/_layers/sha256/188af75e2de0203eac7c6e982feff45f9c340eaac4c7a0f59129712524fa2984/link | ||
| ``` | ||
|
|
||
| ## 私有 registry 的运维操作 | ||
|
|
||
| ### 查询私有镜像中的 images | ||
|
|
||
| ``` bash | ||
| $ curl --user zhangjun3:xxx --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/_catalog | ||
| {"repositories":["library/redis","zhangjun3/busybox","zhangjun3/pause","zhangjun3/pause2"]} | ||
| [k8s@kube-node1 ~]$ curl --user foo:foo123 --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/_catalog | ||
| {"repositories":["prom/node-exporter"]} | ||
| ``` | ||
|
|
||
| ### 查询某个镜像的 tags 列表 | ||
|
|
||
| ``` bash | ||
| $ curl --user zhangjun3:xxx --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/zhangjun3/busybox/tags/list | ||
| {"name":"zhangjun3/busybox","tags":["latest"]} | ||
| [k8s@kube-node1 ~]$ curl --user foo:foo123 --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/prom/node-exporter/tags/list | ||
| {"name":"prom/node-exporter","tags":["v0.16.0"]} | ||
| ``` | ||
|
|
||
| ### 获取 image 或 layer 的 digest | ||
|
|
@@ -296,46 +296,69 @@ $ curl --user zhangjun3:xxx --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca | |
| 注意,必须包含请求头:`Accept: application/vnd.docker.distribution.manifest.v2+json`: | ||
|
|
||
| ``` bash | ||
| $ curl -v -H "Accept: application/vnd.docker.distribution.manifest.v2+json" --user zhangjun3:xxx --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/zhangjun3/busybox/manifests/latest | ||
|
|
||
| > GET /v2/zhangjun3/busybox/manifests/latest HTTP/1.1 | ||
| [k8s@kube-node1 ~]$ curl -v -H "Accept: application/vnd.docker.distribution.manifest.v2+json" --user foo:foo123 --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/prom/node-exporter/manifests/v0.16.0 | ||
| * About to connect() to 172.27.132.67 port 8000 (#0) | ||
| * Trying 172.27.132.67... | ||
| * Connected to 172.27.132.67 (172.27.132.67) port 8000 (#0) | ||
| * Initializing NSS with certpath: sql:/etc/pki/nssdb | ||
| * CAfile: /etc/docker/certs.d/172.27.132.67:8000/ca.crt | ||
| CApath: none | ||
| * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ||
| * Server certificate: | ||
| * subject: CN=registry,OU=4Paradigm,O=k8s,L=BeiJing,ST=BeiJing,C=CN | ||
| * start date: Jul 05 12:52:00 2018 GMT | ||
| * expire date: Jul 02 12:52:00 2028 GMT | ||
| * common name: registry | ||
| * issuer: CN=kubernetes,OU=4Paradigm,O=k8s,L=BeiJing,ST=BeiJing,C=CN | ||
| * Server auth using Basic with user 'foo' | ||
| > GET /v2/prom/node-exporter/manifests/v0.16.0 HTTP/1.1 | ||
| > Authorization: Basic Zm9vOmZvbzEyMw== | ||
| > User-Agent: curl/7.29.0 | ||
| > Host: 172.27.132.67:8000 | ||
| > Accept: application/vnd.docker.distribution.manifest.v2+json | ||
| > | ||
| < HTTP/1.1 200 OK | ||
| < Content-Length: 527 | ||
| < Content-Length: 949 | ||
| < Content-Type: application/vnd.docker.distribution.manifest.v2+json | ||
| < Docker-Content-Digest: sha256:68effe31a4ae8312e47f54bec52d1fc925908009ce7e6f734e1b54a4169081c5 | ||
| < Docker-Content-Digest: sha256:55302581333c43d540db0e144cf9e7735423117a733cdec27716d87254221086 | ||
| < Docker-Distribution-Api-Version: registry/2.0 | ||
| < Etag: "sha256:68effe31a4ae8312e47f54bec52d1fc925908009ce7e6f734e1b54a4169081c5" | ||
| < Etag: "sha256:55302581333c43d540db0e144cf9e7735423117a733cdec27716d87254221086" | ||
| < X-Content-Type-Options: nosniff | ||
| < Date: Tue, 21 Mar 2017 15:19:42 GMT | ||
| < Date: Fri, 06 Jul 2018 06:18:41 GMT | ||
| < | ||
| { | ||
| "schemaVersion": 2, | ||
| "mediaType": "application/vnd.docker.distribution.manifest.v2+json", | ||
| "config": { | ||
| "mediaType": "application/vnd.docker.container.image.v1+json", | ||
| "size": 1465, | ||
| "digest": "sha256:00f017a8c2a6e1fe2ffd05c281f27d069d2a99323a8cd514dd35f228ba26d2ff" | ||
| "size": 3511, | ||
