一、Harbor
介绍Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能
二、环境准备
Harbor的所有服务组件都是在Docker中部署的,所以官方安装使用Docker-compose快速部署,所以需要安装Docker、Docker-compose。由于Harbor是基于Docker Registry V2版本,所以就要求Docker版本不小于1.10.0,Docker-compose版本不小于1.6.0
1、安装并启动Docker
安装所需的包,设置稳定存储库,安装Docker CE
**安装包 # yum install -y yum-utils device-mapper-persistent-data lvm2 **设置稳定储存库 # yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo **安装Docker CE # yum install -y docker-ce docker-ce-cli containerd.io
2、安装Docker-compose
**这个是官方地址,可能比较慢,推荐使用下面的国内镜像地址 # sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose **国内镜像地址 # curl -L https://get.daocloud.io/docker/compose/releases/download/1.29.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose **下载完之后可以看下 /usr/local/bin 这个目录有没有 docker-compose 这个文件 # ls /usr/local/bin/docker-compose /usr/local/bin/docker-compose **授权给下载下来的/usr/local/bin/docker-compose # chmod +x /usr/local/bin/docker-compose **查看版本号,查得到说明安装完成 # docker-compose version
**在安装harbor的时候可能会提示docker-compose版本太低,需要1.8以上,请去百度搜索1.8以上版本下载,重复上面操作
三、Harbor服务搭建及启动
下载Harbor安装文件
此处我们下载的是最新版:2.0.1版本
harbor官网(版本可能不是最新,下载速度较快)
或者访问CSDN大佬的博客
**创建存放软件包的目录 # mkdir harbor # cd harbor/ **下载软件包 # wget https://github.com/goharbor/harbor/releases/download/v2.0.1/harbor-offline-installer-v2.0.1.tgz # lsharbor-offline-installer-v2.0.1.tgz **解压 # tar -zxf harbor-offline-installer-v2.0.1.tgz
配置Harbor
# ls common docker-compose.yml harbor.yml install.sh prepare common.sh harbor.v2.0.1.tar.gz harbor.yml.tmpl LICENSE
修改harbor安装的配置文件
# cp harbor.yml.tmpl harbor.yml # mkdir -p /opt/application/harbor # ls common.sh harbor.v2.0.1.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare **harbor.yml配置文件主要修改参数如下: # vim harbor.yml hostname: 192.168.XXX.XXX:80 //设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost。默认情况下,harbor使用的端口是80,若使用自定义的端口,除了要改docker-compose.yml文件中的配置外,这里的hostname也要加上自定义的端口,否则在docker login、push时会报错 **http配置 http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 **https配置(如不需要可不配置,注释掉) # https related config #https: # https port for harbor, default is 443 #port: 443 # The path of cert and key files for nginx #certificate: /your/certificate/path #private_key: /your/private/key/path #external_url: https://reg.mydomain.com:8433 //如果要启用外部代理,比如外层的NGINX、LB等,请取消注释external_url,当它启用时,hostname将不再使用。 harbor_admin_password: Harbor12345 //admin密码 **数据库配置 database: # The password for the root user of Harbor DB. Change this before any production use. password: root123 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. max_idle_conns: 50 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. # Note: the default number of connections is 100 for postgres. max_open_conns: 100 **持久化数据目录 data_volume: /opt/application/harbor **以下省略
# systemctl start docker # ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.13 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.29.1 [Step 2]: loading Harbor images ... Loaded image: goharbor/trivy-adapter-photon:v2.0.1 Loaded image: goharbor/harbor-portal:v2.0.1 Loaded image: goharbor/harbor-core:v2.0.1 Loaded image: goharbor/harbor-jobservice:v2.0.1 Loaded image: goharbor/notary-server-photon:v2.0.1 Loaded image: goharbor/harbor-log:v2.0.1 Loaded image: goharbor/registry-photon:v2.0.1 Loaded image: goharbor/notary-signer-photon:v2.0.1 Loaded image: goharbor/clair-photon:v2.0.1 Loaded image: goharbor/chartmuseum-photon:v2.0.1 Loaded image: goharbor/prepare:v2.0.1 Loaded image: goharbor/harbor-db:v2.0.1 Loaded image: goharbor/harbor-registryctl:v2.0.1 Loaded image: goharbor/nginx-photon:v2.0.1 Loaded image: goharbor/redis-photon:v2.0.1 Loaded image: goharbor/clair-adapter-photon:v2.0.1 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /root/harbor/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating redis ... done Creating harbor-portal ... done Creating registryctl ... done Creating harbor-db ... done Creating registry ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done ✔ ----Harbor has been installed and started successfully.----
查看docker镜像
