Docker自建仓库之Harbor部署实战
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.Harbor概述
1>.什么是Harbor
Harbor是一个用于存储和分发镜像的企业级Registry服务器,由Vmware开源,其通过添加一些企业必须的功能特性,例如安全,标识和管理等,扩展了开源Docker Distribution。 作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。 Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中,确保数据和知识产权在公司内部中管控,另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。 官网地址: https://vmware.github.io/ 官方Github地址: https://github.com/goharbor/harbor
2>.Harbor功能介绍
基于角色的访问控制: 用户与Docker镜像仓库通过"项目"进行则指管理,一个用户可以对多个镜像仓库在同一个命名空间(project)里有不同的权限。 镜像复制: 镜像可以在多个Registry实例中复制(同步).尤其适合于负载均衡,高可用,混合云和多云的场景。 图形化用户界面: 用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间。 AD/LDAP支持: Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理。 审计管理: 所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。 国际化: 以拥有英文,中文,德文,日文和俄文的本地化版本。更多的语言将会添加进来。 RESTful API: 提供给管理员对于Harbor更多的操控,使得与其它管理软件集成变得更容易。 部署简单: 提供在线和离线两种安装工具,也可以安装到vSphere平台(OVA方式)虚拟设备。
3>.下载Harbor(生产环境不建议大家直接用最新版,如果非要用最新版本建议在测试环境中做过足够的测试哟~)
[root@docker102.yinzhengjie.org.cn ~]# cd /usr/local/src/ [root@docker102.yinzhengjie.org.cn /usr/local/src]# [root@docker102.yinzhengjie.org.cn /usr/local/src]# ll total 0 [root@docker102.yinzhengjie.org.cn /usr/local/src]# [root@docker102.yinzhengjie.org.cn /usr/local/src]# wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgz --2020-01-28 01:14:30-- https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgz Resolving storage.googleapis.com (storage.googleapis.com)... 172.217.160.80, 2404:6800:4012::2010 Connecting to storage.googleapis.com (storage.googleapis.com)|172.217.160.80|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 580059210 (553M) [application/x-tar] Saving to: ‘harbor-offline-installer-v1.7.5.tgz’ 100%[==================================================================================================================================================================>] 580,059,210 8.86MB/s in 2m 8s 2020-01-28 01:16:45 (4.33 MB/s) - ‘harbor-offline-installer-v1.7.5.tgz’ saved [580059210/580059210] [root@docker102.yinzhengjie.org.cn /usr/local/src]# [root@docker102.yinzhengjie.org.cn /usr/local/src]# ll total 566468 -rw-r--r-- 1 root root 580059210 Apr 2 2019 harbor-offline-installer-v1.7.5.tgz [root@docker102.yinzhengjie.org.cn /usr/local/src]# [root@docker102.yinzhengjie.org.cn /usr/local/src]#
二.Harbor节点准备依赖环境
1>.操作平台
[root@docker103.yinzhengjie.org.cn ~]# uname -r 3.10.0-957.el7.x86_64 [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# uname -m x86_64 [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]#
2>.添加一块2.0T硬盘
[root@docker103.yinzhengjie.org.cn ~]# fdisk -l Disk /dev/sdb: 2147.5 GB, 2147483648000 bytes, 4194304000 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion. Disk /dev/sda: 2199.0 GB, 2199023255552 bytes, 4294967296 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: gpt Disk identifier: 60B0BC61-D7A6-4522-972F-E8B13E38A9C1 # Start End Size Type Name 1 2048 6143 2M BIOS boot 2 6144 2103295 1G Microsoft basic 3 2103296 4294723583 2T Linux LVM Disk /dev/mapper/centos-root: 536.9 GB, 536870912000 bytes, 1048576000 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/mapper/centos-yinzhengjie: 1660.9 GB, 1660944384000 bytes, 3244032000 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]#
3>.格式化新添加的硬盘
[root@docker103.yinzhengjie.org.cn ~]# mkfs.xfs -n ftype=1 /dev/sdb meta-data=/dev/sdb isize=512 agcount=4, agsize=131072000 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0, sparse=0 data = bsize=4096 blocks=524288000, imaxpct=5 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=256000, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 [root@docker103.yinzhengjie.org.cn ~]#
4>.将格式化的硬盘挂载到docker默认的存储路径(由于此时还没有安装docker,因此需要咱们手动创建出"/var/lib/docker"目录)
