Docker自建倉庫之Harbor部署實戰
作者:尹正傑
版權聲明:原創作品,謝絕轉載!否則將追究法律責任。
一.Harbor概述
1>.什么是Harbor
Harbor是一個用於存儲和分發鏡像的企業級Registry服務器,由Vmware開源,其通過添加一些企業必須的功能特性,例如安全,標識和管理等,擴展了開源Docker Distribution。 作為一個企業級私有Registry服務器,Harbor提供了更好的性能和安全。提升用戶使用Registry構建和運行環境傳輸鏡像的效率。 Harbor支持安裝在多個Registry節點的鏡像資源復制,鏡像全部保存在私有Registry中,確保數據和知識產權在公司內部中管控,另外,Harbor也提供了高級的安全特性,諸如用戶管理,訪問控制和活動審計等。 官網地址: https://vmware.github.io/ 官方Github地址: https://github.com/goharbor/harbor
2>.Harbor功能介紹
基於角色的訪問控制: 用戶與Docker鏡像倉庫通過"項目"進行則指管理,一個用戶可以對多個鏡像倉庫在同一個命名空間(project)里有不同的權限。 鏡像復制: 鏡像可以在多個Registry實例中復制(同步).尤其適合於負載均衡,高可用,混合雲和多雲的場景。 圖形化用戶界面: 用戶可以通過瀏覽器來瀏覽,檢索當前Docker鏡像倉庫,管理項目和命名空間。 AD/LDAP支持: Harbor可以集成企業內部已有的AD/LDAP,用於鑒權認證管理。 審計管理: 所有針對鏡像倉庫的操作都可以被記錄追溯,用於審計管理。 國際化: 以擁有英文,中文,德文,日文和俄文的本地化版本。更多的語言將會添加進來。 RESTful API: 提供給管理員對於Harbor更多的操控,使得與其它管理軟件集成變得更容易。 部署簡單: 提供在線和離線兩種安裝工具,也可以安裝到vSphere平台(OVA方式)虛擬設備。
3>.下載Harbor(生產環境不建議大家直接用最新版,如果非要用最新版本建議在測試環境中做過足夠的測試喲~)
[root@docker102.yinzhengjie.org.cn ~]# cd /usr/local/src/ [root@docker102.yinzhengjie.org.cn /usr/local/src]# [root@docker102.yinzhengjie.org.cn /usr/local/src]# ll total 0 [root@docker102.yinzhengjie.org.cn /usr/local/src]# [root@docker102.yinzhengjie.org.cn /usr/local/src]# wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgz --2020-01-28 01:14:30-- https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgz Resolving storage.googleapis.com (storage.googleapis.com)... 172.217.160.80, 2404:6800:4012::2010 Connecting to storage.googleapis.com (storage.googleapis.com)|172.217.160.80|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 580059210 (553M) [application/x-tar] Saving to: ‘harbor-offline-installer-v1.7.5.tgz’ 100%[==================================================================================================================================================================>] 580,059,210 8.86MB/s in 2m 8s 2020-01-28 01:16:45 (4.33 MB/s) - ‘harbor-offline-installer-v1.7.5.tgz’ saved [580059210/580059210] [root@docker102.yinzhengjie.org.cn /usr/local/src]# [root@docker102.yinzhengjie.org.cn /usr/local/src]# ll total 566468 -rw-r--r-- 1 root root 580059210 Apr 2 2019 harbor-offline-installer-v1.7.5.tgz [root@docker102.yinzhengjie.org.cn /usr/local/src]# [root@docker102.yinzhengjie.org.cn /usr/local/src]#
二.Harbor節點准備依賴環境
1>.操作平台
[root@docker103.yinzhengjie.org.cn ~]# uname -r 3.10.0-957.el7.x86_64 [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# uname -m x86_64 [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]#
2>.添加一塊2.0T硬盤
[root@docker103.yinzhengjie.org.cn ~]# fdisk -l Disk /dev/sdb: 2147.5 GB, 2147483648000 bytes, 4194304000 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion. Disk /dev/sda: 2199.0 GB, 2199023255552 bytes, 4294967296 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: gpt Disk identifier: 60B0BC61-D7A6-4522-972F-E8B13E38A9C1 # Start End Size Type Name 1 2048 6143 2M BIOS boot 2 6144 2103295 1G Microsoft basic 3 2103296 4294723583 2T Linux LVM Disk /dev/mapper/centos-root: 536.9 GB, 536870912000 bytes, 1048576000 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/mapper/centos-yinzhengjie: 1660.9 GB, 1660944384000 bytes, 3244032000 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]#
3>.格式化新添加的硬盤
[root@docker103.yinzhengjie.org.cn ~]# mkfs.xfs -n ftype=1 /dev/sdb meta-data=/dev/sdb isize=512 agcount=4, agsize=131072000 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0, sparse=0 data = bsize=4096 blocks=524288000, imaxpct=5 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=256000, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 [root@docker103.yinzhengjie.org.cn ~]#
4>.將格式化的硬盤掛載到docker默認的存儲路徑(由於此時還沒有安裝docker,因此需要咱們手動創建出"/var/lib/docker"目錄)
