(一)、概述
Harbor是開源registry倉庫,相比docker官方擁有更豐富的權限權利和完善的架構設計,適用大規模docker集羣部署提供倉庫服務。 下載地址:https://github.com/goharbor/harbor/releases
(二)、安裝和配置。由於harbor包括docker,docker-composere和client只需安裝docker即可(Docker-Compose項目是Docker官方的開源項目,負責實現對Docker容器集羣的快速編排。Harbor 的所有組件都在 Dcoker 中部署,所以 Harbor 可使用 Docker Compose 快速部署。
Docker-Compose將所管理的容器分爲三層,分別是工程(project),服務(service)以及容器)
1、Dcker安裝
[root@localhost ~]#sudo yum install -y yum-utils device-mapper-persistent-data lvm2
[root@localhost ~]# sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost ~]#yum -y install docker-ce
[root@localhost ~]# systemctl enable docker
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl status docker
2、Docker Composere安裝。直接yum安裝
[root@localhost ~]#yum install epel-release
[root@localhost ~]#yum -y install docker-compose
3、下載Harbor最新版本的離線安裝包並解壓出來。https://github.com/goharbor/harbor/releases
[root@otrs004097 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2.tgz
[root@otrs004097 opt]# tar xf harbor-offline-installer-v1.8.2.tgz
[root@otrs004097 opt]# cd harbor/
[root@otrs004097 harbor]# ls
harbor.v1.8.2.tar.gz harbor.yml install.sh LICENSE prepare
4、修改harbor.yml文件。修改下hostname爲本機的ip,harbor_admin_password web頁面的密碼。配置下https
[root@otrs004097 harbor]# grep "^[^#]" harbor.yml
hostname: 192.168.4.97
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
https:
port: 443
certificate: /opt/dcerts/kjdow.crt
private_key: /opt/dcerts/kjdow.key
harbor_admin_password: Harbor12345
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
data_volume: /data
clair:
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters_interval: 12
# Config http proxy for Clair, e.g. http://my.proxy.com:3128
# Clair doesn't need to connect to harbor internal components via http proxy.
http_proxy:
https_proxy:
no_proxy: 127.0.0.1,localhost,core,registry
jobservice:
# Maximum number of job workers in job service
max_job_workers: 4
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
log:
# options are debug, info, warning, error, fatal
level: info
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor
_version: 1.8.0
5、運行安裝腳本。出現下邊即爲安裝成功。
[root@otrs004097 harbor]# sh install.sh
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://192.168.4.97.
For more details, please visit https://github.com/goharbor/harbor .
6、使用剛纔的賬號進行登錄
7、如果想要停止,或者是服務器重啓了,需要手動重啓,在harbor的安裝目錄,裏執行命令
[root@otrs004097 harbor]# ll
total 564660
drwxr-xr-x 3 root root 20 Aug 20 14:42 common
-rw-r--r-- 1 root root 5387 Aug 21 12:00 docker-compose.yml
-rw-r--r-- 1 root root 578167000 Aug 8 15:51 harbor.v1.8.2.tar.gz
-rw-r--r-- 1 root root 4507 Aug 20 14:39 harbor.yml
-rwxr-xr-x 1 root root 5088 Aug 8 15:51 install.sh
-rw-r--r-- 1 root root 11347 Aug 8 15:51 LICENSE
-rwxr-xr-x 1 root root 1654 Aug 8 15:51 prepare
[root@otrs004097 harbor]# docker-compose stop
Stopping nginx ... done
Stopping harbor-portal ... done
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping registry ... done
Stopping redis ... done
Stopping harbor-db ... done
Stopping registryctl ... done
Stopping harbor-log ... done
[root@otrs004097 harbor]# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting core ... done
Starting portal ... done
Starting redis ... done
Starting jobservice ... done
Starting proxy ... done
[root@otrs004097 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2705ee8ed36c goharbor/nginx-photon:v1.8.2 "nginx -g 'daemon of…" 3 hours ago Up 24 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx
6972e89dab43 goharbor/harbor-portal:v1.8.2 "nginx -g 'daemon of…" 3 hours ago Up 24 seconds (health: starting) 80/tcp harbor-portal