[root@docker103.yinzhengjie.org.cn ~]# mkdir -pv /var/lib/docker mkdir: created directory ‘/var/lib/docker’ [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# mount /dev/sdb /var/lib/docker/ [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# xfs_info /var/lib/docker/ meta-data=/dev/sdb isize=512 agcount=4, agsize=131072000 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0 spinodes=0 data = bsize=4096 blocks=524288000, imaxpct=5 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal bsize=4096 blocks=256000, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]#
5>.设置硬盘开机自动挂载
[root@docker103.yinzhengjie.org.cn ~]# blkid /dev/sdb /dev/sdb: UUID="80802aac-ad94-465b-a42d-07f99b28ed6b" TYPE="xfs" [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# vim /etc/fstab [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# egrep -v "^$|^#" /etc/fstab /dev/mapper/centos-root / xfs defaults 0 0 UUID=1865a93f-6113-4097-89dc-8c4ea5fdf68c /boot xfs defaults 0 0 /dev/mapper/centos-yinzhengjie /yinzhengjie xfs defaults,noatime,nodiratime 0 0 UUID="80802aac-ad94-465b-a42d-07f99b28ed6b" /var/lib/docker xfs defaults 0 0 [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]#
6>.安装docker
博主推荐阅读: https://www.cnblogs.com/yinzhengjie/p/12178843.html
7>.启动docker服务
[root@docker104.yinzhengjie.org.cn ~]# ll /var/lib/docker total 0 [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# systemctl start docker [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# ll /var/lib/docker total 0 drwx------ 2 root root 24 Jan 28 02:04 builder drwx--x--x 4 root root 92 Jan 28 02:04 buildkit drwx------ 2 root root 6 Jan 28 02:04 containers drwx------ 3 root root 22 Jan 28 02:04 image drwxr-x--- 3 root root 19 Jan 28 02:04 network drwx------ 3 root root 40 Jan 28 02:04 overlay2 drwx------ 4 root root 32 Jan 28 02:04 plugins drwx------ 2 root root 6 Jan 28 02:04 runtimes drwx------ 2 root root 6 Jan 28 02:04 swarm drwx------ 2 root root 6 Jan 28 02:04 tmp drwx------ 2 root root 6 Jan 28 02:04 trust drwx------ 2 root root 25 Jan 28 02:04 volumes [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]#
8>.安装docker编排工具docker-compose(安装Harbor时需要依赖该服务)
[root@docker103.yinzhengjie.org.cn ~]# yum -y install epel-release Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.bit.edu.cn * extras: mirrors.tuna.tsinghua.edu.cn * updates: mirror.bit.edu.cn Resolving Dependencies --> Running transaction check ---> Package epel-release.noarch 0:7-11 will be installed --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================================================================================================================================================== Package Arch Version Repository Size ===================================================================================================================================================================================================================================== Installing: epel-release noarch 7-11 extras 15 k Transaction Summary ===================================================================================================================================================================================================================================== Install 1 Package Total download size: 15 k Installed size: 24 k Downloading packages: epel-release-7-11.noarch.rpm | 15 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : epel-release-7-11.noarch 1/1 Verifying : epel-release-7-11.noarch 1/1 Installed: epel-release.noarch 0:7-11 Complete! [root@docker103.yinzhengjie.org.cn ~]#