[root@docker103.yinzhengjie.org.cn ~]# mkdir -pv /var/lib/docker mkdir: created directory ‘/var/lib/docker’ [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# mount /dev/sdb /var/lib/docker/ [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# xfs_info /var/lib/docker/ meta-data=/dev/sdb isize=512 agcount=4, agsize=131072000 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0 spinodes=0 data = bsize=4096 blocks=524288000, imaxpct=5 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal bsize=4096 blocks=256000, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]#
5>.設置硬盤開機自動掛載
[root@docker103.yinzhengjie.org.cn ~]# blkid /dev/sdb /dev/sdb: UUID="80802aac-ad94-465b-a42d-07f99b28ed6b" TYPE="xfs" [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# vim /etc/fstab [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# egrep -v "^$|^#" /etc/fstab /dev/mapper/centos-root / xfs defaults 0 0 UUID=1865a93f-6113-4097-89dc-8c4ea5fdf68c /boot xfs defaults 0 0 /dev/mapper/centos-yinzhengjie /yinzhengjie xfs defaults,noatime,nodiratime 0 0 UUID="80802aac-ad94-465b-a42d-07f99b28ed6b" /var/lib/docker xfs defaults 0 0 [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]#
6>.安裝docker
博主推薦閱讀: https://www.cnblogs.com/yinzhengjie/p/12178843.html
7>.啟動docker服務
[root@docker104.yinzhengjie.org.cn ~]# ll /var/lib/docker total 0 [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# systemctl start docker [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# ll /var/lib/docker total 0 drwx------ 2 root root 24 Jan 28 02:04 builder drwx--x--x 4 root root 92 Jan 28 02:04 buildkit drwx------ 2 root root 6 Jan 28 02:04 containers drwx------ 3 root root 22 Jan 28 02:04 image drwxr-x--- 3 root root 19 Jan 28 02:04 network drwx------ 3 root root 40 Jan 28 02:04 overlay2 drwx------ 4 root root 32 Jan 28 02:04 plugins drwx------ 2 root root 6 Jan 28 02:04 runtimes drwx------ 2 root root 6 Jan 28 02:04 swarm drwx------ 2 root root 6 Jan 28 02:04 tmp drwx------ 2 root root 6 Jan 28 02:04 trust drwx------ 2 root root 25 Jan 28 02:04 volumes [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]#
8>.安裝docker編排工具docker-compose(安裝Harbor時需要依賴該服務)
[root@docker103.yinzhengjie.org.cn ~]# yum -y install epel-release Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.bit.edu.cn * extras: mirrors.tuna.tsinghua.edu.cn * updates: mirror.bit.edu.cn Resolving Dependencies --> Running transaction check ---> Package epel-release.noarch 0:7-11 will be installed --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================================================================================================================================================== Package Arch Version Repository Size ===================================================================================================================================================================================================================================== Installing: epel-release noarch 7-11 extras 15 k Transaction Summary ===================================================================================================================================================================================================================================== Install 1 Package Total download size: 15 k Installed size: 24 k Downloading packages: epel-release-7-11.noarch.rpm | 15 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : epel-release-7-11.noarch 1/1 Verifying : epel-release-7-11.noarch 1/1 Installed: epel-release.noarch 0:7-11 Complete! [root@docker103.yinzhengjie.org.cn ~]#
