搭建容器私有创库Harbor
安装docker
关闭防火墙和selinux
[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# reboot
配置docker源
[root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:100 2081 100 2081 0 0 9502 0 --:--:-- --:--:-- --:--:-- 9502
[root@localhost yum.repos.d]# cat docker-ce.repo
安装docker
[root@localhost yum.repos.d]# yum -y install docker-ce
配置镜像加速器
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://k654a2v7.mirror.aliyuncs.com"]
}
启动服务
[root@localhost ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@localhost ~]#
[root@localhost ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-12-16 20:36:37 CST; 46s ago
Docs: https://docs.docker.com
Main PID: 70497 (dockerd)
Tasks: 9
Memory: 33.5M
CGroup: /system.slice/docker.service
└─70497 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Dec 16 20:36:36 localhost.localdomain dockerd[70497]: time="2021-12-16T20:36:36.560561254+08:00" level=warning msg="Your >
Dec 16 20:36:36 localhost.localdomain dockerd[70497]: time="2021-12-16T20:36:36.560588894+08:00" level=warning msg="Your >
查看镜像加速器是否已启用
[root@localhost ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
scan: Docker Scan (Docker Inc., v0.12.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.0-305.3.1.el8.x86_64
Operating System: CentOS Linux 8
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.623GiB
Name: localhost.localdomain
ID: GJES:5FNC:EUM7:VDFY:3L7G:2IIB:OR25:TWYF:DQMT:HSOL:BDES:Y5ZH
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://k654a2v7.mirror.aliyuncs.com/ ####
Live Restore Enabled: false
dockers服务以运行
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]#
安装Harbor
docker官网
https://docs.docker.com/compose/install/
下载docker-compose包
[root@localhost ~]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
[root@localhost ~]# ls
anaconda-ks.cfg
docker-compose
[root@localhost ~]# mv docker-compose /usr/local/bin/
[root@localhost bin]# chmod +x docker-compose
[root@localhost bin]# ls
docker-compose
给执行权限
[root@localhost ~]# which docker-compose
/usr/local/bin/docker-compose
[root@localhost ~]#
[root@localhost ~]# docker-compose --version
docker-compose version 1.29.2, build 5becea4c
下载harbor包
[root@localhost ~]# wget https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-offline-installer-v2.3.5.tgz
[root@localhost ~]# ls
anaconda-ks.cfg
harbor-offline-installer-v2.3.5.tgz
[root@localhost ~]# mv harbor-offline-installer-v2.3.5.tgz /usr/src/
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug harbor-offline-installer-v2.3.5.tgz kernels
解压
[root@localhost src]# tar xf harbor-offline-installer-v2.3.5.tgz -C /usr/local/
[root@localhost local]# ls
bin games include lib64 sbin src
etc harbor lib libexec share
[root@localhost src]# cd harbor/
[root@localhost harbor]# ls
LICENSE harbor.v2.3.5.tar.gz install.sh
common.sh harbor.yml.tmpl prepare
修改主机名
[root@localhost ~]# hostnamectl set-hostname registry.example.com
[root@localhost ~]# bash
[root@registry ~]# hostname
registry.example.com
给主机价格映射
[root@registry ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.244.146 registry.example.com
[root@registry ~]# ping registry.example.com
PING registry.example.com (192.168.244.146) 56(84) bytes of data.
64 bytes from registry.example.com (192.168.244.146): icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from registry.example.com (192.168.244.146): icmp_seq=2 ttl=64 time=0.046 ms
^C
--- registry.example.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1052ms
rtt min/avg/max/mdev = 0.046/0.073/0.100/0.027 ms
修改配置文件
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# ls
LICENSE harbor.yml prepare
common.sh harbor.yml.tmpl
harbor.v2.3.5.tar.gz install.sh
[root@localhost harbor]# vim harbor.yml
.......
hostname: registry.example.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
.......
harbor_admin_password: Harbor12345 #登录密码
# https related config
#https: #注释
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path #注释
#private_key: /your/private/key/path #注释
查看有没有镜像,然后看看安装之后会出现什么?
[root@registry harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@registry harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@registry harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@registry harbor]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
安装 harbor
[root@registry harbor]# ls
LICENSE harbor.yml prepare
common.sh harbor.yml.tmpl
harbor.v2.3.5.tar.gz install.sh
[root@registry harbor]# ./install.sh
.....
.....