[root@docker103.yinzhengjie.org.cn ~]# yum makecache fast Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile epel/x86_64/metalink | 8.9 kB 00:00:00 * base: mirror.bit.edu.cn * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirror.bit.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn base | 3.6 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 epel | 5.3 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/3): epel/x86_64/group_gz | 90 kB 00:00:00 (2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00 (3/3): epel/x86_64/primary_db | 6.9 MB 00:00:01 Metadata Cache Created [root@docker103.yinzhengjie.org.cn ~]#
[root@docker103.yinzhengjie.org.cn ~]# yum -y install docker-compose Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.bit.edu.cn * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirror.bit.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn Resolving Dependencies --> Running transaction check ---> Package docker-compose.noarch 0:1.18.0-4.el7 will be installed --> Processing Dependency: python(abi) = 3.6 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-cached_property >= 1.2.0 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-docker >= 2.6.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-dockerpty >= 0.4.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-docopt >= 0.6.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-jsonschema >= 2.5.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-pysocks >= 1.5.6 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-requests >= 2.6.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-six >= 1.3.0 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-texttable >= 0.9.0 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-websocket-client >= 0.32.0 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-yaml >= 3.10 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: /usr/bin/python3.6 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-setuptools for package: docker-compose-1.18.0-4.el7.noarch --> Running transaction check ---> Package python3.x86_64 0:3.6.8-10.el7 will be installed --> Processing Dependency: python3-libs(x86-64) = 3.6.8-10.el7 for package: python3-3.6.8-10.el7.x86_64 --> Processing Dependency: python3-pip for package: python3-3.6.8-10.el7.x86_64 --> Processing Dependency: libpython3.6m.so.1.0()(64bit) for package: python3-3.6.8-10.el7.x86_64 ---> Package python3-setuptools.noarch 0:39.2.0-10.el7 will be installed ---> Package python36-PyYAML.x86_64 0:3.12-1.el7 will be installed --> Processing Dependency: libyaml-0.so.2()(64bit) for package: python36-PyYAML-3.12-1.el7.x86_64 ---> Package python36-cached_property.noarch 0:1.5.1-2.el7 will be installed ---> Package python36-docker.noarch 0:2.6.1-3.el7 will be installed --> Processing Dependency: python36-docker-pycreds >= 0.2.1 for package: python36-docker-2.6.1-3.el7.noarch ---> Package python36-dockerpty.noarch 0:0.4.1-10.el7 will be installed ---> Package python36-docopt.noarch 0:0.6.2-8.el7 will be installed ---> Package python36-jsonschema.noarch 0:2.5.1-4.el7 will be installed ---> Package python36-pysocks.noarch 0:1.6.8-6.el7 will be installed ---> Package python36-requests.noarch 0:2.14.2-2.el7 will be installed --> Processing Dependency: python36-chardet for package: python36-requests-2.14.2-2.el7.noarch --> Processing Dependency: python36-idna for package: python36-requests-2.14.2-2.el7.noarch --> Processing Dependency: python36-urllib3 for package: python36-requests-2.14.2-2.el7.noarch ---> Package python36-six.noarch 0:1.11.0-3.el7 will be installed ---> Package python36-texttable.noarch 0:1.6.2-1.el7 will be installed ---> Package python36-websocket-client.noarch 0:0.47.0-2.el7 will be installed --> Running transaction check ---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed ---> Package python3-libs.x86_64 0:3.6.8-10.el7 will be installed --> Processing Dependency: libtirpc.so.1()(64bit) for package: python3-libs-3.6.8-10.el7.x86_64 ---> Package python3-pip.noarch 0:9.0.3-5.el7 will be installed ---> Package python36-chardet.noarch 0:3.0.4-1.el7 will be installed ---> Package python36-docker-pycreds.noarch 0:0.2.1-2.el7 will be installed ---> Package python36-idna.noarch 0:2.7-2.el7 will be installed ---> Package python36-urllib3.noarch 0:1.25.1-1.el7 will be installed --> Processing Dependency: python36-rfc3986 for package: python36-urllib3-1.25.1-1.el7.noarch --> Running transaction check ---> Package libtirpc.x86_64 0:0.2.4-0.16.el7 will be installed ---> Package python36-rfc3986.noarch 0:1.3.0-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================================================================================================================================================== Package Arch Version Repository Size ===================================================================================================================================================================================================================================== Installing: docker-compose noarch 1.18.0-4.el7 epel 222 k Installing for dependencies: libtirpc x86_64 0.2.4-0.16.el7 base 89 k libyaml x86_64 0.1.4-11.el7_0 base 55 k python3 x86_64 3.6.8-10.el7 base 69 k python3-libs x86_64 3.6.8-10.el7 base 7.0 M python3-pip noarch 9.0.3-5.el7 base 1.8 M python3-setuptools noarch 39.2.0-10.el7 base 629 k python36-PyYAML x86_64 3.12-1.el7 epel 149 k python36-cached_property noarch 1.5.1-2.el7 epel 18 k python36-chardet noarch 3.0.4-1.el7 epel 190 k python36-docker noarch 2.6.1-3.el7 epel 180 k python36-docker-pycreds noarch 0.2.1-2.el7 epel 15 k python36-dockerpty noarch 0.4.1-10.el7 epel 29 k python36-docopt noarch 0.6.2-8.el7 epel 29 k python36-idna noarch 2.7-2.el7 epel 98 k python36-jsonschema noarch 2.5.1-4.el7 epel 76 k python36-pysocks noarch 1.6.8-6.el7 epel 30 k python36-requests noarch 2.14.2-2.el7 epel 112 k python36-rfc3986 noarch 1.3.0-1.el7 epel 49 k python36-six noarch 1.11.0-3.el7 epel 33 k python36-texttable noarch 1.6.2-1.el7 epel 23 k python36-urllib3 noarch 1.25.1-1.el7 epel 173 k python36-websocket-client noarch 0.47.0-2.el7 epel 59 k Transaction Summary ===================================================================================================================================================================================================================================== Install 1 Package (+22 Dependent packages) Total download size: 11 M Installed size: 56 M Downloading packages: (1/23): libyaml-0.1.4-11.el7_0.x86_64.rpm | 55 kB 00:00:00 (2/23): python3-3.6.8-10.el7.x86_64.rpm | 69 kB 00:00:00 (3/23): python3-pip-9.0.3-5.el7.noarch.rpm | 1.8 MB 00:00:00 (4/23): libtirpc-0.2.4-0.16.el7.x86_64.rpm | 89 kB 00:00:03 warning: /var/cache/yum/x86_64/7/epel/packages/docker-compose-1.18.0-4.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY====- ] 1.5 MB/s | 5.0 MB 00:00:04 ETA Public key for docker-compose-1.18.0-4.el7.noarch.rpm is not installed (5/23): docker-compose-1.18.0-4.el7.noarch.rpm | 222 kB 00:00:04 (6/23): python3-libs-3.6.8-10.el7.x86_64.rpm | 7.0 MB 00:00:04 (7/23): python3-setuptools-39.2.0-10.el7.noarch.rpm | 629 kB 00:00:01 (8/23): python36-PyYAML-3.12-1.el7.x86_64.rpm | 149 kB 00:00:00 (9/23): python36-cached_property-1.5.1-2.el7.noarch.rpm | 18 kB 00:00:00 (10/23): python36-chardet-3.0.4-1.el7.noarch.rpm | 190 kB 00:00:00 (11/23): python36-docker-2.6.1-3.el7.noarch.rpm | 180 kB 00:00:00 (12/23): python36-docker-pycreds-0.2.1-2.el7.noarch.rpm | 15 kB 00:00:00 (13/23): python36-dockerpty-0.4.1-10.el7.noarch.rpm | 29 kB 00:00:00 (14/23): python36-docopt-0.6.2-8.el7.noarch.rpm | 29 kB 00:00:00 (15/23): python36-idna-2.7-2.el7.noarch.rpm | 98 kB 00:00:00 (16/23): python36-jsonschema-2.5.1-4.el7.noarch.rpm | 76 kB 00:00:00 (17/23): python36-pysocks-1.6.8-6.el7.noarch.rpm | 30 kB 00:00:03 (18/23): python36-requests-2.14.2-2.el7.noarch.rpm | 112 kB 00:00:00 (19/23): python36-rfc3986-1.3.0-1.el7.noarch.rpm | 49 kB 00:00:00 (20/23): python36-six-1.11.0-3.el7.noarch.rpm | 33 kB 00:00:00 (21/23): python36-texttable-1.6.2-1.el7.noarch.rpm | 23 kB 00:00:00 (22/23): python36-urllib3-1.25.1-1.el7.noarch.rpm | 173 kB 00:00:00 (23/23): python36-websocket-client-0.47.0-2.el7.noarch.rpm | 59 kB 00:00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 954 kB/s | 11 MB 00:00:11 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 Importing GPG key 0x352C64E5: Userid : "Fedora EPEL (7) <epel@fedoraproject.org>" Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5 Package : epel-release-7-11.noarch (@extras) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : libyaml-0.1.4-11.el7_0.x86_64 1/23 Installing : libtirpc-0.2.4-0.16.el7.x86_64 2/23 Installing : python3-pip-9.0.3-5.el7.noarch 3/23 Installing : python3-setuptools-39.2.0-10.el7.noarch 4/23 Installing : python3-3.6.8-10.el7.x86_64 5/23 Installing : python3-libs-3.6.8-10.el7.x86_64 6/23 Installing : python36-six-1.11.0-3.el7.noarch 7/23 Installing : python36-websocket-client-0.47.0-2.el7.noarch 8/23 Installing : python36-pysocks-1.6.8-6.el7.noarch 9/23 Installing : python36-dockerpty-0.4.1-10.el7.noarch 10/23 Installing : python36-docker-pycreds-0.2.1-2.el7.noarch 11/23 Installing : python36-PyYAML-3.12-1.el7.x86_64 12/23 Installing : python36-texttable-1.6.2-1.el7.noarch 13/23 Installing : python36-jsonschema-2.5.1-4.el7.noarch 14/23 Installing : python36-idna-2.7-2.el7.noarch 15/23 Installing : python36-docopt-0.6.2-8.el7.noarch 16/23 Installing : python36-cached_property-1.5.1-2.el7.noarch 17/23 Installing : python36-chardet-3.0.4-1.el7.noarch 18/23 Installing : python36-rfc3986-1.3.0-1.el7.noarch 19/23 Installing : python36-urllib3-1.25.1-1.el7.noarch 20/23 Installing : python36-requests-2.14.2-2.el7.noarch 21/23 Installing : python36-docker-2.6.1-3.el7.noarch 22/23 Installing : docker-compose-1.18.0-4.el7.noarch 23/23 Verifying : libtirpc-0.2.4-0.16.el7.x86_64 1/23 Verifying : python36-pysocks-1.6.8-6.el7.noarch 2/23 Verifying : python3-libs-3.6.8-10.el7.x86_64 3/23 Verifying : docker-compose-1.18.0-4.el7.noarch 4/23 Verifying : python3-pip-9.0.3-5.el7.noarch 5/23 Verifying : python36-urllib3-1.25.1-1.el7.noarch 6/23 Verifying : python36-texttable-1.6.2-1.el7.noarch 7/23 Verifying : python36-jsonschema-2.5.1-4.el7.noarch 8/23 Verifying : python36-idna-2.7-2.el7.noarch 9/23 Verifying : python36-websocket-client-0.47.0-2.el7.noarch 10/23 Verifying : python36-PyYAML-3.12-1.el7.x86_64 11/23 Verifying : python36-requests-2.14.2-2.el7.noarch 12/23 Verifying : python36-dockerpty-0.4.1-10.el7.noarch 13/23 Verifying : python36-docker-2.6.1-3.el7.noarch 14/23 Verifying : python36-six-1.11.0-3.el7.noarch 15/23 Verifying : python3-setuptools-39.2.0-10.el7.noarch 16/23 Verifying : python36-docopt-0.6.2-8.el7.noarch 17/23 Verifying : python36-cached_property-1.5.1-2.el7.noarch 18/23 Verifying : python3-3.6.8-10.el7.x86_64 19/23 Verifying : libyaml-0.1.4-11.el7_0.x86_64 20/23 Verifying : python36-chardet-3.0.4-1.el7.noarch 21/23 Verifying : python36-docker-pycreds-0.2.1-2.el7.noarch 22/23 Verifying : python36-rfc3986-1.3.0-1.el7.noarch 23/23 Installed: docker-compose.noarch 0:1.18.0-4.el7 Dependency Installed: libtirpc.x86_64 0:0.2.4-0.16.el7 libyaml.x86_64 0:0.1.4-11.el7_0 python3.x86_64 0:3.6.8-10.el7 python3-libs.x86_64 