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/chartmuseum-photon v2.0.1 5cdaddecc82e 20 months ago 178MB goharbor/redis-photon v2.0.1 3f7924c541ee 20 months ago 72.2MB goharbor/trivy-adapter-photon v2.0.1 c54ca9c646b5 20 months ago 111MB goharbor/clair-adapter-photon v2.0.1 e55fe88d7a38 20 months ago 62MB goharbor/clair-photon v2.0.1 e3352a5b82b8 20 months ago 171MB goharbor/notary-server-photon v2.0.1 5f5db3d23a57 20 months ago 143MB goharbor/notary-signer-photon v2.0.1 6f69f6099fd8 20 months ago 140MB goharbor/harbor-registryctl v2.0.1 c4b3afb7792b 20 months ago 102MB goharbor/registry-photon v2.0.1 bfe780f0658c 20 months ago 84.5MB goharbor/nginx-photon v2.0.1 a5b6f76b075d 20 months ago 43.6MB goharbor/harbor-log v2.0.1 4b91d2f3dffd 20 months ago 82MB goharbor/harbor-jobservice v2.0.1 2ac5228ba6fb 20 months ago 116MB goharbor/harbor-core v2.0.1 eaf714ada0b3 20 months ago 138MB goharbor/harbor-portal v2.0.1 74883dd356c2 20 months ago 52.4MB goharbor/harbor-db v2.0.1 bf97ad047417 20 months ago 159MB goharbor/prepare v2.0.1 0b3ee4e3b149 20 months ago 158MB
查看运行中的docker
# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cdf442488cfb goharbor/harbor-jobservice:v2.0.1 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice 6623893a1e5e goharbor/nginx-photon:v2.0.1 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx 227d5ab219c0 goharbor/harbor-core:v2.0.1 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core 7b1e7088aca7 goharbor/registry-photon:v2.0.1 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) 5000/tcp registry fc7064b4d750 goharbor/harbor-db:v2.0.1 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) 5432/tcp harbor-db 6ec81f256b16 goharbor/harbor-portal:v2.0.1 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 8080/tcp harbor-portal 8ec2da9493dc goharbor/harbor-registryctl:v2.0.1 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl 5d7cd7e89924 goharbor/redis-photon:v2.0.1 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) 6379/tcp redis 3ca425dcc1cb goharbor/harbor-log:v2.0.1 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
访问harbor WEB界面
http://192.168.XXX.XXX:80 admin Harbor12345
具体使用方法请查看我上一篇博客
四、搭建docker-mysql
# pwd /root/harbor/Dockerfile/mysql-dockerfile/mysql # ls Dockerfile privileges.sql schema.sql setup.sh
Dockerfile
首先创建Dckerfile: # cat Dockerfile FROM mysql:5.7 #作者信息 MAINTAINER THL #设置免密登录 ENV MYSQL_ALLOW_EMPTY_PASSWORD yes #将所需文件放到容器中 COPY setup.sh /mysql/setup.sh COPY schema.sql /mysql/schema.sql COPY privileges.sql /mysql/privileges.sql #设置容器启动时执行的命令 CMD ["sh", "/mysql/setup.sh"]
编写容器启动脚本setup.sh:
# vim setup.sh #!/bin/bash set -e #查看mysql服务的状态,方便调试,这条语句可以删除 echo `service mysql status` echo '1.启动mysql------' #启动mysql service mysql start sleep 3 echo `service mysql status` echo '2.开始导入数据------' #导入数据 mysql < /mysql/schema.sql echo '3.导入数据完毕------' sleep 3 echo `service mysql status` #重新设置mysql密码 echo '4.开始修改密码------' mysql < /mysql/privileges.sql echo '5.修改密码完毕------' echo `service mysql status` echo `mysql容器启动完毕,且数据导入成功` tail -f /dev/null
需要导入数据的mysql脚本命令schema.sql:
# vim schema.sql -- 创建数据库 create database `docker_mysql` default character set utf8 collate utf8_general_ci; use docker_mysql; -- 建表 DROP TABLE IF EXISTS `user`; CREATE TABLE `user` ( `id` bigint(20) NOT NULL, `email` varchar(255) DEFAULT NULL, `username` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- 插入数据 INSERT INTO `user` (`id`, `email`, `username`) VALUES (0,'zhangsan.163@example.com','zhangsan');
mysql权限设置命令privileges.sql:
# vim privileges.sql use mysql; select host, user from user; -- 因为mysql版本是5.7,因此新建用户为如下命令: create user docker identified by '123456'; -- 将docker_mysql数据库的权限授权给创建的docker用户,密码为123456: grant all on docker_mysql.* to docker@'%' identified by '123456' with grant option; -- 这一条命令一定要有: flush privileges;
启动Dockerfile,启动dockerfile的时候不需要本地有基础镜像包,会自动下载。