[root@docker103.yinzhengjie.org.cn ~]# yum makecache fast Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile epel/x86_64/metalink | 8.9 kB 00:00:00 * base: mirror.bit.edu.cn * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirror.bit.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn base | 3.6 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 epel | 5.3 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/3): epel/x86_64/group_gz | 90 kB 00:00:00 (2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00 (3/3): epel/x86_64/primary_db | 6.9 MB 00:00:01 Metadata Cache Created [root@docker103.yinzhengjie.org.cn ~]#
[root@docker103.yinzhengjie.org.cn ~]# yum -y install docker-compose Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.bit.edu.cn * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirror.bit.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn Resolving Dependencies --> Running transaction check ---> Package docker-compose.noarch 0:1.18.0-4.el7 will be installed --> Processing Dependency: python(abi) = 3.6 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-cached_property >= 1.2.0 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-docker >= 2.6.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-dockerpty >= 0.4.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-docopt >= 0.6.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-jsonschema >= 2.5.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-pysocks >= 1.5.6 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-requests >= 2.6.1 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-six >= 1.3.0 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-texttable >= 0.9.0 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-websocket-client >= 0.32.0 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-yaml >= 3.10 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: /usr/bin/python3.6 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-setuptools for package: docker-compose-1.18.0-4.el7.noarch --> Running transaction check ---> Package python3.x86_64 0:3.6.8-10.el7 will be installed --> Processing Dependency: python3-libs(x86-64) = 3.6.8-10.el7 for package: python3-3.6.8-10.el7.x86_64 --> Processing Dependency: python3-pip for package: python3-3.6.8-10.el7.x86_64 --> Processing Dependency: libpython3.6m.so.1.0()(64bit) for package: python3-3.6.8-10.el7.x86_64 ---> Package python3-setuptools.noarch 0:39.2.0-10.el7 will be installed ---> Package python36-PyYAML.x86_64 0:3.12-1.el7 will be installed --> Processing Dependency: libyaml-0.so.2()(64bit) for package: python36-PyYAML-3.12-1.el7.x86_64 ---> Package python36-cached_property.noarch 0:1.5.1-2.el7 will be installed ---> Package python36-docker.noarch 0:2.6.1-3.el7 will be installed --> Processing Dependency: python36-docker-pycreds >= 0.2.1 for package: python36-docker-2.6.1-3.el7.noarch ---> Package python36-dockerpty.noarch 0:0.4.1-10.el7 will be installed ---> Package python36-docopt.noarch 0:0.6.2-8.el7 will be installed ---> Package python36-jsonschema.noarch 0:2.5.1-4.el7 will be installed ---> Package python36-pysocks.noarch 0:1.6.8-6.el7 will be installed ---> Package python36-requests.noarch 0:2.14.2-2.el7 will be installed --> Processing Dependency: python36-chardet for package: python36-requests-2.14.2-2.el7.noarch --> Processing Dependency: python36-idna for package: python36-requests-2.14.2-2.el7.noarch --> Processing Dependency: python36-urllib3 for package: python36-requests-2.14.2-2.el7.noarch ---> Package python36-six.noarch 0:1.11.0-3.el7 will be installed ---> Package python36-texttable.noarch 0:1.6.2-1.el7 will be installed ---> Package python36-websocket-client.noarch 0:0.47.0-2.el7 will be installed --> Running transaction check ---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed ---> Package python3-libs.x86_64 0:3.6.8-10.el7 will be installed --> Processing Dependency: libtirpc.so.1()(64bit) for package: python3-libs-3.6.8-10.el7.x86_64 ---> Package python3-pip.noarch 0:9.0.3-5.el7 will be installed ---> Package python36-chardet.noarch 0:3.0.4-1.el7 will be installed ---> Package python36-docker-pycreds.noarch 0:0.2.1-2.el7 will be installed ---> Package python36-idna.noarch 0:2.7-2.el7 will be installed ---> Package python36-urllib3.noarch 0:1.25.1-1.el7 will be installed --> Processing Dependency: python36-rfc3986 for package: python36-urllib3-1.25.1-1.el7.noarch --> Running transaction check ---> Package libtirpc.x86_64 0:0.2.4-0.16.el7 will be installed ---> Package python36-rfc3986.noarch 0:1.3.0-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================================================================================================================================================== Package Arch Version Repository Size ===================================================================================================================================================================================================================================== Installing: docker-compose noarch 1.18.0-4.el7 epel 222 k Installing for dependencies: libtirpc x86_64 0.2.4-0.16.el7 base 89 k libyaml x86_64 0.1.4-11.el7_0 base 55 k python3 x86_64 3.6.8-10.el7 base 69 k python3-libs x86_64 3.6.8-10.el7 base 7.0 M python3-pip noarch 9.0.3-5.el7 base 1.8 M python3-setuptools noarch 39.2.0-10.el7 base 629 k python36-PyYAML x86_64 3.12-1.el7 epel 149 k python36-cached_property noarch 1.5.1-2.el7 epel 18 k python36-chardet noarch 3.0.4-1.el7 epel 190 k python36-docker noarch 2.6.1-3.el7 epel 180 k python36-docker-pycreds noarch 0.2.1-2.el7 epel 15 k python36-dockerpty noarch 0.4.1-10.el7 epel 29 k python36-docopt noarch 0.6.2-8.el7 epel 29 k python36-idna noarch 2.7-2.el7 epel 98 k python36-jsonschema noarch 2.5.1-4.el7 epel 76 k python36-pysocks noarch 1.6.8-6.el7 epel 30 k python36-requests noarch 2.14.2-2.el7 epel 112 k python36-rfc3986 noarch 1.3.0-1.el7 epel 49 k python36-six noarch 1.11.0-3.el7 epel 33 k python36-texttable noarch 1.6.2-1.el7 epel 23 k python36-urllib3 noarch 1.25.1-1.el7 epel 173 k python36-websocket-client noarch 0.47.0-2.el7 epel 59 k Transaction Summary ===================================================================================================================================================================================================================================== Install 1 Package (+22 Dependent packages) Total download size: 11 M Installed size: 56 M Downloading packages: (1/23): libyaml-0.1.4-11.el7_0.x86_64.rpm | 55 kB 00:00:00 (2/23): python3-3.6.8-10.el7.x86_64.rpm | 69 kB 00:00:00 (3/23): python3-pip-9.0.3-5.el7.noarch.rpm | 1.8 MB 00:00:00 (4/23): libtirpc-0.2.4-0.16.el7.x86_64.rpm | 89 kB 00:00:03 warning: /var/cache/yum/x86_64/7/epel/packages/docker-compose-1.18.0-4.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY====- ] 1.5 MB/s | 5.0 MB 00:00:04 ETA Public key for docker-compose-1.18.0-4.el7.noarch.rpm is not installed (5/23): docker-compose-1.18.0-4.el7.noarch.rpm | 222 kB 00:00:04 (6/23): python3-libs-3.6.8-10.el7.x86_64.rpm | 7.0 MB 00:00:04 (7/23): python3-setuptools-39.2.0-10.el7.noarch.rpm | 629 kB 00:00:01 (8/23): python36-PyYAML-3.12-1.el7.x86_64.rpm | 149 kB 00:00:00 (9/23): python36-cached_property-1.5.1-2.el7.noarch.rpm | 18 kB 00:00:00 (10/23): python36-chardet-3.0.4-1.el7.noarch.rpm | 190 kB 00:00:00 (11/23): python36-docker-2.6.1-3.el7.noarch.rpm | 180 kB 00:00:00 (12/23): python36-docker-pycreds-0.2.1-2.el7.noarch.rpm | 15 kB 00:00:00 (13/23): python36-dockerpty-0.4.1-10.el7.noarch.rpm | 29 kB 00:00:00 (14/23): python36-docopt-0.6.2-8.el7.noarch.rpm | 29 kB 00:00:00 (15/23): python36-idna-2.7-2.el7.noarch.rpm | 98 kB 00:00:00 (16/23): python36-jsonschema-2.5.1-4.el7.noarch.rpm | 76 kB 00:00:00 (17/23): python36-pysocks-1.6.8-6.el7.noarch.rpm | 30 kB 00:00:03 (18/23): python36-requests-2.14.2-2.el7.noarch.rpm | 112 kB 00:00:00 (19/23): python36-rfc3986-1.3.0-1.el7.noarch.rpm | 49 kB 00:00:00 (20/23): python36-six-1.11.0-3.el7.noarch.rpm | 33 kB 00:00:00 (21/23): python36-texttable-1.6.2-1.el7.noarch.rpm | 23 kB 00:00:00 (22/23): python36-urllib3-1.25.1-1.el7.noarch.rpm | 173 kB 00:00:00 (23/23): python36-websocket-client-0.47.0-2.el7.noarch.rpm | 59 kB 00:00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 954 kB/s | 11 MB 00:00:11 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 Importing GPG key 0x352C64E5: Userid : "Fedora EPEL (7) <epel@fedoraproject.org>" Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5 Package : epel-release-7-11.noarch (@extras) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : libyaml-0.1.4-11.el7_0.x86_64 1/23 Installing : libtirpc-0.2.4-0.16.el7.x86_64 2/23 Installing : python3-pip-9.0.3-5.el7.noarch 3/23 Installing : python3-setuptools-39.2.0-10.el7.noarch 4/23 Installing : python3-3.6.8-10.el7.x86_64 5/23 Installing : python3-libs-3.6.8-10.el7.x86_64 6/23 Installing : python36-six-1.11.0-3.el7.noarch 7/23 Installing : python36-websocket-client-0.47.0-2.el7.noarch 8/23 Installing : python36-pysocks-1.6.8-6.el7.noarch 9/23 Installing : python36-dockerpty-0.4.1-10.el7.noarch 10/23 Installing : python36-docker-pycreds-0.2.1-2.el7.noarch 11/23 Installing : python36-PyYAML-3.12-1.el7.x86_64 12/23 Installing : python36-texttable-1.6.2-1.el7.noarch 13/23 Installing : python36-jsonschema-2.5.1-4.el7.noarch 14/23 Installing : python36-idna-2.7-2.el7.noarch 15/23 Installing : python36-docopt-0.6.2-8.el7.noarch 16/23 Installing : python36-cached_property-1.5.1-2.el7.noarch 17/23 Installing : python36-chardet-3.0.4-1.el7.noarch 18/23 Installing : python36-rfc3986-1.3.0-1.el7.noarch 19/23 Installing : python36-urllib3-1.25.1-1.el7.noarch 20/23 Installing : python36-requests-2.14.2-2.el7.noarch 21/23 Installing : python36-docker-2.6.1-3.el7.noarch 22/23 Installing : docker-compose-1.18.0-4.el7.noarch 23/23 Verifying : libtirpc-0.2.4-0.16.el7.x86_64 1/23 Verifying : python36-pysocks-1.6.8-6.el7.noarch 2/23 Verifying : python3-libs-3.6.8-10.el7.x86_64 3/23 Verifying : docker-compose-1.18.0-4.el7.noarch 4/23 Verifying : python3-pip-9.0.3-5.el7.noarch 5/23 Verifying : python36-urllib3-1.25.1-1.el7.noarch 6/23 Verifying : python36-texttable-1.6.2-1.el7.noarch 7/23 Verifying : python36-jsonschema-2.5.1-4.el7.noarch 8/23 Verifying : python36-idna-2.7-2.el7.noarch 9/23 Verifying : python36-websocket-client-0.47.0-2.el7.noarch 10/23 Verifying : python36-PyYAML-3.12-1.el7.x86_64 11/23 Verifying : python36-requests-2.14.2-2.el7.noarch 12/23 Verifying : python36-dockerpty-0.4.1-10.el7.noarch 13/23 Verifying : python36-docker-2.6.1-3.el7.noarch 14/23 Verifying : python36-six-1.11.0-3.el7.noarch 15/23 Verifying : python3-setuptools-39.2.0-10.el7.noarch 16/23 Verifying : python36-docopt-0.6.2-8.el7.noarch 17/23 Verifying : python36-cached_property-1.5.1-2.el7.noarch 18/23 Verifying : python3-3.6.8-10.el7.x86_64 19/23 Verifying : libyaml-0.1.4-11.el7_0.x86_64 20/23 Verifying : python36-chardet-3.0.4-1.el7.noarch 21/23 Verifying : python36-docker-pycreds-0.2.1-2.el7.noarch 22/23 Verifying : python36-rfc3986-1.3.0-1.el7.noarch 23/23 Installed: docker-compose.noarch 0:1.18.0-4.el7 Dependency Installed: libtirpc.x86_64 0:0.2.4-0.16.el7 libyaml.x86_64 0:0.1.4-11.el7_0 python3.x86_64 0:3.6.8-10.el7 python3-libs.x86_64 0:3.6.8-10.el7 python3-pip.noarch 0:9.0.3-5.el7 python3-setuptools.noarch 0:39.2.0-10.el7 python36-PyYAML.x86_64 0:3.12-1.el7 python36-cached_property.noarch 0:1.5.1-2.el7 python36-chardet.noarch 