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating harbor-portal ... done
Creating redis ... done
Creating registry ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
查看镜像
[root@registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.3.5 1730c6f650e2 6 days ago 81.9MB
goharbor/chartmuseum-photon v2.3.5 47004f032938 6 days ago 179MB
goharbor/redis-photon v2.3.5 3d0cedc89a0d 6 days ago 156MB
goharbor/trivy-adapter-photon v2.3.5 5c0212e98070 6 days ago 133MB
goharbor/notary-server-photon v2.3.5 f20a76c65359 6 days ago 111MB
goharbor/notary-signer-photon v2.3.5 b9fa38eef4d7 6 days ago 108MB
goharbor/harbor-registryctl v2.3.5 7a52567a76ca 6 days ago 133MB
goharbor/registry-photon v2.3.5 cf22d3e386b8 6 days ago 82.6MB
goharbor/nginx-photon v2.3.5 5e3b6d9ce11a 6 days ago 45.7MB
goharbor/harbor-log v2.3.5 a03e4bc963d6 6 days ago 160MB
goharbor/harbor-jobservice v2.3.5 2ac32df5a2e0 6 days ago 211MB
goharbor/harbor-core v2.3.5 23baee01156f 6 days ago 193MB
goharbor/harbor-portal v2.3.5 bb545cdedf5a 6 days ago 58.9MB
goharbor/harbor-db v2.3.5 9826c57a5749 6 days ago 221MB
goharbor/prepare v2.3.5 a1ceaabe47b2 6 days ago 255MB
#查看容器
[root@registry ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4671e2e6e6be goharbor/nginx-photon:v2.3.5 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
9501d9e8ff8d goharbor/harbor-jobservice:v2.3.5 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice
11427e6f6f9e goharbor/harbor-core:v2.3.5 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core
672b9aad2325 goharbor/harbor-portal:v2.3.5 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
8fb6a28dbb21 goharbor/redis-photon:v2.3.5 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) redis
aea2c3d16635 goharbor/registry-photon:v2.3.5 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
3e3b5244543d goharbor/harbor-registryctl:v2.3.5 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl
5666e465232b goharbor/harbor-db:v2.3.5 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) harbor-db
e8afa8c07a7d goharbor/harbor-log:v2.3.5 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
查看一下生成的文文件
#安装之前
[root@registry harbor]# ls
LICENSE harbor.yml prepare
common.sh harbor.yml.tmpl
harbor.v2.3.5.tar.gz install.sh
#安装之后
[root@registry harbor]# ls
LICENSE docker-compose.yml harbor.yml.tmpl
common harbor.v2.3.5.tar.gz install.sh
common.sh harbor.yml prepare
查看端口
[root@registry harbor]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
用网页访问
用户名:admin
密码:Harbor12345 #可以在/usr/local/harbor/harbor.yml文件中修改密码
创建项目并指定使用用户
设置开机自启
[root@registry harbor]# cat start.sh
#!/bin/bash
cd /usr/local/harbor/
docker-compose start
[root@registry harbor]# ls
LICENSE harbor.v2.3.5.tar.gz prepare
common harbor.yml start.sh
common.sh harbor.yml.tmpl
docker-compose.yml install.sh
[root@registry harbor]# chmod +x start.sh
[root@registry harbor]# ls
LICENSE harbor.v2.3.5.tar.gz prepare
common harbor.yml start.sh
common.sh harbor.yml.tmpl
docker-compose.yml install.sh
[root@registry harbor]# cat /etc/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.
touch /var/lock/subsys/local
/bin/bash -c /usr/local/harbor/start.sh #添加此行
[root@server1 ~]# docker login registry.example.com
Username: admin
Password:
Error response from daemon: Get "https://registry.example.com/v2/": dial tcp 192.168.244.146:443: connect: connection refused
[root@server1 ~]# ping registry.example.com
PING registry.example.com (192.168.244.146) 56(84) bytes of data.
64 bytes from registry.example.com (192.168.244.146): icmp_seq=1 ttl=64 time=0.415 ms
64 bytes from registry.example.com (192.168.244.146): icmp_seq=2 ttl=64 time=0.120 ms