0:3.6.8-10.el7 python3-pip.noarch 0:9.0.3-5.el7 python3-setuptools.noarch 0:39.2.0-10.el7 python36-PyYAML.x86_64 0:3.12-1.el7 python36-cached_property.noarch 0:1.5.1-2.el7 python36-chardet.noarch 0:3.0.4-1.el7 python36-docker.noarch 0:2.6.1-3.el7 python36-docker-pycreds.noarch 0:0.2.1-2.el7 python36-dockerpty.noarch 0:0.4.1-10.el7 python36-docopt.noarch 0:0.6.2-8.el7 python36-idna.noarch 0:2.7-2.el7 python36-jsonschema.noarch 0:2.5.1-4.el7 python36-pysocks.noarch 0:1.6.8-6.el7 python36-requests.noarch 0:2.14.2-2.el7 python36-rfc3986.noarch 0:1.3.0-1.el7 python36-six.noarch 0:1.11.0-3.el7 python36-texttable.noarch 0:1.6.2-1.el7 python36-urllib3.noarch 0:1.25.1-1.el7 python36-websocket-client.noarch 0:0.47.0-2.el7 Complete! [root@docker103.yinzhengjie.org.cn ~]#
三.Harbor部署实战
1>.解压harbor安装包
[root@docker103.yinzhengjie.org.cn ~]# cd /usr/local/src/ [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# ll total 566468 -rw-r--r-- 1 root root 580059210 Jan 28 01:36 harbor-offline-installer-v1.7.5.tgz [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# tar xf harbor-offline-installer-v1.7.5.tgz [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# ll total 566468 drwxr-xr-x 3 root root 270 Jan 28 03:45 harbor -rw-r--r-- 1 root root 580059210 Jan 28 01:36 harbor-offline-installer-v1.7.5.tgz [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# ll harbor total 572840 drwxr-xr-x 3 root root 23 Jan 28 03:45 common -rw-r--r-- 1 root root 939 Apr 1 2019 docker-compose.chartmuseum.yml -rw-r--r-- 1 root root 975 Apr 1 2019 docker-compose.clair.yml -rw-r--r-- 1 root root 1434 Apr 1 2019 docker-compose.notary.yml -rw-r--r-- 1 root root 5608 Apr 1 2019 docker-compose.yml -rw-r--r-- 1 root root 8045 Jan 28 03:52 harbor.cfg -rw-r--r-- 1 root root 585234819 Apr 1 2019 harbor.v1.7.5.tar.gz -rwxr-xr-x 1 root root 5739 Apr 1 2019 install.sh -rw-r--r-- 1 root root 11347 Apr 1 2019 LICENSE -rw-r--r-- 1 root root 1263409 Apr 1 2019 open_source_license -rwxr-xr-x 1 root root 36337 Apr 1 2019 prepare [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]#
2>.修改Harbor的主机名(可以理解为外部访问Harbor的地址,当然也可以写IP地址哟~)
[root@docker103.yinzhengjie.org.cn /usr/local/src]# egrep -v "^#|^$" harbor/harbor.cfg | grep hostname hostname = reg.mydomain.com [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# sed -r -i 's#(hostname = )reg.mydomain.com#1docker103.yinzhengjie.org.cn#' harbor/harbor.cfg [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# egrep -v "^#|^$" harbor/harbor.cfg | grep hostname hostname = docker103.yinzhengjie.org.cn [root@docker103.yinzhengjie.org.cn /usr/local/src]#
3>.修改Harbor的默认密码
[root@docker103.yinzhengjie.org.cn /usr/local/src]# egrep -v "^#|^$" harbor/harbor.cfg | grep harbor_admin_password harbor_admin_password = Harbor12345 [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# sed -r -i 's#(harbor_admin_password = )Harbor12345#1yinzhengjie#' harbor/harbor.cfg [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# egrep -v "^#|^$" harbor/harbor.cfg | grep harbor_admin_password harbor_admin_password = yinzhengjie [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]#
4>.安装Harbor服务
[root@docker103.yinzhengjie.org.cn ~]# cd /usr/local/src/harbor/ [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ll total 572840 drwxr-xr-x 3 root root 23 Jan 28 03:45 common -rw-r--r-- 1 root root 939 Apr 1 2019 docker-compose.chartmuseum.yml -rw-r--r-- 1 root root 975 Apr 1 2019 docker-compose.clair.yml -rw-r--r-- 1 root root 1434 Apr 1 2019 docker-compose.notary.yml -rw-r--r-- 1 root root 5608 Apr 1 2019 docker-compose.yml -rw-r--r-- 1 root root 8045 Jan 28 03:55 harbor.cfg -rw-r--r-- 1 root root 585234819 Apr 1 2019 harbor.v1.7.5.tar.gz -rwxr-xr-x 1 root root 5739 Apr 1 2019 install.sh -rw-r--r-- 1 root root 11347 Apr 1 2019 LICENSE -rw-r--r-- 1 root root 1263409 Apr 1 2019 open_source_license -rwxr-xr-x 1 root root 36337 Apr 1 2019 prepare [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ./install.sh