0:3.0.4-1.el7 python36-docker.noarch 0:2.6.1-3.el7 python36-docker-pycreds.noarch 0:0.2.1-2.el7 python36-dockerpty.noarch 0:0.4.1-10.el7 python36-docopt.noarch 0:0.6.2-8.el7 python36-idna.noarch 0:2.7-2.el7 python36-jsonschema.noarch 0:2.5.1-4.el7 python36-pysocks.noarch 0:1.6.8-6.el7 python36-requests.noarch 0:2.14.2-2.el7 python36-rfc3986.noarch 0:1.3.0-1.el7 python36-six.noarch 0:1.11.0-3.el7 python36-texttable.noarch 0:1.6.2-1.el7 python36-urllib3.noarch 0:1.25.1-1.el7 python36-websocket-client.noarch 0:0.47.0-2.el7 Complete! [root@docker103.yinzhengjie.org.cn ~]#
三.Harbor部署實戰
1>.解壓harbor安裝包
[root@docker103.yinzhengjie.org.cn ~]# cd /usr/local/src/ [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# ll total 566468 -rw-r--r-- 1 root root 580059210 Jan 28 01:36 harbor-offline-installer-v1.7.5.tgz [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# tar xf harbor-offline-installer-v1.7.5.tgz [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# ll total 566468 drwxr-xr-x 3 root root 270 Jan 28 03:45 harbor -rw-r--r-- 1 root root 580059210 Jan 28 01:36 harbor-offline-installer-v1.7.5.tgz [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# ll harbor total 572840 drwxr-xr-x 3 root root 23 Jan 28 03:45 common -rw-r--r-- 1 root root 939 Apr 1 2019 docker-compose.chartmuseum.yml -rw-r--r-- 1 root root 975 Apr 1 2019 docker-compose.clair.yml -rw-r--r-- 1 root root 1434 Apr 1 2019 docker-compose.notary.yml -rw-r--r-- 1 root root 5608 Apr 1 2019 docker-compose.yml -rw-r--r-- 1 root root 8045 Jan 28 03:52 harbor.cfg -rw-r--r-- 1 root root 585234819 Apr 1 2019 harbor.v1.7.5.tar.gz -rwxr-xr-x 1 root root 5739 Apr 1 2019 install.sh -rw-r--r-- 1 root root 11347 Apr 1 2019 LICENSE -rw-r--r-- 1 root root 1263409 Apr 1 2019 open_source_license -rwxr-xr-x 1 root root 36337 Apr 1 2019 prepare [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]#
2>.修改Harbor的主機名(可以理解為外部訪問Harbor的地址,當然也可以寫IP地址喲~)
[root@docker103.yinzhengjie.org.cn /usr/local/src]# egrep -v "^#|^$" harbor/harbor.cfg | grep hostname hostname = reg.mydomain.com [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# sed -r -i 's#(hostname = )reg.mydomain.com#\1docker103.yinzhengjie.org.cn#' harbor/harbor.cfg [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# egrep -v "^#|^$" harbor/harbor.cfg | grep hostname hostname = docker103.yinzhengjie.org.cn [root@docker103.yinzhengjie.org.cn /usr/local/src]#
3>.修改Harbor的默認密碼
[root@docker103.yinzhengjie.org.cn /usr/local/src]# egrep -v "^#|^$" harbor/harbor.cfg | grep harbor_admin_password harbor_admin_password = Harbor12345 [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# sed -r -i 's#(harbor_admin_password = )Harbor12345#\1yinzhengjie#' harbor/harbor.cfg [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]# egrep -v "^#|^$" harbor/harbor.cfg | grep harbor_admin_password harbor_admin_password = yinzhengjie [root@docker103.yinzhengjie.org.cn /usr/local/src]# [root@docker103.yinzhengjie.org.cn /usr/local/src]#
4>.安裝Harbor服務
[root@docker103.yinzhengjie.org.cn ~]# cd /usr/local/src/harbor/ [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ll total 572840 drwxr-xr-x 3 root root 23 Jan 28 03:45 common -rw-r--r-- 1 root root 939 Apr 1 2019 docker-compose.chartmuseum.yml -rw-r--r-- 1 root root 975 Apr 1 2019 docker-compose.clair.yml -rw-r--r-- 1 root root 1434 Apr 1 2019 docker-compose.notary.yml -rw-r--r-- 1 root root 5608 Apr 1 2019 docker-compose.yml -rw-r--r-- 1 root root 8045 Jan 28 03:55 harbor.cfg -rw-r--r-- 1 root root 585234819 Apr 1 2019 harbor.v1.7.5.tar.gz -rwxr-xr-x 1 root root 5739 Apr 1 2019 install.sh -rw-r--r-- 1 root root 11347 Apr 1 2019 LICENSE -rw-r--r-- 1 root root 1263409 Apr 1 2019 open_source_license -rwxr-xr-x 1 root root 36337 Apr 1 2019 prepare [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ./install.sh
