Docker私有仓库Harbor安装和配置
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Docker私有仓库Harbor安装和配置相关的知识,希望对你有一定的参考价值。
(一)、概述Harbor是开源registry仓库,相比docker官方拥有更丰富的权限权利和完善的架构设计,适用大规模docker集群部署提供仓库服务。 下载地址:https://github.com/goharbor/harbor/releases
(二)、安装和配置。由于harbor包括docker,docker-composere和client只需安装docker即可(Docker-Compose项目是Docker官方的开源项目,负责实现对Docker容器集群的快速编排。Harbor 的所有组件都在 Dcoker 中部署,所以 Harbor 可使用 Docker Compose 快速部署。
Docker-Compose将所管理的容器分为三层,分别是工程(project),服务(service)以及容器)
1、Dcker安装
[root@localhost ~]#sudo yum install -y yum-utils device-mapper-persistent-data lvm2
[root@localhost ~]# sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost ~]#yum -y install docker-ce
[root@localhost ~]# systemctl enable docker
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl status docker2、Docker Composere安装。直接yum安装
[root@localhost ~]#yum install epel-release
[root@localhost ~]#yum -y install docker-compose3、下载Harbor最新版本的离线安装包并解压出来。https://github.com/goharbor/harbor/releases
[root@otrs004097 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2.tgz
[root@otrs004097 opt]# tar xf harbor-offline-installer-v1.8.2.tgz
[root@otrs004097 opt]# cd harbor/
[root@otrs004097 harbor]# ls
harbor.v1.8.2.tar.gz harbor.yml install.sh LICENSE prepare
4、修改harbor.yml文件。修改下hostname为本机的ip,harbor_admin_password web页面的密码。配置下https
[root@otrs004097 harbor]# grep "^[^#]" harbor.yml
hostname: 192.168.4.97
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
https:
port: 443
certificate: /opt/dcerts/kjdow.crt
private_key: /opt/dcerts/kjdow.key
harbor_admin_password: Harbor12345
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
data_volume: /data
clair:
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters_interval: 12
# Config http proxy for Clair, e.g. http://my.proxy.com:3128
# Clair doesn‘t need to connect to harbor internal components via http proxy.
http_proxy:
https_proxy:
no_proxy: 127.0.0.1,localhost,core,registry
jobservice:
# Maximum number of job workers in job service
max_job_workers: 4
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
log:
# options are debug, info, warning, error, fatal
level: info
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor
_version: 1.8.05、运行安装脚本。出现下边即为安装成功。
[root@otrs004097 harbor]# sh install.sh
? ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://192.168.4.97.
For more details, please visit https://github.com/goharbor/harbor .6、使用刚才的账号进行登录
7、如果想要停止,或者是服务器重启了,需要手动重启,在harbor的安装目录,里执行命令
[root@otrs004097 harbor]# ll
total 564660
drwxr-xr-x 3 root root 20 Aug 20 14:42 common
-rw-r--r-- 1 root root 5387 Aug 21 12:00 docker-compose.yml
-rw-r--r-- 1 root root 578167000 Aug 8 15:51 harbor.v1.8.2.tar.gz
-rw-r--r-- 1 root root 4507 Aug 20 14:39 harbor.yml
-rwxr-xr-x 1 root root 5088 Aug 8 15:51 install.sh
-rw-r--r-- 1 root root 11347 Aug 8 15:51 LICENSE
-rwxr-xr-x 1 root root 1654 Aug 8 15:51 prepare
[root@otrs004097 harbor]# docker-compose stop
Stopping nginx ... done
Stopping harbor-portal ... done
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping registry ... done
Stopping redis ... done
Stopping harbor-db ... done
Stopping registryctl ... done
Stopping harbor-log ... done
[root@otrs004097 harbor]# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting core ... done
Starting portal ... done
Starting redis ... done
Starting jobservice ... done
Starting proxy ... done
[root@otrs004097 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2705ee8ed36c goharbor/nginx-photon:v1.8.2 "nginx -g ‘daemon of…" 3 hours ago Up 24 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx
6972e89dab43 goharbor/harbor-portal:v1.8.2 "nginx -g ‘daemon of…" 3 hours ago Up 24 seconds (health: starting) 80/tcp harbor-portal
406675543ea6 goharbor/harbor-jobservice:v1.8.2 "/harbor/start.sh" 3 hours ago Up 24 seconds harbor-jobservice
1ca5a5d63008 goharbor/harbor-core:v1.8.2 "/harbor/start.sh" 3 hours ago Up 25 seconds (health: starting) harbor-core
9edbf02eaef2 goharbor/registry-photon:v2.7.1-patch-2819-v1.8.2 "/entrypoint.sh /etc…" 3 hours ago Up 26 seconds (health: starting) 5000/tcp registry
1456773e7464 goharbor/redis-photon:v1.8.2 "docker-entrypoint.s…" 3 hours ago Up 26 seconds 6379/tcp redis
c8616d9d70bf goharbor/harbor-db:v1.8.2 "/entrypoint.sh post…" 3 hours ago Up 26 seconds (health: starting) 5432/tcp harbor-db
6c06883e32b7 goharbor/harbor-registryctl:v1.8.2 "/harbor/start.sh" 3 hours ago Up 26 seconds (health: starting) registryctl
cb0c83c37ec1 goharbor/harbor-log:v1.8.2 "/bin/sh -c /usr/loc…" 3 hours ago Up 27 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
d24e185404a8 lqb1:v1.0 "/bin/bash" 5 days ago Up 43 hours lqb18、解决登录报错
[root@DEV004019 ~]# docker login 192.168.4.97
Username: admin
Password:
Error response from daemon: Get https://192.168.4.97/v2/: x509: cannot validate certificate for 192.168.4.97 because it doesn‘t contain any IP SANs解决方法:
8.1、在安装harbor那台服务器的安装目录,在registry模块上添加ports: - 5000:5000
registry:
image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.2
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
networks:
- harbor
ports:
- 5000:5000
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
8.2、同时在harbor和client的docker配置添加 insecure-registries: harbor_IP
[root@DEV004019 ~]# vim /etc/docker/daemon.json
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"insecure-registries": ["192.168.4.97:80"]
8.3、重启harbor 的 docker-compose
[root@otrs004097 harbor]# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting core ... done
Starting portal ... done
Starting redis ... done
Starting jobservice ... done
Starting proxy ... done
[root@otrs004097 harbor]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------------------------
harbor-core /harbor/start.sh Up
harbor-db /entrypoint.sh postgres Up 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up 80/tcp
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up 5000/tcp
registryctl /harbor/start.sh Up
8.4、client端登录私有仓库
[root@DEV004019 ~]# docker login 192.168.4.97
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded9、通过push上传镜像
[root@DEV004019 ~]# docker tag nginx:latest 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
[root@DEV004019 ~]# docker push 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
The push refers to repository [192.168.4.97/lqb/mysq-nginx-v1.0]
12fdf55172df: Pushed
002a63507c1c: Pushed
1c95c77433e8: Pushed
v1.0: digest: sha256:099019968725f0fc12c4b69b289a347ae74cc56da0f0ef56e8eb8e0134fc7911 size: 94810、pull命令
[root@DEV004019 ~]# docker pull 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
v1.0: Pulling from lqb/mysq-nginx-v1.0
Digest: sha256:099019968725f0fc12c4b69b289a347ae74cc56da0f0ef56e8eb8e0134fc7911
Status: Downloaded newer image for 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
[root@DEV004019 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
lqb1 v1.0 add4aac9e719 5 days ago 369MB
192.168.4.97/lqb/mysq-nginx-v1.0 v1.0 5a3221f0137b 5 days ago 126MB
相关的推送和tag的命令可在harbor查找
备注:
docke-compose ps # 查看容器。
docker-compose up -d # 后台启动,如果容器不存在根据镜像自动创建。
docker-compose down -v # 停止容器并删除容器。
docker-compose start # 启动容器,容器不存在就无法启动,不会自动创建镜像。
docker-compose stop # 停止容器。
docker-compose logs # 查看日志(harbor日志存放 /var/logs/harbor)以上是关于Docker私有仓库Harbor安装和配置的主要内容,如果未能解决你的问题,请参考以下文章