Docker(三)私有仓库Harbor安装和配置

(一)、概述
Harbor是开源registry仓库,相比docker官方拥有更丰富的权限权利和完善的架构设计,适用大规模docker集群部署提供仓库服务。 下载地址:https://github.com/goharbor/harbor/releases

(二)、安装和配置。由于harbor包括docker,docker-composere和client只需安装docker即可(Docker-Compose项目是Docker官方的开源项目,负责实现对Docker容器集群的快速编排。Harbor 的所有组件都在 Dcoker 中部署,所以 Harbor 可使用 Docker Compose 快速部署。
Docker-Compose将所管理的容器分为三层,分别是工程(project),服务(service)以及容器)

1、Dcker安装

[[email protected] ~]#sudo yum install -y yum-utils device-mapper-persistent-data lvm2
[[email protected] ~]# sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[[email protected] ~]#yum -y install docker-ce
[[email protected] ~]# systemctl enable docker
[[email protected] ~]# systemctl start docker
[[email protected] ~]# systemctl status docker

2、Docker Composere安装。直接yum安装

[[email protected] ~]#yum install epel-release
[[email protected] ~]#yum -y install docker-compose

3、下载Harbor最新版本的离线安装包并解压出来。https://github.com/goharbor/harbor/releases

[[email protected] ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2.tgz
[[email protected] opt]# tar xf harbor-offline-installer-v1.8.2.tgz
[[email protected] opt]# cd harbor/
[[email protected] harbor]# ls
harbor.v1.8.2.tar.gz  harbor.yml  install.sh  LICENSE  prepare

4、修改harbor.yml文件。修改下hostname为本机的ip,harbor_admin_password web页面的密码。配置下https

[[email protected] harbor]# grep "^[^#]" harbor.yml
hostname: 192.168.4.97
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80
https:
   port: 443
   certificate: /opt/dcerts/kjdow.crt
   private_key: /opt/dcerts/kjdow.key
harbor_admin_password: Harbor12345
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123
data_volume: /data
clair:
  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
  updaters_interval: 12
  # Config http proxy for Clair, e.g. http://my.proxy.com:3128
  # Clair doesn‘t need to connect to harbor internal components via http proxy.
  http_proxy:
  https_proxy:
  no_proxy: 127.0.0.1,localhost,core,registry
jobservice:
  # Maximum number of job workers in job service
  max_job_workers: 4
chart:
  # Change the value of absolute_url to enabled can enable absolute url in chart
  absolute_url: disabled
log:
  # options are debug, info, warning, error, fatal
  level: info
  # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
  rotate_count: 50
  # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
  # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
  # are all valid.
  rotate_size: 200M
  # The directory on your host that store log
  location: /var/log/harbor
_version: 1.8.0

5、运行安装脚本。出现下边即为安装成功。

[[email protected] harbor]# sh install.sh
? ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://192.168.4.97.
For more details, please visit https://github.com/goharbor/harbor .