5>.訪問Harbor的WebUI
四.使用Harbor新建項目
1>.點擊"新建項目"
2>.項目創建成功
3>.查看項目的"鏡像倉庫"
4>.查看項目的"配置管理"
五.將本地鏡像上傳到自建的Harbor鏡像倉庫中
1>.登錄自建的Harbor鏡像倉庫
[root@docker101.yinzhengjie.org.cn ~]# vim /etc/docker/daemon.json [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker103.yinzhengjie.org.cn"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker login -u admin docker103.yinzhengjie.org.cn Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
2>.為本地鏡像打tag
[root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 3 days ago 606MB registry latest 708bc6af7e5e 3 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 4 days ago 983MB tomcat-base 8.5.50 9ff79f369094 5 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 5 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 5 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image tag centos-base:7.6.1810 docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 3 days ago 606MB registry latest 708bc6af7e5e 3 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 4 days ago 983MB tomcat-base 8.5.50 9ff79f369094 5 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 5 days ago 953MB docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 5 days ago 551MB centos-base 7.6.1810 b4931fd9ace2 5 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
3>.上傳鏡像成功
[root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 3 days ago 606MB registry latest 708bc6af7e5e 4 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 4 days ago 983MB tomcat-base 8.5.50 9ff79f369094 5 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 5 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 5 days ago 551MB docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 5 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image push docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 The push refers to repository [docker103.yinzhengjie.org.cn/base_images/centos-base] 0f448859d86e: Pushed 89169d87dbe2: Pushed v7.6.1810: digest: sha256:62c5a70f2846bd7f8ecd65785e379d0e00acf33ae899f0ec96754a3731b2d425 size: 742 [root@docker101.yinzhengjie.org.cn ~]#
六.下載鏡像
1>.登錄自建的Harbor鏡像倉庫
[root@docker102.yinzhengjie.org.cn ~]# vim /etc/docker/daemon.json [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker103.yinzhengjie.org.cn"] } [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# docker login docker103.yinzhengjie.org.cn Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker102.yinzhengjie.org.cn ~]#
2>.下載鏡像到本地
[root@docker102.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# docker image pull docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 v7.6.1810: Pulling from base_images/centos-base ac9208207ada: Pull complete 1a93113d354a: Pull complete Digest: sha256:62c5a70f2846bd7f8ecd65785e379d0e00acf33ae899f0ec96754a3731b2d425 Status: Downloaded newer image for docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 docker103.yinzhengjie.org.cn/base_images/centos-base:v7.6.1810 [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 5 days ago 551MB [root@docker102.yinzhengjie.org.cn ~]# [root@docker102.yinzhengjie.org.cn ~]#
七.編寫Harbor服務的啟動腳本
1>.查看harbor的安裝目錄中關於docker-compose的配置文件(更多關於docker-compose工具的使用可參考:https://www.cnblogs.com/yinzhengjie/p/12250356.html)
2>.使用docker-compose組件管理harbor服務