64 bytes from registry.example.com (192.168.244.146): icmp_seq=3 ttl=64 time=0.581 ms
^C
--- registry.example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 32ms
rtt min/avg/max/mdev = 0.120/0.372/0.581/0.190 ms
YAML模板文件语法
默认的模板文件是docker-compose.yml,其中定义的每个服务都必须通过image指令指定镜像或build指令(需要Dockerfile)来自动构建。
其他大部分都跟docker run 中类似。 如果使用build指令,在Dockerfile中设置的选项(例如:CMD,EXPOSE,VOLUME,ENV等)将自动被获取,无需在docker-compose.yml中再次被设置。
image
指定为镜像名称或镜像ID。如果镜像不存在,Compose将尝试从互联网拉取这个镜像,例如: image: ubuntu image:
orchardup/postgresql image: a4bc65fd
build
指定Dockerfile所在文件夹的路径。Compose将会利用他自动构建这个镜像,然后使用这个镜像。
build: ./dir
command
覆盖容器启动后默认执行的命令。
command: bundle exec thin -p 3000
links
链接到其他服务容器,使用服务名称(同时作为别名)或服务别名(SERVICE:ALIAS)都可以
links:
- db
- db:database
- redis
注意:使用别名会自动在服务器中的/etc/hosts 里创建,如:172.17.2.186 db,相应的环境变量也会被创建。
external_links
链接到docker-compose.yml外部的容器,甚至并非是Compose管理的容器。参数格式和links类似。 external_links:
- redis_1
- project_db_1:mysql
- project_db_2:sqlserver
ports
暴露端口信息。 宿主机器端口:容器端口(HOST:CONTAINER)格式或者仅仅指定容器的端口(宿主机器将会随机分配端口)都可以。
ports:
- "3306"
- "8080:80"
- "127.0.0.1:8090:8001"
注意:当使用 HOST:CONTAINER 格式来映射端口时,如果你使用的容器端口小于 60 你可能会得到错误得结果,因为 YAML 将会解析 xx:yy 这种数字格式为 60 进制。所以建议采用字符串格式。
expose
暴露端口,与posts不同的是expose只可以暴露端口而不能映射到主机,只供外部服务连接使用;仅可以指定内部端口为参数。
expose:
- "3000"
- "8000"
volumes
设置卷挂载的路径。可以设置宿主机路径:容器路径(host:container)或加上访问模式(host:container:ro)ro就是readonly的意思,只读模式。
volumes:
- /var/lib/mysql:/var/lib/mysql
- /configs/mysql:/etc/configs/:ro
volunes_from
挂载另一个服务或容器的所有数据卷。
volumes_from:
- service_name
- container_name
environment
设置环境变量。可以属于数组或字典两种格式。 如果只给定变量的名称则会自动加载它在Compose主机上的值,可以用来防止泄露不必要的数据。
environment:
- RACK_ENV=development
- SESSION_SECRET
env_file
从文件中获取环境变量,可以为单独的文件路径或列表。 如果通过docker-compose -f FILE指定了模板文件,则env_file中路径会基于模板文件路径。 如果有变量名称与environment指令冲突,则以后者为准。
env_file: .env
env_file:
- ./common.env
- ./apps/web.env
- /opt/secrets.env
环境变量文件中每一行都必须有注释,支持#开头的注释行。
# common.env: Set Rails/Rack environment
RACK_ENV=development
extends
基于已有的服务进行服务扩展。例如我们已经有了一个webapp服务,模板文件为common.yml.
# common.yml
webapp:
build: ./webapp
environment:
\ - DEBUG=false
\ - SEND_EMAILS=false
编写一个新的 development.yml 文件,使用 common.yml 中的 webapp 服务进行扩展。 development.yml
web:
extends:
file: common.yml
service:
webapp:
ports:
\ - "8080:80"
links:
\ - db
envelopment:
- DEBUG=true
db:
image: mysql:5.7
后者会自动继承common.yml中的webapp服务及相关的环境变量。
net
设置网络模式。使用和docker client 的 --net 参数一样的值。
# 容器默认连接的网络,是所有Docker安装时都默认安装的docker0网络.
net: "bridge"
# 容器定制的网络栈.
net: "none"
# 使用另一个容器的网络配置
net: "container:[name or id]"
# 在宿主网络栈上添加一个容器,容器中的网络配置会与宿主的一样
net: "host"
Docker会为每个节点自动创建三个网络: 网络名称 作用 bridge 容器默认连接的网络,是所有Docker安装时都默认安装的docker0网络 none 容器定制的网络栈 host 在宿主网络栈上添加一个容器,容器中的网络配置会与宿主的一样 附录: 操作名称 命令 创建网络 docker network create -d bridge mynet 查看网络列表 docker network ls
pid
和宿主机系统共享进程命名空间,打开该选项的容器可以相互通过进程id来访问和操作。
pid: "host"
dns
配置DNS服务器。可以是一个值,也可以是一个列表。
dns: 114.114.114.114
dns:
- 114.114.114.114
- 9.9.9.9
cap_add,cap_drop
添加或放弃容器的Linux能力(Capability)。
cap_add:
- ALL
cap_drop:
- NET_ADMIN
- SYS_ADMIN
装的docker0网络.
net: "bridge"
# 容器定制的网络栈.
net: "none"
# 使用另一个容器的网络配置
net: "container:[name or id]"
# 在宿主网络栈上添加一个容器,容器中的网络配置会与宿主的一样
net: "host"
Docker会为每个节点自动创建三个网络: 网络名称 作用 bridge 容器默认连接的网络,是所有Docker安装时都默认安装的docker0网络 none 容器定制的网络栈 host 在宿主网络栈上添加一个容器,容器中的网络配置会与宿主的一样 附录: 操作名称 命令 创建网络 docker network create -d bridge mynet 查看网络列表 docker network ls
pid
和宿主机系统共享进程命名空间,打开该选项的容器可以相互通过进程id来访问和操作。
pid: "host"
dns
配置DNS服务器。可以是一个值,也可以是一个列表。
dns: 114.114.114.114
dns:
- 114.114.114.114
- 9.9.9.9
cap_add,cap_drop
添加或放弃容器的Linux能力(Capability)。
cap_add:
- ALL
cap_drop:
- NET_ADMIN
- SYS_ADMIN