一、Harbor
介紹Docker容器應用的開發和運行離不開可靠的鏡像管理,雖然Docker官方也提供了公共的鏡像倉庫,但是從安全和效率等方面考慮,部署私有環境內的Registry也是非常必要的。Harbor是由VMware公司開源的企業級的Docker Registry管理項目,它包括權限管理(RBAC)、LDAP、日志審核、管理界面、自我注冊、鏡像復制和中文支持等功能
二、環境准備
Harbor的所有服務組件都是在Docker中部署的,所以官方安裝使用Docker-compose快速部署,所以需要安裝Docker、Docker-compose。由於Harbor是基於Docker Registry V2版本,所以就要求Docker版本不小於1.10.0,Docker-compose版本不小於1.6.0
1、安裝並啟動Docker
安裝所需的包,設置穩定存儲庫,安裝Docker CE
**安裝包 # yum install -y yum-utils device-mapper-persistent-data lvm2 **設置穩定儲存庫 # yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo **安裝Docker CE # yum install -y docker-ce docker-ce-cli containerd.io
2、安裝Docker-compose
**這個是官方地址,可能比較慢,推薦使用下面的國內鏡像地址 # sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose **國內鏡像地址 # curl -L https://get.daocloud.io/docker/compose/releases/download/1.29.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose **下載完之后可以看下 /usr/local/bin 這個目錄有沒有 docker-compose 這個文件 # ls /usr/local/bin/docker-compose /usr/local/bin/docker-compose **授權給下載下來的/usr/local/bin/docker-compose # chmod +x /usr/local/bin/docker-compose **查看版本號,查得到說明安裝完成 # docker-compose version
**在安裝harbor的時候可能會提示docker-compose版本太低,需要1.8以上,請去百度搜索1.8以上版本下載,重復上面操作
三、Harbor服務搭建及啟動
下載Harbor安裝文件
此處我們下載的是最新版:2.0.1版本
harbor官網(版本可能不是最新,下載速度較快)
或者訪問CSDN大佬的博客
**創建存放軟件包的目錄 # mkdir harbor # cd harbor/ **下載軟件包 # wget https://github.com/goharbor/harbor/releases/download/v2.0.1/harbor-offline-installer-v2.0.1.tgz # lsharbor-offline-installer-v2.0.1.tgz **解壓 # tar -zxf harbor-offline-installer-v2.0.1.tgz
配置Harbor
# ls common docker-compose.yml harbor.yml install.sh prepare common.sh harbor.v2.0.1.tar.gz harbor.yml.tmpl LICENSE
修改harbor安裝的配置文件
# cp harbor.yml.tmpl harbor.yml # mkdir -p /opt/application/harbor # ls common.sh harbor.v2.0.1.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare **harbor.yml配置文件主要修改參數如下: # vim harbor.yml hostname: 192.168.XXX.XXX:80 //設置訪問地址,可以使用ip、域名,不可以設置為127.0.0.1或localhost。默認情況下,harbor使用的端口是80,若使用自定義的端口,除了要改docker-compose.yml文件中的配置外,這里的hostname也要加上自定義的端口,否則在docker login、push時會報錯 **http配置 http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 **https配置(如不需要可不配置,注釋掉) # https related config #https: # https port for harbor, default is 443 #port: 443 # The path of cert and key files for nginx #certificate: /your/certificate/path #private_key: /your/private/key/path #external_url: https://reg.mydomain.com:8433 //如果要啟用外部代理,比如外層的NGINX、LB等,請取消注釋external_url,當它啟用時,hostname將不再使用。 harbor_admin_password: Harbor12345 //admin密碼 **數據庫配置 database: # The password for the root user of Harbor DB. Change this before any production use. password: root123 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. max_idle_conns: 50 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. # Note: the default number of connections is 100 for postgres. max_open_conns: 100 **持久化數據目錄 data_volume: /opt/application/harbor **以下省略
# systemctl start docker # ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.13 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.29.1 [Step 2]: loading Harbor images ... Loaded image: goharbor/trivy-adapter-photon:v2.0.1 Loaded image: goharbor/harbor-portal:v2.0.1 Loaded image: goharbor/harbor-core:v2.0.1 Loaded image: goharbor/harbor-jobservice:v2.0.1 Loaded image: goharbor/notary-server-photon:v2.0.1 Loaded image: goharbor/harbor-log:v2.0.1 Loaded image: goharbor/registry-photon:v2.0.1 Loaded image: goharbor/notary-signer-photon:v2.0.1 Loaded image: goharbor/clair-photon:v2.0.1 Loaded image: goharbor/chartmuseum-photon:v2.0.1 Loaded image: goharbor/prepare:v2.0.1 Loaded image: goharbor/harbor-db:v2.0.1 Loaded image: goharbor/harbor-registryctl:v2.0.1 Loaded image: goharbor/nginx-photon:v2.0.1 Loaded image: goharbor/redis-photon:v2.0.1 Loaded image: goharbor/clair-adapter-photon:v2.0.1 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /root/harbor/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating redis ... done Creating harbor-portal ... done Creating registryctl ... done Creating harbor-db ... done Creating registry ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done ✔ ----Harbor has been installed and started successfully.----
查看docker鏡像