6、使用刚才的账号进行登录

7、如果想要停止,或者是服务器重启了,需要手动重启,在harbor的安装目录,里执行命令

[[email protected] harbor]# ll
total 564660
drwxr-xr-x 3 root root        20 Aug 20 14:42 common
-rw-r--r-- 1 root root      5387 Aug 21 12:00 docker-compose.yml
-rw-r--r-- 1 root root 578167000 Aug  8 15:51 harbor.v1.8.2.tar.gz
-rw-r--r-- 1 root root      4507 Aug 20 14:39 harbor.yml
-rwxr-xr-x 1 root root      5088 Aug  8 15:51 install.sh
-rw-r--r-- 1 root root     11347 Aug  8 15:51 LICENSE
-rwxr-xr-x 1 root root      1654 Aug  8 15:51 prepare
[[email protected] harbor]# docker-compose stop
Stopping nginx             ... done
Stopping harbor-portal     ... done
Stopping harbor-jobservice ... done
Stopping harbor-core       ... done
Stopping registry          ... done
Stopping redis             ... done
Stopping harbor-db         ... done
Stopping registryctl       ... done
Stopping harbor-log        ... done
[[email protected] harbor]# docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting core        ... done
Starting portal      ... done
Starting redis       ... done
Starting jobservice  ... done
Starting proxy       ... done
[[email protected] harbor]# docker ps
CONTAINER ID        IMAGE                                               COMMAND                  CREATED             STATUS                             PORTS                                      NAMES
2705ee8ed36c        goharbor/nginx-photon:v1.8.2                        "nginx -g ‘daemon of…"   3 hours ago         Up 24 seconds (health: starting)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   nginx
6972e89dab43        goharbor/harbor-portal:v1.8.2                       "nginx -g ‘daemon of…"   3 hours ago         Up 24 seconds (health: starting)   80/tcp                                     harbor-portal
406675543ea6        goharbor/harbor-jobservice:v1.8.2                   "/harbor/start.sh"       3 hours ago         Up 24 seconds                                                                 harbor-jobservice
1ca5a5d63008        goharbor/harbor-core:v1.8.2                         "/harbor/start.sh"       3 hours ago         Up 25 seconds (health: starting)                                              harbor-core
9edbf02eaef2        goharbor/registry-photon:v2.7.1-patch-2819-v1.8.2   "/entrypoint.sh /etc…"   3 hours ago         Up 26 seconds (health: starting)   5000/tcp                                   registry
1456773e7464        goharbor/redis-photon:v1.8.2                        "docker-entrypoint.s…"   3 hours ago         Up 26 seconds                      6379/tcp                                   redis
c8616d9d70bf        goharbor/harbor-db:v1.8.2                           "/entrypoint.sh post…"   3 hours ago         Up 26 seconds (health: starting)   5432/tcp                                   harbor-db
6c06883e32b7        goharbor/harbor-registryctl:v1.8.2                  "/harbor/start.sh"       3 hours ago         Up 26 seconds (health: starting)                                              registryctl
cb0c83c37ec1        goharbor/harbor-log:v1.8.2                          "/bin/sh -c /usr/loc…"   3 hours ago         Up 27 seconds (health: starting)   127.0.0.1:1514->10514/tcp                  harbor-log
d24e185404a8        lqb1:v1.0                                           "/bin/bash"              5 days ago          Up 43 hours                                                                   lqb1

8、解决登录报错

[[email protected] ~]# docker login 192.168.4.97
Username: admin
Password:
Error response from daemon: Get https://192.168.4.97/v2/: x509: cannot validate certificate for 192.168.4.97 because it doesn‘t contain any IP SANs
解决方法:
8.1、在安装harbor那台服务器的安装目录,在registry模块上添加ports: - 5000:5000
  registry:
    image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.2
    container_name: registry
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - type: bind
        source: /data/secret/registry/root.crt
        target: /etc/registry/root.crt
    networks:
      - harbor
    ports:
      - 5000:5000
   dns_search: .
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registry"
8.2、同时在harbor和client的docker配置添加 insecure-registries: harbor_IP
[[email protected] ~]# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["http://hub-mirror.c.163.com"],
  "insecure-registries": ["192.168.4.97:80"]
8.3、重启harbor 的 docker-compose
[[email protected] harbor]# docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting core        ... done
Starting portal      ... done
Starting redis       ... done
Starting jobservice  ... done
Starting proxy       ... done
[[email protected] harbor]# docker-compose ps
      Name                     Command               State                    Ports
-----------------------------------------------------------------------------------------------------
harbor-core         /harbor/start.sh                 Up
harbor-db           /entrypoint.sh postgres          Up      5432/tcp
harbor-jobservice   /harbor/start.sh                 Up
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up      127.0.0.1:1514->10514/tcp
harbor-portal       nginx -g daemon off;             Up      80/tcp
nginx               nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
redis               docker-entrypoint.sh redis ...   Up      6379/tcp
registry            /entrypoint.sh /etc/regist ...   Up      5000/tcp
registryctl         /harbor/start.sh                 Up         

8.4、client端登录私有仓库
[[email protected] ~]# docker login 192.168.4.97
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

9、通过push上传镜像

[[email protected] ~]# docker tag nginx:latest 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
[[email protected] ~]# docker push 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
The push refers to repository [192.168.4.97/lqb/mysq-nginx-v1.0]
12fdf55172df: Pushed
002a63507c1c: Pushed
1c95c77433e8: Pushed
v1.0: digest: sha256:099019968725f0fc12c4b69b289a347ae74cc56da0f0ef56e8eb8e0134fc7911 size: 948

10、pull命令

[[email protected] ~]# docker pull 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
v1.0: Pulling from lqb/mysq-nginx-v1.0
Digest: sha256:099019968725f0fc12c4b69b289a347ae74cc56da0f0ef56e8eb8e0134fc7911
Status: Downloaded newer image for 192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
192.168.4.97/lqb/mysq-nginx-v1.0:v1.0
[[email protected] ~]# docker images
REPOSITORY                                                                    TAG                 IMAGE ID            CREATED             SIZE
lqb1                                                                          v1.0                add4aac9e719        5 days ago          369MB
192.168.4.97/lqb/mysq-nginx-v1.0                                              v1.0                5a3221f0137b        5 days ago          126MB