5>.访问Harbor的WebUI
四.使用Harbor新建项目
1>.点击"新建项目"
2>.项目创建成功
3>.查看项目的"镜像仓库"
4>.查看项目的"配置管理"
五.将本地镜像上传到自建的Harbor镜像仓库中
1>.登录自建的Harbor镜像仓库
[root@docker101.yinzhengjie.org.cn ~]# vim /etc/docker/daemon.json [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker103.yinzhengjie.org.cn"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker login -u admin docker103.yinzhengjie.org.cn Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
2>.为本地镜像打tag
[root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 3 days ago 606MB registry latest 708bc6af7e5e 3 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 4 days ago 983MB tomcat-base 8.5.50 9ff79f369094 5 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 5 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 5 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image tag centos-base:7.6.1810 docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 3 days ago 606MB registry latest 708bc6af7e5e 3 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 4 days ago 983MB tomcat-base 8.5.50 9ff79f369094 5 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 5 days ago 953MB docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 5 days ago 551MB centos-base 7.6.1810 b4931fd9ace2 5 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
3>.上传镜像成功
[root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 3 days ago 606MB registry latest 708bc6af7e5e 4 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 4 days ago 983MB tomcat-base 8.5.50 9ff79f369094 5 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 5 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 5 days ago 551MB docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 5 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image push docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 The push refers to repository [docker103.yinzhengjie.org.cn/base_images/centos-base] 0f448859d86e: Pushed 89169d87dbe2: Pushed v7.6.1810: digest: sha256:62c5a70f2846bd7f8ecd65785e379d0e00acf33ae899f0ec96754a3731b2d425 size: 742 [root@docker101.yinzhengjie.org.cn ~]#
六.下载镜像
1>.登录自建的Harbor镜像仓库
[root@docker102.yinzhengjie.org.cn ~]# vim /etc/docker/daemon.json [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker103.yinzhengjie.org.cn"] } [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# docker login docker103.yinzhengjie.org.cn Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker102.yinzhengjie.org.cn ~]#
2>.下载镜像到本地
[root@docker102.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# docker image pull docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 v7.6.1810: Pulling from base_images/centos-base ac9208207ada: Pull complete 1a93113d354a: Pull complete Digest: sha256:62c5a70f2846bd7f8ecd65785e379d0e00acf33ae899f0ec96754a3731b2d425 Status: Downloaded newer image for docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 5 days ago 551MB [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]#
七.编写Harbor服务的启动脚本
1>.查看harbor的安装目录中关于docker-compose的配置文件(更多关于docker-compose工具的使用可参考:https://www.cnblogs.com/yinzhengjie/p/12250356.html)
2>.使用docker-compose组件管理harbor服务