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/chartmuseum-photon v2.0.1 5cdaddecc82e 20 months ago 178MB goharbor/redis-photon v2.0.1 3f7924c541ee 20 months ago 72.2MB goharbor/trivy-adapter-photon v2.0.1 c54ca9c646b5 20 months ago 111MB goharbor/clair-adapter-photon v2.0.1 e55fe88d7a38 20 months ago 62MB goharbor/clair-photon v2.0.1 e3352a5b82b8 20 months ago 171MB goharbor/notary-server-photon v2.0.1 5f5db3d23a57 20 months ago 143MB goharbor/notary-signer-photon v2.0.1 6f69f6099fd8 20 months ago 140MB goharbor/harbor-registryctl v2.0.1 c4b3afb7792b 20 months ago 102MB goharbor/registry-photon v2.0.1 bfe780f0658c 20 months ago 84.5MB goharbor/nginx-photon v2.0.1 a5b6f76b075d 20 months ago 43.6MB goharbor/harbor-log v2.0.1 4b91d2f3dffd 20 months ago 82MB goharbor/harbor-jobservice v2.0.1 2ac5228ba6fb 20 months ago 116MB goharbor/harbor-core v2.0.1 eaf714ada0b3 20 months ago 138MB goharbor/harbor-portal v2.0.1 74883dd356c2 20 months ago 52.4MB goharbor/harbor-db v2.0.1 bf97ad047417 20 months ago 159MB goharbor/prepare v2.0.1 0b3ee4e3b149 20 months ago 158MB
查看運行中的docker
# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cdf442488cfb goharbor/harbor-jobservice:v2.0.1 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice 6623893a1e5e goharbor/nginx-photon:v2.0.1 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx 227d5ab219c0 goharbor/harbor-core:v2.0.1 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core 7b1e7088aca7 goharbor/registry-photon:v2.0.1 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) 5000/tcp registry fc7064b4d750 goharbor/harbor-db:v2.0.1 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) 5432/tcp harbor-db 6ec81f256b16 goharbor/harbor-portal:v2.0.1 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 8080/tcp harbor-portal 8ec2da9493dc goharbor/harbor-registryctl:v2.0.1 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl 5d7cd7e89924 goharbor/redis-photon:v2.0.1 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) 6379/tcp redis 3ca425dcc1cb goharbor/harbor-log:v2.0.1 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
訪問harbor WEB界面
http://192.168.XXX.XXX:80 admin Harbor12345
具體使用方法請查看我上一篇博客
四、搭建docker-mysql
# pwd /root/harbor/Dockerfile/mysql-dockerfile/mysql # ls Dockerfile privileges.sql schema.sql setup.sh
Dockerfile
首先創建Dckerfile: # cat Dockerfile FROM mysql:5.7 #作者信息 MAINTAINER THL #設置免密登錄 ENV MYSQL_ALLOW_EMPTY_PASSWORD yes #將所需文件放到容器中 COPY setup.sh /mysql/setup.sh COPY schema.sql /mysql/schema.sql COPY privileges.sql /mysql/privileges.sql #設置容器啟動時執行的命令 CMD ["sh", "/mysql/setup.sh"]
編寫容器啟動腳本setup.sh:
# vim setup.sh #!/bin/bash set -e #查看mysql服務的狀態,方便調試,這條語句可以刪除 echo `service mysql status` echo '1.啟動mysql------' #啟動mysql service mysql start sleep 3 echo `service mysql status` echo '2.開始導入數據------' #導入數據 mysql < /mysql/schema.sql echo '3.導入數據完畢------' sleep 3 echo `service mysql status` #重新設置mysql密碼 echo '4.開始修改密碼------' mysql < /mysql/privileges.sql echo '5.修改密碼完畢------' echo `service mysql status` echo `mysql容器啟動完畢,且數據導入成功` tail -f /dev/null
需要導入數據的mysql腳本命令schema.sql:
# vim schema.sql -- 創建數據庫 create database `docker_mysql` default character set utf8 collate utf8_general_ci; use docker_mysql; -- 建表 DROP TABLE IF EXISTS `user`; CREATE TABLE `user` ( `id` bigint(20) NOT NULL, `email` varchar(255) DEFAULT NULL, `username` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- 插入數據 INSERT INTO `user` (`id`, `email`, `username`) VALUES (0,'zhangsan.163@example.com','zhangsan');
mysql權限設置命令privileges.sql:
# vim privileges.sql use mysql; select host, user from user; -- 因為mysql版本是5.7,因此新建用戶為如下命令: create user docker identified by '123456'; -- 將docker_mysql數據庫的權限授權給創建的docker用戶,密碼為123456: grant all on docker_mysql.* to docker@'%' identified by '123456' with grant option; -- 這一條命令一定要有: flush privileges;
啟動Dockerfile,啟動dockerfile的時候不需要本地有基礎鏡像包,會自動下載。