相关的推送和tag的命令可在harbor查找

备注:

docke-compose ps             # 查看容器。
docker-compose up -d         # 后台启动,如果容器不存在根据镜像自动创建。
docker-compose down -v       # 停止容器并删除容器。
docker-compose start         # 启动容器,容器不存在就无法启动,不会自动创建镜像。
docker-compose stop          # 停止容器。
docker-compose logs          # 查看日志(harbor日志存放 /var/logs/harbor)

原文地址:https://blog.51cto.com/liqingbiao/2431439

时间: 2024-10-28 21:06:36

Docker(三)私有仓库Harbor安装和配置的相关文章

Docker的私有仓库

学习Docker的过程中Docker的私有仓库一直没能成功,就是因为CentOS 6.x和CentOS 7默认引入了支持https认证,每次在push和pull的时候都会报错,今天是周末,利用一天的时间反复测试和网上案列的整合,总算是成功了,也借此机会对学习Docker的朋友有所帮助. 个人的愚见:博友在练习的时候建议用CentOS 7.x系统,不建议用CentOS 6.x系统 一.准备 地址规划: Docker私有仓库地址:192.168.0.109 Docker客户端地址:192.168.0

docker创建私有仓库

1.查看远程仓库中的列表$ sudo docker search registry    //会列出你所需要的仓库 2.获取registry仓库$ sudo docker pull registry   //最新 3.运行 $ sudo docker run -p 5000:5000  docker.io/registry   //-p映射端口 3.1查看容器运行情况[[email protected] docker]# docker psCONTAINER ID        IMAGE   

企业级docker私有仓库harbor在Ubuntu14.04上的部署与使用

一.harbor简介: 简单的说,Harbor 是一个企业级的 Docker Registry,可以实现 images 的私有存储和日志统计权限控制等功能,并支持创建多项目(Harbor 提出的概念),基于官方 Registry V2 实现的. 二.部署方法: 操作系统:Ubuntu14.04 1.安装docker: #安装插件 sudo apt-get install apt-transport-https ca-certificates #添加GPG key sudo apt-key adv

第五章 配置私有仓库Harbor

一.Harbor 安装(尚硅谷资料) 安装:Harbor 官方地址:官方地址:https://github.com/vmware/harbor/releases 1.解压软件包 tar xvf harbor-offline-installer-<version>.tgz https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz 2.配置harbor.cfga 必选参

Docker 私有仓库 Harbor registry 安全认证搭建 [Https]

Harbor源码地址:https://github.com/vmware/harborHarbort特性:基于角色控制用户和仓库都是基于项目进行组织的, 而用户基于项目可以拥有不同的权限.基于镜像的复制策略镜像可以在多个 Harbor 实例之间进行复制.支持 LDAPHarbor 的用户授权可以使用已经存在 LDAP 用户.镜像删除 & 垃圾回收Image 可以被删除并且回收 Image 占用的空间.用户 UI用户可以轻松的浏览.搜索镜像仓库以及对项目进行管理.镜像删除 & 垃圾回收绝大部

Docker私服仓库Harbor安装

Harbor安装那里还是很简单,就是在Docker Login那里掉坑里去了,搞半天,写博客的时候,又重新安装了一遍 1.准备两台服务器 centos7 harbor 10.19.46.15 client 10.19.44.31 2.harbor需要安装docker和docker-composere,client只需要安装docker Docker安装 yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-m

Docker部署私有仓库(registry&amp;Harbor)

仓库(Repository)是集中存放镜像的地方.一个容易混淆的概念是注册服务器(registry).实际上注册服务器是管理仓库的具体服务器,每个服务器上可以有多个仓库,而每个仓库下面有多个镜像.从这方面来说,仓库可以被认为是一个具体的项目或目录.例如对于仓库地址docker.sina.com.cn/centos:centos7来说,docekr.sian.com.cn是注册服务器地址,centos是仓库名,centos7是仓库的tag(标签). Docker Hub 官方仓库目前docker官

docker私有仓库Harbor的搭设与使用

1.Harbor 介绍 Manage and serve container images in a secure environment https://goharbor.io/ 2.环境.软件准备 Linux Centos7上操作,以下是安装的软件及版本: Centos:Linux version 3.10.0-862.9.1.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)

Docker 搭建私有仓库

搭建私有仓库 首先在136机器上下载registry镜像 $ sudo docker pull registry 下载完之后我们通过该镜像启动一个容器 $ sudo docker run -d -p 5000:5000 registry 默认情况下,会将仓库存放于容器内的/tmp/registry目录下,这样如果容器被删除,则存放于容器中的镜像也会丢失,所以我们一般情况下会指定本地一个目录挂载到容器内的/tmp/registry下,如下: $ sudo docker run -d -p 5000