[root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# docker-compose --help Define and run multi-container applications with Docker. Usage: docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...] docker-compose -h|--help Options: -f, --file FILE Specify an alternate compose file (default: docker-compose.yml) -p, --project-name NAME Specify an alternate project name (default: directory name) --verbose Show more output --no-ansi Do not print ANSI control characters -v, --version Print version and exit -H, --host HOST Daemon socket to connect to --tls Use TLS; implied by --tlsverify --tlscacert CA_PATH Trust certs signed only by this CA --tlscert CLIENT_CERT_PATH Path to TLS certificate file --tlskey TLS_KEY_PATH Path to TLS key file --tlsverify Use TLS and verify the remote --skip-hostname-check Don't check the daemon's hostname against the name specified in the client certificate (for example if your docker host is an IP address) --project-directory PATH Specify an alternate working directory (default: the path of the Compose file) Commands: build Build or rebuild services bundle Generate a Docker bundle from the Compose file config Validate and view the Compose file create Create services down Stop and remove containers, networks, images, and volumes events Receive real time events from containers exec Execute a command in a running container help Get help on a command images List images kill Kill containers logs View output from containers pause Pause services port Print the public port for a port binding ps List containers pull Pull service images push Push service images restart Restart services rm Remove stopped containers run Run a one-off command scale Set number of containers for a service start Start services stop Stop services top Display the running processes unpause Unpause services up Create and start containers version Show the Docker-Compose version information [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]#
[root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 20480 127.0.0.1:1514 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::* [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# docker-compose start Starting log ... done Starting registry ... done Starting registryctl ... done Starting postgresql ... done Starting adminserver ... done Starting core ... done Starting portal ... done Starting redis ... done Starting jobservice ... done Starting proxy ... done [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 20480 127.0.0.1:1514 *:* LISTEN 0 128 *:22 *:* LISTEN 0 20480 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 20480 :::443 :::* LISTEN 0 20480 :::4443 :::* [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]#
[root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 20480 127.0.0.1:1514 *:* LISTEN 0 128 *:22 *:* LISTEN 0 20480 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 20480 :::443 :::* LISTEN 0 20480 :::4443 :::* [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# docker-compose stop Stopping nginx ... done Stopping harbor-jobservice ... done Stopping harbor-portal ... done Stopping harbor-core ... done Stopping registryctl ... done Stopping harbor-db ... done Stopping redis ... done Stopping registry ... done Stopping harbor-adminserver ... done Stopping harbor-log ... done [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::* [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]#
3>.将harbor服务设置为开机自启动
[root@docker103.yinzhengjie.org.cn ~]# vim /etc/rc.d/rc.local [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# tail -2 /etc/rc.d/rc.local #Add by yinzhengjie cd /usr/local/src/harbor && docker-compose start [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# ll /etc/rc.d/rc.local -rw-r--r-- 1 root root 543 Feb 2 18:28 /etc/rc.d/rc.local [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# chmod +x /etc/rc.d/rc.local [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# ll /etc/rc.d/rc.local -rwxr-xr-x 1 root root 543 Feb 2 18:28 /etc/rc.d/rc.local [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# reboot