[root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# docker-compose --help Define and run multi-container applications with Docker. Usage: docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...] docker-compose -h|--help Options: -f, --file FILE Specify an alternate compose file (default: docker-compose.yml) -p, --project-name NAME Specify an alternate project name (default: directory name) --verbose Show more output --no-ansi Do not print ANSI control characters -v, --version Print version and exit -H, --host HOST Daemon socket to connect to --tls Use TLS; implied by --tlsverify --tlscacert CA_PATH Trust certs signed only by this CA --tlscert CLIENT_CERT_PATH Path to TLS certificate file --tlskey TLS_KEY_PATH Path to TLS key file --tlsverify Use TLS and verify the remote --skip-hostname-check Don't check the daemon's hostname against the name specified in the client certificate (for example if your docker host is an IP address) --project-directory PATH Specify an alternate working directory (default: the path of the Compose file) Commands: build Build or rebuild services bundle Generate a Docker bundle from the Compose file config Validate and view the Compose file create Create services down Stop and remove containers, networks, images, and volumes events Receive real time events from containers exec Execute a command in a running container help Get help on a command images List images kill Kill containers logs View output from containers pause Pause services port Print the public port for a port binding ps List containers pull Pull service images push Push service images restart Restart services rm Remove stopped containers run Run a one-off command scale Set number of containers for a service start Start services stop Stop services top Display the running processes unpause Unpause services up Create and start containers version Show the Docker-Compose version information [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]#
[root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 20480 127.0.0.1:1514 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::* [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# docker-compose start Starting log ... done Starting registry ... done Starting registryctl ... done Starting postgresql ... done Starting adminserver ... done Starting core ... done Starting portal ... done Starting redis ... done Starting jobservice ... done Starting proxy ... done [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 20480 127.0.0.1:1514 *:* LISTEN 0 128 *:22 *:* LISTEN 0 20480 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 20480 :::443 :::* LISTEN 0 20480 :::4443 :::* [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]#
[root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 20480 127.0.0.1:1514 *:* LISTEN 0 128 *:22 *:* LISTEN 0 20480 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 20480 :::443 :::* LISTEN 0 20480 :::4443 :::* [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# docker-compose stop Stopping nginx ... done Stopping harbor-jobservice ... done Stopping harbor-portal ... done Stopping harbor-core ... done Stopping registryctl ... done Stopping harbor-db ... done Stopping redis ... done Stopping registry ... done Stopping harbor-adminserver ... done Stopping harbor-log ... done [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::* [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker103.yinzhengjie.org.cn /usr/local/src/harbor]#
3>.將harbor服務設置為開機自啟動
[root@docker103.yinzhengjie.org.cn ~]# vim /etc/rc.d/rc.local [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# tail -2 /etc/rc.d/rc.local #Add by yinzhengjie cd /usr/local/src/harbor && docker-compose start [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# ll /etc/rc.d/rc.local -rw-r--r-- 1 root root 543 Feb 2 18:28 /etc/rc.d/rc.local [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# chmod +x /etc/rc.d/rc.local [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# ll /etc/rc.d/rc.local -rwxr-xr-x 1 root root 543 Feb 2 18:28 /etc/rc.d/rc.local [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# reboot