# docker build -t test/docker-mysql . Sending build context to Docker daemon 5.632kB Step 1/7 : FROM mysql:5.7 5.7: Pulling from library/mysql 15115158dd02: Pull complete d733f6778b18: Pull complete 1cc7a6c74a04: Pull complete c4364028a805: Pull complete 82887163f0f6: Pull complete 28abcb7f57e0: Pull complete 46d27a431703: Pull complete 146a7517cdca: Pull complete ac645a526e45: Pull complete a292dcc315cc: Pull complete ff70b7ef8a8b: Pull complete Digest: sha256:66d52e6baa8093820c09fec56992a5ee734f17e9fad8ef5ffc31597b231bd048 Status: Downloaded newer image for mysql:5.7 ---> 11d8667108c2 Step 2/7 : MAINTAINER THL ---> Running in aab42a8e9a6f Removing intermediate container aab42a8e9a6f ---> b340916a8a0f Step 3/7 : ENV MYSQL_ALLOW_EMPTY_PASSWORD yes ---> Running in fa5b657878f2 Removing intermediate container fa5b657878f2 ---> f92ff1096563 Step 4/7 : COPY setup.sh /mysql/setup.sh ---> 6e2c9199f13c Step 5/7 : COPY schema.sql /mysql/schema.sql ---> 0b580fd680b3 Step 6/7 : COPY privileges.sql /mysql/privileges.sql ---> a01396d2d147 Step 7/7 : CMD ["sh", "/mysql/setup.sh"] ---> Running in e6bdeb47016f Removing intermediate container e6bdeb47016f ---> d8f9ab35ed74 Successfully built d8f9ab35ed74 Successfully tagged test/docker-mysql:latest
查看容器運行情況
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE test/docker-mysql latest d8f9ab35ed74 About a minute ago 450MB # docker run -d -p 13306:3306 test/docker-mysql 7899762d363c97f9a730a309b265cd2ef6b92f094850fc608effdfee6fb0e538 # docker ps |grep mysql 7899762d363c test/docker-mysql "docker-entrypoint.s…" 7 seconds ago Up 7 seconds 33060/tcp, 0.0.0.0:13306->3306/tcp, :::13306->3306/tcp beautiful_clarke # docker exec -it 7899762d363c bash root@7899762d363c:/# service mysql status [info] MySQL Community Server 5.7.37 is running. **登錄 # mysql -udocker -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 Server version: 5.7.37 MySQL Community Server (GPL) Copyright (c) 2000, 2022, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 完成,后面只需使用sql管理軟件連接即可,連接時端口是映射的本地13306別搞錯了
**查看創建的表 mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | docker_mysql | +--------------------+ 2 rows in set (0.00 sec) mysql> use docker_mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +------------------------+ | Tables_in_docker_mysql | +------------------------+ | user | +------------------------+ 1 row in set (0.00 sec) mysql> select * from user; +----+--------------------------+----------+ | id | email | username | +----+--------------------------+----------+ | 0 | zhangsan.163@example.com | zhangsan | +----+--------------------------+----------+ 1 row in set (0.00 sec)
打標簽上傳到harbor
# docker tag test/docker-mysql 192.168.xxx.xxx:80/mysql/docker-mysql:v0.1 # docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.xxx.xxx:80/mysql/docker-mysql v0.1 d8f9ab35ed74 19 minutes ago 450MB # docker login 192.168.xxx.xxx:80 Username: admin Password: Error response from daemon: Get "https://192.168.xxx.xxx:80/v2/": http: server gave HTTP response to HTTPS client **在登錄時,遇到如上報錯。解決方法: echo '{ "registry-mirrors": ["https://k728i8z5.mirror.aliyuncs.com"], "insecure-registries":["192.168.xxx.xxx:5000"], "insecure-registries": ["192.168.xxx.xxx:80"] } ' > /etc/docker/daemon.json # systemctl restart docker **kill 掉harbor進程,重新啟動harbor下的install.sh **重新登陸即可 # docker login 192.168.1.153:80 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded **上傳 # docker push 192.168.xxx.xxx:80/mysql/docker-mysql:v0.1 The push refers to repository [192.168.xxx.xxx:80/mysql/docker-mysql] d939737bf963: Pushed c0b64293731d: Pushed eee68c08277b: Pushed a5c83aef285e: Pushed 126134798e97: Pushed c98a95cee402: Pushed 04320c60c138: Pushed 8f7b9a023a77: Pushed 448356a5f05c: Pushed 6afb138c7c44: Pushed 85bfa4810de9: Pushed f8134b8e36a4: Pushed d981f931af8f: Pushed e5baccb54724: Pushed v0.1: digest: sha256:fa82f3b1e6274cdcfda8e2a530a6b11f407e29067c20d3f3301a45f46e5d24d5 size: 3242
相關下載,拉取到本地,導入到本地等,請查看上篇博客