| "digest": "sha256:188af75e2de0203eac7c6e982feff45f9c340eaac4c7a0f59129712524fa2984" | ||
| }, | ||
| "layers": [ | ||
| { | ||
| "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", | ||
| "size": 701102, | ||
| "digest": "sha256:04176c8b224aa0eb9942af765f66dae866f436e75acef028fe44b8a98e045515" | ||
| "size": 2392417, | ||
| "digest": "sha256:224a21997e8ca8514d42eb2ed98b19a7ee2537bce0b3a26b8dff510ab637f15c" | ||
| }, | ||
| { | ||
| "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", | ||
| "size": 560703, | ||
| "digest": "sha256:cdb7590af5f064887f3d6008d46be65e929c74250d747813d85199e04fc70463" | ||
| }, | ||
| { | ||
| "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", | ||
| "size": 5332460, | ||
| "digest": "sha256:528dda9cf23d0fad80347749d6d06229b9a19903e49b7177d5f4f58736538d4e" | ||
| } | ||
| ] | ||
| } | ||
| ``` | ||
| ### 删除 image | ||
| 向 `/v2/<name>/manifests/<reference>` 发送 DELETE 请求,reference 为上一步返回的 Docker-Content-Digest 字段内容: | ||
| ``` bash | ||
| $ curl -X DELETE --user zhangjun3:xxx --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/zhangjun3/busybox/manifests/sha256:68effe31a4ae8312e47f54bec52d1fc925908009ce7e6f734e1b54a4169081c5 | ||
| $ curl -X DELETE --user foo:foo123 --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/prom/node-exporter/manifests/sha256:68effe31a4ae8312e47f54bec52d1fc925908009ce7e6f734e1b54a4169081c5 | ||
| $ | ||
| ``` | ||
|
|
@@ -344,7 +367,44 @@ $ | |
| 向 `/v2/<name>/blobs/<digest>`发送 DELETE 请求,其中 digest 是上一步返回的 `fsLayers.blobSum` 字段内容: | ||
| ``` bash | ||
| $ curl -X DELETE --user zhangjun3:xxx --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/zhangjun3/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 | ||
| $ curl -X DELETE --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/zhangjun3/busybox/blobs/sha256:04176c8b224aa0eb9942af765f66dae866f436e75acef028fe44b8a98e045515 | ||
| $ curl -X DELETE --user foo:foo123 --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/prom/node-exporter/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 | ||
| $ curl -X DELETE --cacert /etc/docker/certs.d/172.27.132.67\:8000/ca.crt https://172.27.132.67:8000/v2/prom/node-exporter/blobs/sha256:04176c8b224aa0eb9942af765f66dae866f436e75acef028fe44b8a98e045515 | ||
| $ | ||
| ``` | ||
| ``` | ||
| ## 常见问题 | ||
| ### login 失败 416 | ||
| 执行 http://docs.ceph.com/docs/master/install/install-ceph-gateway/ 里面的 s3 test.py 程序失败: | ||
| [k8s@kube-node1 cert]$ python s3test.py | ||
| Traceback (most recent call last): | ||
| File "s3test.py", line 12, in <module> | ||
| bucket = conn.create_bucket('my-new-bucket') | ||
| File "/usr/lib/python2.7/site-packages/boto/s3/connection.py", line 625, in create_bucket | ||
| response.status, response.reason, body) | ||
| boto.exception.S3ResponseError: S3ResponseError: 416 Requested Range Not Satisfiable | ||
| 解决版办法: | ||
| 1. 在管理节点上修改 ceph.conf | ||
| 1. ceph-deploy config push kube-node1 kube-node2 kube-node3 | ||
| 1. systemctl restart '[email protected]' | ||
| systemctl restart ceph-osd@0 | ||
| systemctl restart '[email protected]' | ||
| systemctl restart '[email protected]' | ||
| For anyone who is hitting this issue | ||
| set default pg_num and pgp_num to lower value(8 for example), or set mon_max_pg_per_osd to a high value in ceph.conf | ||
| radosgw-admin doesn' throw proper error when internal pool creation fails, hence the upper level error which is very confusing. | ||
| https://tracker.ceph.com/issues/21497 | ||
| ### login 失败 503 | ||
| [root@kube-node1 ~]# docker login 172.27.132.67:8000 | ||
| Username: foo | ||
| Password: | ||
| Error response from daemon: login attempt to https://172.27.132.67:8000/v2/ failed with status: 503 Service Unavailable | ||
| 原因: docker run 缺少 --privileged 参数; | ||