406675543ea6 goharbor/harbor-jobservice:v1.8.2 "/harbor/start.sh" 3 hours ago Up 24 seconds harbor-jobservice
1ca5a5d63008 goharbor/harbor-core:v1.8.2 "/harbor/start.sh" 3 hours ago Up 25 seconds (health: starting) harbor-core
9edbf02eaef2 goharbor/registry-photon:v2.7.1-patch-2819-v1.8.2 "/entrypoint.sh /etc…" 3 hours ago Up 26 seconds (health: starting) 5000/tcp registry
1456773e7464 goharbor/redis-photon:v1.8.2 "docker-entrypoint.s…" 3 hours ago Up 26 seconds 6379/tcp redis
c8616d9d70bf goharbor/harbor-db:v1.8.2 "/entrypoint.sh post…" 3 hours ago Up 26 seconds (health: starting) 5432/tcp harbor-db
6c06883e32b7 goharbor/harbor-registryctl:v1.8.2 "/harbor/start.sh" 3 hours ago Up 26 seconds (health: starting) registryctl
cb0c83c37ec1 goharbor/harbor-log:v1.8.2 "/bin/sh -c /usr/loc…" 3 hours ago Up 27 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
d24e185404a8 lqb1:v1.0 "/bin/bash" 5 days ago Up 43 hours lqb1
8、解決登錄報錯
[root@DEV004019 ~]# docker login 192.168.4.97
Username: admin
Password:
Error response from daemon: Get https://192.168.4.97/v2/: x509: cannot validate certificate for 192.168.4.97 because it doesn't contain any IP SANs
解決方法:
8.1、在安裝harbor那臺服務器的安裝目錄,在registry模塊上添加ports: - 5000:5000
registry:
image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.2
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
networks:
- harbor
ports:
- 5000:5000
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
8.2、同時在harbor和client的docker配置添加 insecure-registries: harbor_IP
[root@DEV004019 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"insecure-registries": ["192.168.4.97:80"]
8.3、重啓harbor 的 docker-compose
[root@otrs004097 harbor]# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting core ... done
Starting portal ... done
Starting redis ... done
Starting jobservice ... done
Starting proxy ... done
[root@otrs004097 harbor]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------------------------
harbor-core /harbor/start.sh Up
harbor-db /entrypoint.sh postgres Up 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up 80/tcp
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up 5000/tcp
registryctl /harbor/start.sh Up
8.4、client端登錄私有倉庫
[root@DEV004019 ~]# docker login 192.168.4.97
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
9、通過push上傳鏡像
[root@DEV004019 ~]# docker tag nginx:latest 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
[root@DEV004019 ~]# docker push 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
The push refers to repository [192.168.4.97/lqb/mysq-nginx-v1.0]
12fdf55172df: Pushed
002a63507c1c: Pushed
1c95c77433e8: Pushed
v1.0: digest: sha256:099019968725f0fc12c4b69b289a347ae74cc56da0f0ef56e8eb8e0134fc7911 size: 948
10、pull命令
[root@DEV004019 ~]# docker pull 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
v1.0: Pulling from lqb/mysq-nginx-v1.0
Digest: sha256:099019968725f0fc12c4b69b289a347ae74cc56da0f0ef56e8eb8e0134fc7911
Status: Downloaded newer image for 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
[root@DEV004019 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
lqb1 v1.0 add4aac9e719 5 days ago 369MB
192.168.4.97/lqb/mysq-nginx-v1.0 v1.0 5a3221f0137b 5 days ago 126MB
相關的推送和tag的命令可在harbor查找
備註:
docke-compose ps # 查看容器。
docker-compose up -d # 後臺啓動,如果容器不存在根據鏡像自動創建。
docker-compose down -v # 停止容器並刪除容器。
docker-compose start # 啓動容器,容器不存在就無法啓動,不會自動創建鏡像。
docker-compose stop # 停止容器。
docker-compose logs # 查看日誌(harbor日誌存放 /var/logs/harbor)