# docker build -t test/docker-mysql . Sending build context to Docker daemon 5.632kB Step 1/7 : FROM mysql:5.7 5.7: Pulling from library/mysql 15115158dd02: Pull complete d733f6778b18: Pull complete 1cc7a6c74a04: Pull complete c4364028a805: Pull complete 82887163f0f6: Pull complete 28abcb7f57e0: Pull complete 46d27a431703: Pull complete 146a7517cdca: Pull complete ac645a526e45: Pull complete a292dcc315cc: Pull complete ff70b7ef8a8b: Pull complete Digest: sha256:66d52e6baa8093820c09fec56992a5ee734f17e9fad8ef5ffc31597b231bd048 Status: Downloaded newer image for mysql:5.7 ---> 11d8667108c2 Step 2/7 : MAINTAINER THL ---> Running in aab42a8e9a6f Removing intermediate container aab42a8e9a6f ---> b340916a8a0f Step 3/7 : ENV MYSQL_ALLOW_EMPTY_PASSWORD yes ---> Running in fa5b657878f2 Removing intermediate container fa5b657878f2 ---> f92ff1096563 Step 4/7 : COPY setup.sh /mysql/setup.sh ---> 6e2c9199f13c Step 5/7 : COPY schema.sql /mysql/schema.sql ---> 0b580fd680b3 Step 6/7 : COPY privileges.sql /mysql/privileges.sql ---> a01396d2d147 Step 7/7 : CMD ["sh", "/mysql/setup.sh"] ---> Running in e6bdeb47016f Removing intermediate container e6bdeb47016f ---> d8f9ab35ed74 Successfully built d8f9ab35ed74 Successfully tagged test/docker-mysql:latest
查看容器运行情况
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE test/docker-mysql latest d8f9ab35ed74 About a minute ago 450MB # docker run -d -p 13306:3306 test/docker-mysql 7899762d363c97f9a730a309b265cd2ef6b92f094850fc608effdfee6fb0e538 # docker ps |grep mysql 7899762d363c test/docker-mysql "docker-entrypoint.s…" 7 seconds ago Up 7 seconds 33060/tcp, 0.0.0.0:13306->3306/tcp, :::13306->3306/tcp beautiful_clarke # docker exec -it 7899762d363c bash root@7899762d363c:/# service mysql status [info] MySQL Community Server 5.7.37 is running. **登录 # mysql -udocker -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 Server version: 5.7.37 MySQL Community Server (GPL) Copyright (c) 2000, 2022, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 完成,后面只需使用sql管理软件连接即可,连接时端口是映射的本地13306别搞错了
**查看创建的表 mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | docker_mysql | +--------------------+ 2 rows in set (0.00 sec) mysql> use docker_mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +------------------------+ | Tables_in_docker_mysql | +------------------------+ | user | +------------------------+ 1 row in set (0.00 sec) mysql> select * from user; +----+--------------------------+----------+ | id | email | username | +----+--------------------------+----------+ | 0 | zhangsan.163@example.com | zhangsan | +----+--------------------------+----------+ 1 row in set (0.00 sec)
打标签上传到harbor
# docker tag test/docker-mysql 192.168.xxx.xxx:80/mysql/docker-mysql:v0.1 # docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.xxx.xxx:80/mysql/docker-mysql v0.1 d8f9ab35ed74 19 minutes ago 450MB # docker login 192.168.xxx.xxx:80 Username: admin Password: Error response from daemon: Get "https://192.168.xxx.xxx:80/v2/": http: server gave HTTP response to HTTPS client **在登录时,遇到如上报错。解决方法: echo '{ "registry-mirrors": ["https://k728i8z5.mirror.aliyuncs.com"], "insecure-registries":["192.168.xxx.xxx:5000"], "insecure-registries": ["192.168.xxx.xxx:80"] } ' > /etc/docker/daemon.json # systemctl restart docker **kill 掉harbor进程,重新启动harbor下的install.sh **重新登陆即可 # docker login 192.168.1.153:80 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded **上传 # docker push 192.168.xxx.xxx:80/mysql/docker-mysql:v0.1 The push refers to repository [192.168.xxx.xxx:80/mysql/docker-mysql] d939737bf963: Pushed c0b64293731d: Pushed eee68c08277b: Pushed a5c83aef285e: Pushed 126134798e97: Pushed c98a95cee402: Pushed 04320c60c138: Pushed 8f7b9a023a77: Pushed 448356a5f05c: Pushed 6afb138c7c44: Pushed 85bfa4810de9: Pushed f8134b8e36a4: Pushed d981f931af8f: Pushed e5baccb54724: Pushed v0.1: digest: sha256:fa82f3b1e6274cdcfda8e2a530a6b11f407e29067c20d3f3301a45f46e5d24d5 size: 3242
相关下载,拉取到本地,导入到本地等,请查看上篇博客